# Solved: Major problem since uninstalling Mcafee



## kevhatch (Jun 20, 2005)

Hi,
I hope this is in the right place and that someone can help me.
I have a Dell Inspiron N4050 running Windows 7 Home Premium SP1 - Intel Core i5-2450m CPU - 8GB RAM - 64 bit. 
It is just over a year old. Everything has been running fine until the bundled Mcafee subscription ran out .. admittedly I left it for a while after the end of subscription until the reminders to renew started to get through to me.
I uninstalled Mcafee through add remove programmes, rebooted and then used a Mcafee clean up tool I had on a flash drive to remove anything left over. Since rebooting after using the tool I have had some major issues. It started with just being slow to boot up and then I would get messages that Accuweather.exe and Stage Remote.exe failed to load due to being corrupt.
I rebooted a few times but got the same results. Next I tried a system restore and it failed all three times to different dates due to not finding some Mcafee files. I have had various other weird effects when trying to reboot - it went to a failed to load screen and started a Start up repair which did nothing for two hours - I had to shut down on the power button. It has frozen up on the welcome screen, sometimes loading to a non responsive desktop after a long time. When I did get the desktop loaded, again unresponsive, the laptop wouldn't shutdown, again I had to use the powerbutoon.
I have managed to get it booted a little quicker in safe mode and safe mode with networking but mostly it is running very slowly if at all and will eventually bog itself down.
I hope someone is able to help.
Thanks
Kev (very frustrated!!!)


----------



## etaf (Oct 2, 2003)

you often need to run the removal tool a few times (we have known here , 3 times , with a reboot each time)
* Mcafee Removal Tool *
I would recommend that you restart the PC and run the removal tool for a second time or even a third time - I have found instances where the removal tool needs to be run twice to fully remove all traces of Mcafee from the PC

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html


----------



## ETech7 (Aug 30, 2012)

Also, check msconfig startup tab and see if you have too much stuff run when windows starts.


----------



## kevhatch (Jun 20, 2005)

Thx for the quick responses

etaf - Will check for a newer Mcafee removal tool in case the one I had wasn't compatible!

etech7 - Not sure if that is the problem, as I said, everything was hunky dorey until I removed Mcafee but I will check anyway. 

Kev


----------



## kevhatch (Jun 20, 2005)

OK .. I've run the Mcafee clean up tool 3 times now and not much difference - laptop is still extremely slow and un respnsive, 10 minutes to load to desktop and then I wait an age for any program to respond. Have had to shut down on the power button twice out of the three times I have run the clean up tool - Starting to fear the worst about this laptop :-(


----------



## etaf (Oct 2, 2003)

try a chkdsk and sfc/scannow
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html


----------



## kevhatch (Jun 20, 2005)

Ran Chkdsk and got - The Volume is clean - although whenthe problems first started Chkdsk was one of the programmes I ran, it detected a couple of files and deleted them, not sure which or in which part of the scan they were discovered.
I am running SFC/Scannow at the moment - I used 
OPTION TWO
To Run the SFC /SCANNOW Command in Windows 7 
Seems to be stuck at 24% for the last 15 minutes! It will no doubt carry on running as soon as I post this.


----------



## kevhatch (Jun 20, 2005)

So - I tried to close the Browser and the system completely froze up - I was just getting a faded screen with the system busy cursor spinning. Now the screen has gone completely blank and black - about to chuck it out the window *&^*%$£"??(*&!!!!!


----------



## kevhatch (Jun 20, 2005)

Shut down on power button again and re ran Scannow - Windows Resource Protection did not find any integrity violations. 
I will hold off on giving the laptop a flight test out of the window!!


----------



## throoper (Jan 20, 2007)

You didn't say, but what did you replace McCaffee with and when did you do it?


----------



## kevhatch (Jun 20, 2005)

Uninstalled about Mcafee about 12 hours ago and then the problems started ... only AV I have installed now is Windows Defender.


----------



## etaf (Oct 2, 2003)

have you tried a system restore again, since running the removal tool again ?

running in safemode or safemode with networking - does it now work OK or still an issue

Desktop weather status/forecast widget from AccuWeather included with Dell Stage on their range of PCs
The remote.exe utility is a versatile server/client tool that allows you to run command-line programs on remote computers.

have you created a set of recovery DVDs as it sounds like you may need to take it back to the factory condition, although you can do from the harddrive,its useful to have the Disks also handy

If its running OK in safemode
would you see if you can do a clean boot
http://support.microsoft.com/kb/331796
and if that improves


----------



## kevhatch (Jun 20, 2005)

Wayne - boots ok into safe mode but when I tried system restore it says I have no restore points.
No recovery DVD's


----------



## etaf (Oct 2, 2003)

as its in safemode ok 
lets have a look at doing a clean boot
or
have a look at msconfig 
startup tabs

you maybe able to make some factory recovery media from safemode - do you have about 6 DVD + or - RW writable DVDs at all?

the startup utility may not work in safemode - so goto the msconfig section below
*------------------------------------------------------------------------*
* StartUp Utility*

Post back a screen shot from the "Whats in Start Up" utility

Download the utility from here http://www.nirsoft.net/utils/what_run_in_startup.html

The download link is at the bottom of the page labelled, *"Download WhatInStartup"*
Direct link to the program is here http://www.nirsoft.net/utils/whatinstartup.zip

This utility will run standalone - so will not be installed on the PC

unzip the downloaded file and double click on the file named:-  WhatsInStartUp.exe 

a screen appears with a list of all the programs
Do *Not change or disable* anything

If the screen is not maximised then click on the small square box in the Top right hand corner - next to a - and a X

in a reply please post a screen shot

To post a screen shot of the active window.
1) hold the Alt key and press the PrtScn key. Open the Windows PAINT application and Paste the screen shot. You can then use PAINT to trim to suit, and save it as a JPG format file. 
OR
2) if you are using Vista/Windows 7 you can use the "snipping tool" which is found in Start> All programs> Accessories> Snipping Tool

To upload the screen shot to the forum, open the full reply window ("Go Advanced" button) and use the Manage Attachments button to upload it here.
Full details are available here http://library.techguy.org/wiki/TSG_Posting_a_Screenshot
*------------------------------------------------------------------------*

*------------------------------------------------------------------------*

* How to use MSCONFIG *
Windows has a special utility called the "Microsoft System Configuration Utility" or "MSCONFIG."

MSCONFIG can be used to see the startup programs in use and by reducing unwanted programs will help your computer boot and run faster.

It will help you to troubleshoot problems with your computer

use http://www.bleepingcomputer.com/startups/ database to look up each startup and review its purpose before deciding to remove

Goto this link for how to use MSCONFIG for all windows version to optimise the startup programs
http://www.netsquirrel.com/msconfig/

Do  NOT use any of the clean up or registery cleaners advertised on the site
*------------------------------------------------------------------------*


----------



## kevhatch (Jun 20, 2005)

Sorry, I jumped the gun a bit and ran MrFixit between posts which cleared the start up - only 1 item in start up now.
I have rebooted since and it didn't make any difference apart from getting a message - Failed to connect to a Windows Service, event notification service .........
I have no RW DVD's but can get some later in the day


----------



## kevhatch (Jun 20, 2005)

Ran the clean boot and still no improvement


----------



## etaf (Oct 2, 2003)

> It started with just being slow to boot up and then I would get messages that Accuweather.exe and Stage Remote.exe failed to load due to being corrupt.


 so you are no longer getting any error messages on start up

i would stop that orangeinside its some sort of boost software 
http://www.boostbyreason.com/resource-file-35931-orangeinside-exe.aspx

have you run any registry cleaners or other programs on the PC at all?

MrFixit = Microsoft site for clean boot - not other program

whats the blank entry - can you read all the path under type


----------



## kevhatch (Jun 20, 2005)

Not getting the Accuweather or Stageremote error messages now.
Yes i have run CCCleaner but that was a while ago, before this problem started.
I ran the Mr Fixit from the link you gave for the clean boot.
The blank entry is Registry -> Machine Run (WOW 64)
It's annoying that all this hassle is just from uninstalling bloody Mcafee!!!!!!


----------



## etaf (Oct 2, 2003)

> It's annoying that all this hassle is just from uninstalling bloody Mcafee!!!!!!


 I have probably done that 100-200 times on the forums here and not had this type of issue before 
and carried out on machines myself 20-30 times
so i thinks its a combination of things thats caused the issue 
OR
have you had a virus and mcafee had the files quarantined ?

it runs perfectly in safemode though - apart from not being able to do all the things in normal mode?



> only AV I have installed now is Windows Defender


 turn that off , on windows 8 its OK , but not on windows 7 - can cause issues
http://windows.microsoft.com/en-gb/windows7/turn-windows-defender-on-or-off

install and run MSE
http://www.microsoft.com/en-gb/security/pc-security/mse.aspx
and also 
*Malwarebytes* I personally use and install in the computers that I work on. Free Version
http://www.malwarebytes.org/products/malwarebytes_free/

*superantispyware* I personally use and install in the computers that I work on. Free Version
http://www.superantispyware.com/download.html


----------



## kevhatch (Jun 20, 2005)

Disabled Windows Defender and downloaded MSE. Updated MSE and started a scan and system has frozen up again - time elapsed scan stuck at 43 seconds.
Tryig to restart the laptop and it is not responding.


----------



## etaf (Oct 2, 2003)

i think you are into a repair or factory reset now - and will need to create the DVDs discussed earlier
We could see if its a hardware issue by running a different OS

*------------------------------------------------------------------------*

* UBUNTU Stand Alone CD *

NOTE : version Ubuntu 12.04

It may be possible to boot from another Operating System
This will at least test the Hardware and also see if you can see the Harddrive and possibly get data off.

If you have another PC with a cdwriter and spare CD
goto http://www.ubuntu.com/ and download the ISO http://www.ubuntu.com/desktop/get-ubuntu/download

You can also run from a USB device now - if the Machine supports booting off a USB Stick
http://www.ubuntu.com/desktop/get-ubuntu/download

full details are here (Note this is for version 9 - so the start up options are slightly different )
http://www.howtogeek.com/howto/wind...backup-files-from-your-dead-windows-computer/

click on the image "download ubuntu"
Select a location
then begin download
Save the file onto your PC - remember where you saved it - so you can find it again to create the image bootable CD.

You do *NOT* copy the ISO file onto a CD - you have to use the ISO to create a bootable CD
The CD creator software you have on the PC may have an option to create an image from an ISO 
*If not* - use this free program http://www.imgburn.com/ - Choose the option  Write image file to disc 
OR
you can use this stand alone ISO Burner to burn the ubuntu onto CD ftp://terabyteunlimited.com/burncdcc.zip

When the UBUNTU CD boots - you will see a screen - with Language on the left panel and two option images labelled

== > Try ubuntu
== > Install ubuntu

You can try Ubuntu without making any changes to your computer, directly from this CD

Use *"Try ubunto"*  *ONLY*. This option will run from the CD and not install onto your harddrive - *be careful*, if you do install onto the PC - you will wipe the data and software OFF your hard drive.., so repeat, *only use option 1* 

Now you should see a UBUNTU desktop
This at least proves the main parts of the PC are working

NOTE: if you only see a black screen - then this is a known issue, and can be resolved by using the following:-


> On some hardware configurations, you need to set some kernel parameters for ubuntu to boot or work properly. A common one is nomodeset, which is needed for some graphic cards that otherwise boot in to a black screen or corrupted splash, acpi_osi= to fix lcd backlight and other problems.
> full details are here
> http://ubuntuforums.org/showthread.php?t=1613132
> 
> ...


----------



## kevhatch (Jun 20, 2005)

I think I am going to have to put this on hold until Monday as I have no CD/DVD's.
If I can boot my laptop from a USB device I will look at putting Ubuntu onto an external HDD.


----------



## kevhatch (Jun 20, 2005)

The only other machine I have is an Acer notebook without a CD/DVD

Boot options are -
Hard Drive
CD/DVD/CD-RW Device

So I think I'm stuck for now.


----------



## throoper (Jan 20, 2007)

kevhatch said:


> Disabled Windows Defender and downloaded MSE. Updated MSE and started a scan and system has frozen up again - time elapsed scan stuck at 43 seconds.
> Tryig to restart the laptop and it is not responding.


If you haven't already done so, please boot into Safe Mode with networking, download and install Malwarebytes (from Etaf's link in post #19).
Note: uncheck the option during setup to enable the trial of the pro version.
Once installed, update it and run the "Quick Scan".
Remove anything it finds and post the log.


----------



## kevhatch (Jun 20, 2005)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.08.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16576
Kev :: KEV-PC [administrator]

08/06/2013 16:52:54
MBAM-log-2013-06-08 (17-03-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210673
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Kev\Downloads\FlashPlayer_V.36004160b.exe (Adware.DomaIQ) -> No action taken.
C:\Users\Kev\Downloads\FlashPlayer_V.36005979b.exe (Adware.DomaIQ) -> No action taken.
C:\Users\Kev\Downloads\FlashPlayer_V.36060923b.exe (Adware.DomaIQ) -> No action taken.

(end)


----------



## kevhatch (Jun 20, 2005)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2013 at 05:43 PM

Application Version : 5.6.1020

Core Rules Database Version : 10504
Trace Rules Database Version: 8316

Scan type : Quick Scan
Total Scan Time : 00:11:44

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 412
Memory threats detected : 0
Registry items scanned : 61107
Registry threats detected : 0
File items scanned : 12597
File threats detected : 3

Adware.Tracking Cookie
C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Cookies\7LV9DCRH.txt [ /2o7.net ]
C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Cookies\6Q7DVJFP.txt [ /c.atdmt.com ]
C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Cookies\N6BLDU9L.txt [ /atdmt.com ]


----------



## throoper (Jan 20, 2007)

I've asked for one of the security experts to take a look at your thread. I have a little concern with the MBAM log.


----------



## kevhatch (Jun 20, 2005)

I downloaded Ubuntu (RAR File) to a flash drive, my laptop gave me the option to boot from USB when I tapped F12 at start up.I changed to the USB setting but it booted into Windows .. Should I have unzipped the RAR first?

Just plugged the Flash Drive into other laptop and the Ubuntu file is showing as an ISO file.


----------



## etaf (Oct 2, 2003)

the ISO needs to be used to create a bootable device 
BUT
*throoper * has flagged a possible virus/malware issue - so i would await the reply (although they are busy people it may take a while for an answer)


----------



## kevhatch (Jun 20, 2005)

OK .. I will hold on and await next steps.
Thx everyone for the help so far


----------



## Gizmoto (Dec 31, 2010)

Maby do a clean install of windows 7, if you back up your stuff and if you know how to make a bootable windows 7 disk and can get drivers.


----------



## flavallee (May 12, 2002)

kevhatch:

When you previously ran *Malwarebytes Anti-Malware*, you didn't select and remove what it found.

That's why the log shows "no action taken".

-------------------------------------------------------------

Go here, then click the blue "Download Now @ Bleeping Computer" link to download and save *AdwCleaner.exe* to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Delete" button, then allow the deletion process to finish.

Click "OK" 3 times.

The computer will restart.

When the log file appears, save it.

Return here, then copy-and-paste the ENTIRE log here.

-----------------------------------------------------------


----------



## kevhatch (Jun 20, 2005)

Thx for the reply Frank, here is ADW report -

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 16:12:40
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kev - KEV-PC
# Boot Mode : Normal
# Running from : C:\Users\Kev\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\[email protected]
File Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\searchplugins\delta.xml
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Kev\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kev\AppData\Roaming\file scout
Folder Deleted : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}
Key Deleted : HKCU\Software\5c55da8cbc3ab845
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchBar.Client
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9A6357B-25CC-4BCF-96C1-78736985D412}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C9A6357B-25CC-4BCF-96C1-78736985D412}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\prefs.js

C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\user.js ... Deleted !

Deleted : user_pref("avg.install.userHPSettings", "hxxp://www1.delta-search.com/?affID=119649&babsrc=HP_ss&mnt[...]
Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "7c4e86d40000000000009439e5e96003");
Deleted : user_pref("extensions.delta.instlDay", "15805");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.160:03:36");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("[email protected]_Lorraine2_city_5_367", "[{\"time\":[...]
Deleted : user_pref("[email protected]_Lorraine3_city_2_343", "[{\"time\":[...]
Deleted : user_pref("[email protected]_Lorraine3_city_4_343", "[{\"time\":[...]
Deleted : user_pref("[email protected]_Lorraine3_city_5_343", "[{\"time\":[...]
Deleted : user_pref("[email protected]_Lorraine3_city_7_363", "[{\"time\":[...]
Deleted : user_pref("[email protected]_Round50glc2_city_5_320", "[{\"time\[...]
Deleted : user_pref("[email protected]_192", "{\"includeCity\":true,\"[...]
Deleted : user_pref("[email protected]_320", "{\"includeCity\":true,\"[...]
Deleted : user_pref("[email protected]_343", "{\"includeCity\":true,\"[...]
Deleted : user_pref("[email protected]_363", "{\"includeCity\":true,\"[...]
Deleted : user_pref("[email protected]_367", "{\"includeCity\":true,\"[...]

*************************

AdwCleaner[S1].txt - [13990 octets] - [13/06/2013 16:12:40]

########## EOF - C:\AdwCleaner[S1].txt - [14051 octets] ##########


----------



## flavallee (May 12, 2002)

It found and deleted a LOT of threats, so hopefully that'll help with your issues.

Put it to use again and submit a new log so we can confirm that all threats have been deleted.

-----------------------------------------------------------



> -\\ Mozilla Firefox v11.0 (en-US)


You appear to be using a very outdated version of Mozilla Firefox.

The current version is *21.0*

http://www.mozilla.org/en-US/firefox/new/

----------------------------------------------------------


----------



## kevhatch (Jun 20, 2005)

Prior to your first reply I have done a few things which seemed to make the laptop run a bit better - 
I ran ESET online scanner which deleted a couple of threats - I didn't save a log file so can't say what it deleted.
Reran Mcafee clean up.
I uninstalled and reinstalled Flashplayer and Shockwave.
Uninstalled Mcafee VS which re-installed with new Flashplayer and Reran Mcafee clean up again.
Uninstalled Adobe Air and a couple of other Adobe programmes.

I use Ver 12 of Firefox because I have problems running a game (Kingdoms of Camelot) with newer versions.

The laptop is not crashing as often but still having some problems up until running ADW - 
Start up to login is now quite fast but after entering password it stays on the welcome screen for at least a minute before going to desktop which then takes it's time loading icons. I then get an Adobe Air error message - I'm sure it was faster before the problems, maybe not!
Web browsers freeze up regularly, both FF and CometBird.
Yesterday I was listening to the radio in BBC iplayer, I could still hear the radio but laptop went to black screen with the cursor usable but I couldn't escape the black screen so had to shut down on the power button.

Anyhow, second ADW log -

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 16:40:56
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kev - KEV-PC
# Boot Mode : Normal
# Running from : C:\Users\Kev\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

File : C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\prefs.js

C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14033 octets] - [13/06/2013 16:12:40]
AdwCleaner[S2].txt - [930 octets] - [13/06/2013 16:40:56]

########## EOF - C:\AdwCleaner[S2].txt - [989 octets] ##########


----------



## flavallee (May 12, 2002)

Download and save and then install the free version of

*SUPERAntiSpyware 5.6.0.1020*

Make sure to update its definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, it may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

After it's installed and updated, do the following:

Select the *Quick Scan* option, then click "Scan your Computer".

If infections or problems are found during the scan, a list will appear and the number of them will be highlighted in red.

When the scan is finished and the scan summary window appears, click "Continue".

Make sure that *EVERYTHING* in the list is selected, then click "Remove Threats".

Click "OK - Finish".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "View Scan Logs".

Highlight the scan log entry, then click "View Selected Log".

When the scan log appears in Notepad, copy-and-paste it here.

----------------------------------------------------------


----------



## kevhatch (Jun 20, 2005)

SAS Log -

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/13/2013 at 06:27 PM

Application Version : 5.6.1020

Core Rules Database Version : 10528
Trace Rules Database Version: 8340

Scan type : Quick Scan
Total Scan Time : 00:18:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 326
Memory threats detected : 0
Registry items scanned : 60969
Registry threats detected : 0
File items scanned : 12504
File threats detected : 22

Adware.Tracking Cookie
C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Cookies\28PCPGOK.txt [ /c.atdmt.com ]
C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Cookies\AS4NVS04.txt [ /atdmt.com ]
.doubleclick.net [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
stats.adotube.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\KEV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U56VG7O8.DEFAULT\COOKIES.SQLITE ]


----------



## throoper (Jan 20, 2007)

Please download HJT from HERE.
Save it to your desktop and double click to run it.
Select "Do a system scan and save a log file" from the Main menu. 
When the scan is complete a log file will open.
Important: Do not "fix" anything.
Copy and paste the log in a post.


----------



## kevhatch (Jun 20, 2005)

Got this when I started HJT -

For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this click, Start, Run and type:
notepad C\: windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) Hijack This reports and delete them.
Save the file as 'hosts'. (with quotes), and reboot.

But it scanned on closing the error report and log file -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:02:08, on 13/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Users\Kev\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKCU\..\Run: [OrangeInside] C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
O8 - Extra context menu item: envoyer par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
O8 - Extra context menu item: envoyer un mail - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
O8 - Extra context menu item: orange.fr - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: traduire la page - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8856 bytes


----------



## throoper (Jan 20, 2007)

First problem I'm seeing is you have no visible security running. You said you installed MSE and it hung. 
It's not running at startup and I'm not seeing any related services for it running. Have you tried it since it hung?
Also on services, you have several system files that are missing. 
I'm not that familiar with win 7 system files and I'm unsure how critical the missing files are, but I'm guessing that's not helping matters.
I think you may need to do a repair install of the OS.
Maybe Frank has some ideas or other suggestions. He's far better with win 7 than I am.


----------



## kevhatch (Jun 20, 2005)

Hmmm ... Just checked and MSE says it is switched on and it is showing in start up.


----------



## throoper (Jan 20, 2007)

You can disregard my previous post. I didn't notice you were running 64 bit (temporary blindness and permanent stupidity on my part ).
Could you please run it again only right click and "Run as administrator".


----------



## kevhatch (Jun 20, 2005)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:09:07, on 14/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
C:\Users\Kev\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKCU\..\Run: [OrangeInside] C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
O8 - Extra context menu item: envoyer par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
O8 - Extra context menu item: envoyer un mail - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
O8 - Extra context menu item: orange.fr - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: traduire la page - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9423 bytes


----------



## throoper (Jan 20, 2007)

I think Etaf already mentioned this, but try taking Orange off of startup and see if it improves anything.
I'd also untick the Kodak entries while you're in msconfig>startup tab.


With Firefox, have you tried running it with add-ons disabled? 
Updating it to a newer version may solve some of the problems. 
You could always install and run the current version of 11 in it's own Profile for use with your game.


----------



## kevhatch (Jun 20, 2005)

Orange is my ISP, so could that entry be my internet? 
I can't find any entries for Kodak in my startup!! attached screenshot.
I don't know what you mean by - You could always install and run the current version of 11 in it's own Profile for use with your game. 
Also, I have been using Cometbird and Palemoon as my browsers with the same problems.




I have just taken Orange out of the startup, rebooted and it is back so thinking it is something to do with my interweb.


----------



## throoper (Jan 20, 2007)

The orange entry is an Internet manager. Basically it gives you quick access to the "bells and whistles" where you can change connections.
With a normal modem, you should be able to shut it down without effect on your internet.
If you have "livebox", I'm not sure if it's needed to maintain the connection.
You can shut off the manager on a temporary basis by closing the program from the system tray.
There should be a checkbox in it's configuration that will let you keep it from running at startup on a permanent basis.
To see if it makes a difference for you, I would just shut it off temporarily at the sys tray and a reboot will load it back if it's removal causes a prob or doesn't make a difference.

You can run multiple versions of Firefox on the same computer. You need to install them in separate locations and create shortcuts that run each version with it's own separate Profile.


----------



## kevhatch (Jun 20, 2005)

Yep, I have Livebox - shut off everything I was able to from the Livebox Assistance in sys tray - hasn't affected internet at all - will have to wait and see if it makes a difference to anything else.


----------



## kevhatch (Jun 20, 2005)

Had to reinstall Adobe Air to see Livebox assistance in sys tray.


----------



## kevhatch (Jun 20, 2005)

Still freezing up and becoming unresponsive requiring shut down on power button.


----------



## kevhatch (Jun 20, 2005)

Not sure what's going on here .. 
Had a couple of complete seize ups since my last post but for the last 4 days I have left the laptop on 24hrs and it hasn't frozen once. I have had no system errors but browser does lock up quite often although I am able to close it normally on the close window button, and everything remains responsive. 
I have not done anything so I'm baffled as to why it is now running nearly normal again after so many problems earlier!!!!!!!!!!


----------



## kevhatch (Jun 20, 2005)

Should I mark this thread solved or are there any of you great fixit guys still looking? 
Internet is still very cloggy and I'm not sure if I should be worried about the missing system files reported in the HJT logs, posts #39 & #41.
Thx for all the great help so far.


----------



## throoper (Jan 20, 2007)

Hang in there Kev. I'd still like one of the security people to take a look so I'm going to bump up my request again.
Don't worry about the HJT logs showing missing files. HJT doesn't access 64 bit system files so shows them as missing. That was my inattention to what I was doing and why I said disregard my post.

I have one question. Did you completely exit Orange from the sys tray or did you just disable some of the items in it's config?


----------



## kevhatch (Jun 20, 2005)

Hanging in there Throoper ..... 
I opened the Orange dialogue box in Systray and took the ticks out of the two options that were available - it is no longer showing in the Systray.


----------



## kevhatch (Jun 20, 2005)

I see another thread that is having exactly the same trouble as I am - http://forums.techguy.org/windows-7/1101793-laptop-slow-freezes.html - strange!


----------



## Cookiegal (Aug 27, 2003)

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## kevhatch (Jun 20, 2005)

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611
Run by Kev at 15:28:49 on 2013-06-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8100.6588 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: ToolbarOrange.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775b} - 
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
uRun: [OrangeInside] C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: ajouter cette page à vos favoris Orange - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: envoyer le texte sélectionné par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: traduire la page - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\0516471676F6E69616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\25F6D64556C65636F6D6D2750514D203430313 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\36163716F586F62756A75616E616 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\457796E60596E65637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\469676379737 : DHCPNameServer = 192.92.129.1 193.68.3.252
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\C4167657E616131313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}\D4F647F63416D607 : DHCPNameServer = 193.68.3.252 192.92.129.1
TCP: Interfaces\{54543B6E-98B0-4C14-979B-27DFDD85C392} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kev\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}\plugins\npOrangeInstaller.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-23 12:20; [email protected]; C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-05-23 12:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Orange
FF - user.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-21 55856]
R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2012-4-11 236688]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-1 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-30 229040]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-8-23 172704]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-21 317440]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2013-2-13 12262336]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-9 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-11-21 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-11-21 39464]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-8 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-21 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-26 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-13 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\Kev\Desktop\RealTemp\WinRing0x64.sys [2012-12-28 14544]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
S4 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-13 89600]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-2-13 235520]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-21 13336]
S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2013-3-15 395640]
S4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2013-1-15 780152]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-8 418376]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-8 701512]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S4 Orange update Core Service;Orange update Core Service;C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [2012-9-18 1082016]
S4 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124632]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-21 1692480]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-21 2656280]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-06-22 10:35:37	--------	d-----w-	C:\Users\Kev\AppData\Local\{2D1A1D9D-F1B4-4642-9C91-E82243E87169}
2013-06-21 22:35:14	--------	d-----w-	C:\Users\Kev\AppData\Local\{69DB043A-3B7F-4ACA-B97E-A1FB4BCC01B8}
2013-06-21 16:22:47	964552	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CBDC8E4D-F0B4-4C50-A06A-8E6CF6215C02}\gapaengine.dll
2013-06-21 16:22:29	9552976	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7742512F-02C5-4090-B17F-7682E024BDE0}\mpengine.dll
2013-06-21 10:11:42	--------	d-----w-	C:\Users\Kev\AppData\Local\{147108A9-9358-429B-B142-960BCE845C0B}
2013-06-20 22:11:07	--------	d-----w-	C:\Users\Kev\AppData\Local\{423E0B71-8728-4BDE-84F8-C0D6364CEA12}
2013-06-20 16:22:20	9552976	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-20 10:10:45	--------	d-----w-	C:\Users\Kev\AppData\Local\{6A314A83-C697-443D-AF96-D887BA2C129E}
2013-06-19 22:10:11	--------	d-----w-	C:\Users\Kev\AppData\Local\{A93F2BE5-2DB0-42DD-9B41-94E8DC78D540}
2013-06-19 10:09:49	--------	d-----w-	C:\Users\Kev\AppData\Local\{4D9D670D-F1A0-47EB-9628-BF0B0ABA6413}
2013-06-18 22:09:14	--------	d-----w-	C:\Users\Kev\AppData\Local\{49306D97-73B4-40FF-BDEB-A02BBD116900}
2013-06-18 10:08:51	--------	d-----w-	C:\Users\Kev\AppData\Local\{D621CA0E-5D67-45D4-AF95-D3194A29B6DC}
2013-06-17 10:16:26	--------	d-----w-	C:\Users\Kev\AppData\Local\{A26358E9-238A-49CD-928F-087C6860BBFE}
2013-06-16 22:15:52	--------	d-----w-	C:\Users\Kev\AppData\Local\{F7133418-C3CE-4DC4-AC93-93DE0D310CFD}
2013-06-16 10:15:28	--------	d-----w-	C:\Users\Kev\AppData\Local\{4AB49111-1424-4757-A4B9-E5585F27334B}
2013-06-15 09:25:10	--------	d-----w-	C:\Users\Kev\AppData\Local\{E25F9E2C-EF04-43BD-BC6D-F49AC7EAB462}
2013-06-14 18:10:54	--------	d-----w-	C:\Users\Kev\AppData\Local\{9C06BC50-E3AE-46B8-8712-D7204967B102}
2013-06-14 16:41:34	964552	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 16:41:34	964552	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{261AD9AF-3416-443A-8391-F4186DD254C8}\gapaengine.dll
2013-06-13 10:24:19	--------	d-----w-	C:\Users\Kev\AppData\Local\{2B95C7DE-F613-4688-BE2F-D08FC40FBBDC}
2013-06-13 02:52:29	--------	d-----w-	C:\a59e14d750f863bc49e8f3a81ff2
2013-06-13 02:41:18	701952	----a-w-	C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-13 02:41:18	356352	----a-w-	C:\Program Files\Internet Explorer\IEShims.dll
2013-06-13 02:41:18	257536	----a-w-	C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 02:41:13	235520	----a-w-	C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-06-13 02:41:06	67072	----a-w-	C:\windows\System32\iesetup.dll
2013-06-13 02:41:06	61440	----a-w-	C:\windows\SysWow64\iesetup.dll
2013-06-13 02:41:01	71680	----a-w-	C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-13 02:41:01	109056	----a-w-	C:\windows\SysWow64\iesysprep.dll
2013-06-13 02:40:56	89600	----a-w-	C:\windows\System32\RegisterIEPKEYs.exe
2013-06-13 02:40:51	136704	----a-w-	C:\windows\System32\iesysprep.dll
2013-06-13 02:40:29	770648	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-06-13 02:40:22	775256	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2013-06-13 02:40:18	3958784	----a-w-	C:\windows\System32\jscript9.dll
2013-06-13 02:39:56	2877440	----a-w-	C:\windows\SysWow64\jscript9.dll
2013-06-13 02:39:53	148992	----a-w-	C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-06-13 02:39:40	108032	----a-w-	C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-13 02:39:33	817664	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 02:39:33	1084928	----a-w-	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 02:39:23	1767936	----a-w-	C:\windows\SysWow64\wininet.dll
2013-06-13 02:39:22	2241024	----a-w-	C:\windows\System32\wininet.dll
2013-06-12 10:48:38	1910632	----a-w-	C:\windows\System32\drivers\tcpip.sys
2013-06-12 10:39:04	--------	d-----w-	C:\Users\Kev\AppData\Local\{D2566590-72B0-4E84-A27E-1002C0AF27E6}
2013-06-11 17:33:00	71048	----a-w-	C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 17:33:00	692104	----a-w-	C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 11:01:35	--------	d-----w-	C:\Users\Kev\AppData\Local\{B200BC73-0B7D-4F6A-A67E-3B1EA993061A}
2013-06-09 11:18:10	--------	d-----w-	C:\Temp
2013-06-09 06:58:18	--------	d-----w-	C:\Users\Kev\AppData\Local\{8054621E-83F9-422C-AD39-D251B45833D9}
2013-06-08 18:58:03	--------	d-----w-	C:\Users\Kev\AppData\Local\{BA1FDEB4-3626-44C7-A9CF-D1AC089AF458}
2013-06-08 16:31:02	--------	d-----w-	C:\Users\Kev\AppData\Roaming\SUPERAntiSpyware.com
2013-06-08 16:30:58	--------	d-----w-	C:\ProgramData\SUPERAntiSpyware.com
2013-06-08 16:30:58	--------	d-----w-	C:\Program Files\SUPERAntiSpyware
2013-06-08 15:52:18	25928	----a-w-	C:\windows\System32\drivers\mbam.sys
2013-06-08 15:52:18	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 14:43:29	--------	d-----w-	C:\Program Files (x86)\Microsoft Security Client
2013-06-08 14:43:22	--------	d-----w-	C:\Program Files\Microsoft Security Client
2013-06-08 00:20:36	--------	d-----w-	C:\Users\Kev\AppData\Local\Deployment
2013-06-08 00:20:36	--------	d-----w-	C:\Users\Kev\AppData\Local\Apps
2013-06-07 18:45:07	--------	d-s---w-	C:\windows\SysWow64\Microsoft
2013-06-07 14:08:17	--------	d-----w-	C:\Users\Kev\AppData\Local\Dell Edoc Viewer
2013-06-07 13:56:15	9460464	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AC9467-8AA0-497E-B6F4-36C173EB6B6F}\mpengine.dll
2013-06-07 10:06:12	--------	d-----w-	C:\Users\Kev\AppData\Local\{0DB58CC7-0D11-4063-9353-717696765A47}
2013-06-06 21:55:37	--------	d-----w-	C:\Users\Kev\AppData\Local\{9D9FB65E-E1AF-42AF-B611-05BC7DD53463}
2013-06-06 09:55:26	--------	d-----w-	C:\Users\Kev\AppData\Local\{89754290-15C0-4749-A587-E70EF8471670}
2013-06-05 21:55:16	--------	d-----w-	C:\Users\Kev\AppData\Local\{1B7C0C92-6878-446A-8AE9-16DB590E8581}
2013-06-05 09:55:04	--------	d-----w-	C:\Users\Kev\AppData\Local\{4DC256D5-4209-4981-8C7C-24E7731F6E39}
2013-06-04 15:34:09	--------	d-----w-	C:\Users\Kev\AppData\Local\{466C021B-A61C-4A0A-B4B3-E52AAB425291}
2013-06-04 03:33:58	--------	d-----w-	C:\Users\Kev\AppData\Local\{B8B4F4B0-62ED-4949-8804-DD2705F63AC5}
2013-06-03 15:33:47	--------	d-----w-	C:\Users\Kev\AppData\Local\{ECB80A13-487D-4989-B9A7-2564B18F025C}
2013-06-03 03:33:36	--------	d-----w-	C:\Users\Kev\AppData\Local\{1F194380-82E8-40D9-ACFC-04D6D853574F}
2013-06-02 15:33:13	--------	d-----w-	C:\Users\Kev\AppData\Local\{00D21EEE-7331-471E-A5C8-050683AB404F}
2013-06-02 03:32:49	--------	d-----w-	C:\Users\Kev\AppData\Local\{4516EFA5-8C79-4653-9695-A5093B2D957F}
2013-06-01 15:32:38	--------	d-----w-	C:\Users\Kev\AppData\Local\{39FA085B-0107-4FE8-8EF5-89F2AB00FE30}
2013-06-01 03:32:27	--------	d-----w-	C:\Users\Kev\AppData\Local\{2A7BC3FC-B0B2-40EB-8FEA-ADB1212EFCC1}
2013-05-31 15:32:16	--------	d-----w-	C:\Users\Kev\AppData\Local\{AAB951CA-1CA0-4768-8832-C9A094BE0EA4}
2013-05-30 22:52:26	--------	d-----w-	C:\Users\Kev\AppData\Local\{53F82B4B-71B1-4CE9-93EE-2406C8A8D202}
2013-05-30 10:52:15	--------	d-----w-	C:\Users\Kev\AppData\Local\{2E5DD52D-BEA0-48A9-B2F1-A9F4B6026AA7}
2013-05-29 11:35:40	--------	d-----w-	C:\Users\Kev\AppData\Local\{E9E27BC4-13A6-4BEF-B7A1-6D8E72AEB2BF}
2013-05-28 23:35:02	--------	d-----w-	C:\Users\Kev\AppData\Local\{DFACD7F0-F0E8-44A3-9CEF-CE7428A3A9F4}
2013-05-28 11:34:38	--------	d-----w-	C:\Users\Kev\AppData\Local\{EF3D86E1-8AEE-4116-A5A4-DF400E451A17}
2013-05-27 23:34:16	--------	d-----w-	C:\Users\Kev\AppData\Local\{9A249CB3-837B-402E-AD1C-3991A5C447B1}
2013-05-27 11:33:54	--------	d-----w-	C:\Users\Kev\AppData\Local\{AC6F2090-34D2-4AB3-9650-52C4C75B3E15}
2013-05-26 23:33:19	--------	d-----w-	C:\Users\Kev\AppData\Local\{57059132-59FD-4376-B729-6A83413DF794}
2013-05-26 11:32:56	--------	d-----w-	C:\Users\Kev\AppData\Local\{E2D6DC44-41D8-4E79-A6A8-340484BC7ED7}
2013-05-25 23:32:22	--------	d-----w-	C:\Users\Kev\AppData\Local\{1D2D029B-E90F-47B6-BD70-1915C2F66A87}
2013-05-25 11:31:59	--------	d-----w-	C:\Users\Kev\AppData\Local\{07A95709-BA36-4BEF-884C-D9C541306D62}
2013-05-24 23:31:37	--------	d-----w-	C:\Users\Kev\AppData\Local\{B3209DCA-DE9E-430A-B12F-B4C65010262F}
2013-05-24 11:31:15	--------	d-----w-	C:\Users\Kev\AppData\Local\{036C81F7-0C57-4A9D-A888-626EFDF42E94}
2013-05-23 23:30:53	--------	d-----w-	C:\Users\Kev\AppData\Local\{FABD3777-E98F-4F4C-BBEB-0C7D8A398718}
.
==================== Find3M ====================
.
2013-06-08 12:28:46	2706432	----a-w-	C:\windows\System32\mshtml.tlb
2013-06-08 11:13:19	2706432	----a-w-	C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01	184320	----a-w-	C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00	1464320	----a-w-	C:\windows\System32\crypt32.dll
2013-05-13 05:51:00	139776	----a-w-	C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40	52224	----a-w-	C:\windows\System32\certenc.dll
2013-05-13 04:45:55	140288	----a-w-	C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55	1160192	----a-w-	C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55	103936	----a-w-	C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55	1192448	----a-w-	C:\windows\System32\certutil.exe
2013-05-13 03:08:10	903168	----a-w-	C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06	43008	----a-w-	C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27	30720	----a-w-	C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54	24576	----a-w-	C:\windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56	278800	------w-	C:\windows\System32\MpSigStub.exe
2013-04-30 00:28:50	236688	----a-w-	C:\windows\System32\drivers\RapportKE64.sys
2013-04-26 05:51:36	751104	----a-w-	C:\windows\System32\win32spl.dll
2013-04-26 04:55:21	492544	----a-w-	C:\windows\SysWow64\win32spl.dll
2013-04-25 23:30:32	1505280	----a-w-	C:\windows\SysWow64\d3d11.dll
2013-04-17 07:02:06	1230336	----a-w-	C:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46	1424384	----a-w-	C:\windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23	135168	----a-w-	C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19	350208	----a-w-	C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19	308736	----a-w-	C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19	111104	----a-w-	C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16	474624	----a-w-	C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15	2176512	----a-w-	C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:08	1656680	----a-w-	C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54	265064	----a-w-	C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53	983400	----a-w-	C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50	3153920	----a-w-	C:\windows\System32\win32k.sys
2013-04-02 14:09:52	4550656	----a-w-	C:\windows\SysWow64\GPhotos.scr
2013-03-31 22:52:16	1887232	----a-w-	C:\windows\System32\d3d11.dll
.
============= FINISH: 15:29:45.18 ===============


----------



## kevhatch (Jun 20, 2005)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 13/01/2012 06:45:18
System Uptime: 18/06/2013 17:08:06 (94 hours ago)
.
Motherboard: Dell Inc. | | 0GGRV5
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 345.021 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Dell Wireless 1701 Bluetooth v3.0+HS
Device ID: USB\VID_0A5C&PID_21BC\9439E5E96004
Manufacturer: Broadcom
Name: Dell Wireless 1701 Bluetooth v3.0+HS
PNP Device ID: USB\VID_0A5C&PID_21BC\9439E5E96004
Service: BTHUSB
.
==== System Restore Points ===================
.
RP185: 11/06/2013 01:14:37 - Test restore point
RP186: 11/06/2013 18:25:31 - Removed eBay
RP187: 12/06/2013 15:11:05 - Removed Adobe Community Help
RP188: 12/06/2013 15:12:11 - Removed Adobe Media Player
RP189: 13/06/2013 03:14:24 - Windows Update
RP190: 13/06/2013 10:42:10 - Windows Update
RP191: 16/06/2013 09:42:02 - Windows Update
RP192: 19/06/2013 17:23:17 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.1.7) MUI
Advanced Audio FX Engine
aioscnnr
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
Apple Application Support
Apple Software Update
Assistance Livebox
C4USelfUpdater
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
center
CometBird 11.0 (x86 en-US)
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell System Detect
Dell Touchpad
Dell VideoStage 
Dell Webcam Central
DirectX 9 Runtime
DW WLAN Card
Encrypt Files v1.5
ESET Online Scanner v3
essentials
Facebook Video Calling 1.2.0.287
FileZilla Client 3.7.0.2
Google Earth
Google Update Helper
High-Definition Video Playback
IDT Audio
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Monitor 2.0
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 37
JavaFX 2.1.1
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
msvcrt_installer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Notification Mail
ocr
Orange Inside
Orange Installer
Orange update
Pale Moon 20.1 (x86 en-US)
PDF Settings CS5
PhotoShowExpress
Picasa 3
PowerXpressHybrid
PreReq
PrintProjects
PX Profile Update
Quickset64
QuickTime
Rapport
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shared C Run-time for x64
Skype™ 6.3
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
swMSM
SyncUP
TeamSpeak 3 Client
ToolbarFR
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 4.11 (64-bit)
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
22/06/2013 09:07:43, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
18/06/2013 17:11:38, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/06/2013 17:09:46, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 258
18/06/2013 09:19:59, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================


----------



## kevhatch (Jun 20, 2005)

Apologies for my dumbness ....
When running the GMER programme it opens an interface and does whatever for a fraction of a second. It then displays some text in the main pane and all boxes on the right hand side are ticked.
The programme didn't warn of rootkit activity or ask if I wanted to run a full scan - so, should I follow these instructions? - 

make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button


----------



## Cookiegal (Aug 27, 2003)

Yes please.


----------



## kevhatch (Jun 20, 2005)

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-22 17:13:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465.76GB
Running: o8jl4ewh.exe; Driver: C:\Users\Kev\AppData\Local\Temp\pwldqpow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800035b0000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624 fffff800035b0040 1 byte [01]

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2064:2616] 000007fefb762a7c

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5e96004 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xD2 0xA3 0x86 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5e96004 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xD2 0xA3 0x86 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet)

---- EOF - GMER 2.1 ----


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## kevhatch (Jun 20, 2005)

This popped up while Combofix was running -


C:\windows\system32\netsh.exe

Illegal operation attempted on a registry key that has been marked for deletion


----------



## kevhatch (Jun 20, 2005)

And I am getting the same message when I try to connect to the internet with any browser.

And this when I go - Control Panel/Network and Internet/Network and Sharing Center/Connect to a network
shell::::{38A98528-6BF-4CA9-8DC0-B1E1D10F7B1B}
Illegal operation attempted on a registry key that has been marked for deletion.


----------



## kevhatch (Jun 20, 2005)

Tried to copy the log file on to a flash drive so as I could post via another laptop but it won't let me - 
It wont Paste direct onto drive so I created a new text doc but get this when I try to open it - 

G:\New Text Document.txt
Illegal operation attempted on a registry key that has been marked for deletion.


----------



## Cookiegal (Aug 27, 2003)

Just reboot the machine and that should take care of it.


----------



## kevhatch (Jun 20, 2005)

Phew .... had a little panic there!!! lol

Here is the log file -

ComboFix 13-06-22.01 - Kev 22/06/2013 17:47:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8100.5919 [GMT 1:00]
Running from: c:\users\Kev\Desktop\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\users\Default\AppData\Roaming\DPInst.exe
c:\users\Default\AppData\Roaming\gacutil.exe
c:\users\Default\AppData\Roaming\PnPutil.exe
c:\users\Kev\Downloads\pmMIg.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-22 16:22 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD70D7E9-C857-4636-A198-9FC551B7BAF3}\mpengine.dll
2013-06-21 16:22 . 2013-06-21 16:22	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBDC8E4D-F0B4-4C50-A06A-8E6CF6215C02}\gapaengine.dll
2013-06-21 16:22 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-14 16:41 . 2013-06-08 14:44	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 16:21 . 2013-06-14 16:21	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2013-06-13 02:52 . 2013-06-13 02:52	--------	d-----w-	C:\a59e14d750f863bc49e8f3a81ff2
2013-06-13 02:41 . 2013-05-17 01:25	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 02:41 . 2013-05-17 00:58	701952	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-06-13 02:41 . 2013-05-17 00:58	356352	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-06-13 02:41 . 2013-05-17 01:25	235520	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-06-13 02:41 . 2013-05-17 01:25	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-06-13 02:41 . 2013-05-17 00:59	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-06-13 02:41 . 2013-05-17 00:58	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-06-13 02:41 . 2013-05-17 00:58	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-06-13 02:41 . 2013-05-17 01:25	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-06-13 02:41 . 2013-05-14 08:40	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-13 02:40 . 2013-05-14 12:23	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-06-13 02:40 . 2013-05-17 00:58	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-06-13 02:40 . 2013-05-17 02:32	770648	----a-w-	c:\program files (x86)\Internet Explorer\iexplore.exe
2013-06-13 02:40 . 2013-05-17 03:30	775256	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-06-13 02:40 . 2013-05-17 00:58	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-06-13 02:40 . 2013-05-17 00:58	855552	----a-w-	c:\windows\system32\jscript.dll
2013-06-13 02:40 . 2013-05-17 00:58	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-06-13 02:39 . 2013-05-17 01:25	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-06-13 02:39 . 2013-05-17 00:58	148992	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-13 02:39 . 2013-05-17 01:25	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-13 02:39 . 2013-05-17 01:25	817664	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 02:39 . 2013-05-17 00:58	1084928	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 02:39 . 2013-05-17 00:58	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-06-13 02:39 . 2013-05-17 01:25	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-06-13 02:39 . 2013-05-17 00:59	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-12 10:48 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-11 17:33 . 2013-06-11 17:33	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 17:33 . 2013-06-11 17:33	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-09 11:18 . 2013-06-10 17:21	--------	d-----w-	C:\Temp
2013-06-08 18:07 . 2013-06-08 18:08	--------	d-----w-	c:\users\Kev\AppData\Roaming\U3
2013-06-08 16:31 . 2013-06-08 16:31	--------	d-----w-	c:\users\Kev\AppData\Roaming\SUPERAntiSpyware.com
2013-06-08 16:30 . 2013-06-08 16:31	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-08 16:30 . 2013-06-08 16:30	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-06-08 15:52 . 2013-06-08 15:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-08 15:52 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-08 14:43 . 2013-06-08 14:43	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-06-08 14:43 . 2013-06-08 14:43	--------	d-----w-	c:\program files\Microsoft Security Client
2013-06-08 01:50 . 2013-06-08 14:23	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-06-08 00:20 . 2013-06-09 17:09	--------	d-----w-	c:\users\Kev\AppData\Local\Deployment
2013-06-08 00:20 . 2013-06-08 00:20	--------	d-----w-	c:\users\Kev\AppData\Local\Apps
2013-06-07 18:45 . 2013-06-07 18:45	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2013-06-07 14:08 . 2013-06-07 14:08	--------	d-----w-	c:\users\Kev\AppData\Local\Dell Edoc Viewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 02:53 . 2012-01-13 19:17	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-13 06:37 . 2013-06-07 13:56	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8AC9467-8AA0-497E-B6F4-36C173EB6B6F}\mpengine.dll
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 08:17 . 2010-06-24 17:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-30 00:28 . 2012-04-11 10:05	236688	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
2013-04-13 05:49 . 2013-05-14 21:10	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 21:10	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 21:10	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 21:10	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 21:10	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 21:10	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 01:25	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 21:10	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 21:10	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 21:10	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09	4550656	----a-w-	c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangeInside"="c:\users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2012-11-16 1530520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Kev\Desktop\RealTemp\WinRing0x64.sys;c:\users\Kev\Desktop\RealTemp\WinRing0x64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 Orange update Core Service;Orange update Core Service;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x]
R4 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 17:33]
.
2013-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core.job
- c:\users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 22:56]
.
2013-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA.job
- c:\users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 22:56]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 10:27]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ajouter cette page à vos favoris Orange - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: envoyer le texte sélectionné par sms - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: traduire la page - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - ExtSQL: 2013-05-23 12:20; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-05-23 12:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: browser.search.selectedEngine - Orange
FF - user.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Orange\Orange Installer\OrangeInstaller.exe
.
**************************************************************************
.
Completion time: 2013-06-22 18:01:11 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-22 17:01
.
Pre-Run: 370,084,864,000 bytes free
Post-Run: 369,977,483,264 bytes free
.
- - End Of File - - 52C1F35DB91EEC3E0BF8978844D81EF4
D41D8CD98F00B204E9800998ECF8427E


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## kevhatch (Jun 20, 2005)

19:55:51.0157 1656 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
19:55:52.0920 1656 ============================================================
19:55:52.0920 1656 Current date / time: 2013/06/22 19:55:52.0920
19:55:52.0920 1656 SystemInfo:
19:55:52.0920 1656 
19:55:52.0920 1656 OS Version: 6.1.7601 ServicePack: 1.0
19:55:52.0920 1656 Product type: Workstation
19:55:52.0920 1656 ComputerName: KEV-PC
19:55:52.0920 1656 UserName: Kev
19:55:52.0920 1656 Windows directory: C:\windows
19:55:52.0920 1656 System windows directory: C:\windows
19:55:52.0920 1656 Running under WOW64
19:55:52.0920 1656 Processor architecture: Intel x64
19:55:52.0920 1656 Number of processors: 4
19:55:52.0920 1656 Page size: 0x1000
19:55:52.0920 1656 Boot type: Normal boot
19:55:52.0920 1656 ============================================================
19:55:53.0434 1656 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:53.0434 1656 ============================================================
19:55:53.0434 1656 \Device\Harddisk0\DR0:
19:55:53.0434 1656 MBR partitions:
19:55:53.0434 1656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
19:55:53.0434 1656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
19:55:53.0434 1656 ============================================================
19:55:53.0481 1656 C: <-> \Device\Harddisk0\DR0\Partition2
19:55:53.0481 1656 ============================================================
19:55:53.0481 1656 Initialize success
19:55:53.0481 1656 ============================================================
19:56:00.0158 1260 ============================================================
19:56:00.0158 1260 Scan started
19:56:00.0158 1260 Mode: Manual; 
19:56:00.0158 1260 ============================================================
19:56:01.0141 1260 ================ Scan system memory ========================
19:56:01.0156 1260 System memory - ok
19:56:01.0156 1260 ================ Scan services =============================
19:56:01.0422 1260 [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:56:01.0422 1260 !SASCORE - ok
19:56:01.0609 1260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:56:01.0609 1260 1394ohci - ok
19:56:01.0671 1260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:56:01.0687 1260 ACPI - ok
19:56:01.0718 1260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:56:01.0718 1260 AcpiPmi - ok
19:56:01.0905 1260 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:56:01.0905 1260 AdobeARMservice - ok
19:56:02.0092 1260 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:56:02.0092 1260 AdobeFlashPlayerUpdateSvc - ok
19:56:02.0170 1260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:56:02.0186 1260 adp94xx - ok
19:56:02.0358 1260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:56:02.0373 1260 adpahci - ok
19:56:02.0482 1260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:56:02.0482 1260 adpu320 - ok
19:56:02.0529 1260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:56:02.0529 1260 AeLookupSvc - ok
19:56:02.0607 1260 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
19:56:02.0607 1260 AESTFilters - ok
19:56:02.0670 1260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:56:02.0701 1260 AFD - ok
19:56:02.0748 1260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:56:02.0748 1260 agp440 - ok
19:56:02.0810 1260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:56:02.0810 1260 ALG - ok
19:56:02.0857 1260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:56:02.0857 1260 aliide - ok
19:56:02.0919 1260 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:56:02.0935 1260 AMD External Events Utility - ok
19:56:02.0966 1260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:56:02.0966 1260 amdide - ok
19:56:02.0982 1260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:56:02.0997 1260 AmdK8 - ok
19:56:03.0278 1260 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
19:56:03.0528 1260 amdkmdag - ok
19:56:03.0590 1260 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
19:56:03.0590 1260 amdkmdap - ok
19:56:03.0606 1260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:56:03.0621 1260 AmdPPM - ok
19:56:03.0637 1260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:56:03.0652 1260 amdsata - ok
19:56:03.0684 1260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:56:03.0684 1260 amdsbs - ok
19:56:03.0715 1260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:56:03.0715 1260 amdxata - ok
19:56:03.0824 1260 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
19:56:03.0824 1260 ApfiltrService - ok
19:56:03.0886 1260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:56:03.0886 1260 AppID - ok
19:56:03.0949 1260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:56:03.0949 1260 AppIDSvc - ok
19:56:04.0027 1260 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
19:56:04.0027 1260 Appinfo - ok
19:56:04.0105 1260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:56:04.0105 1260 arc - ok
19:56:04.0152 1260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:56:04.0167 1260 arcsas - ok
19:56:04.0261 1260 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:56:04.0261 1260 aspnet_state - ok
19:56:04.0323 1260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:56:04.0323 1260 AsyncMac - ok
19:56:04.0354 1260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:56:04.0354 1260 atapi - ok
19:56:04.0448 1260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:56:04.0479 1260 AudioEndpointBuilder - ok
19:56:04.0510 1260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:56:04.0526 1260 AudioSrv - ok
19:56:04.0588 1260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:56:04.0604 1260 AxInstSV - ok
19:56:04.0682 1260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:56:04.0698 1260 b06bdrv - ok
19:56:04.0776 1260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:56:04.0776 1260 b57nd60a - ok
19:56:04.0978 1260 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
19:56:04.0994 1260 BCM43XX - ok
19:56:05.0088 1260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:56:05.0088 1260 BDESVC - ok
19:56:05.0134 1260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:56:05.0134 1260 Beep - ok
19:56:05.0244 1260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:56:05.0275 1260 BFE - ok
19:56:05.0322 1260 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
19:56:05.0368 1260 BITS - ok
19:56:05.0415 1260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:56:05.0415 1260 blbdrive - ok
19:56:05.0509 1260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:56:05.0524 1260 bowser - ok
19:56:05.0556 1260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:56:05.0556 1260 BrFiltLo - ok
19:56:05.0571 1260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:56:05.0571 1260 BrFiltUp - ok
19:56:05.0618 1260 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:56:05.0634 1260 BridgeMP - ok
19:56:05.0665 1260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:56:05.0680 1260 Browser - ok
19:56:05.0696 1260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:56:05.0712 1260 Brserid - ok
19:56:05.0727 1260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:56:05.0727 1260 BrSerWdm - ok
19:56:05.0743 1260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:56:05.0743 1260 BrUsbMdm - ok
19:56:05.0774 1260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:56:05.0774 1260 BrUsbSer - ok
19:56:05.0852 1260 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:56:05.0852 1260 BthEnum - ok
19:56:05.0883 1260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:56:05.0883 1260 BTHMODEM - ok
19:56:05.0930 1260 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:56:05.0930 1260 BthPan - ok
19:56:05.0977 1260 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:56:06.0008 1260 BTHPORT - ok
19:56:06.0039 1260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:56:06.0039 1260 bthserv - ok
19:56:06.0086 1260 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:56:06.0086 1260 BTHUSB - ok
19:56:06.0164 1260 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
19:56:06.0164 1260 BTWAMPFL - ok
19:56:06.0211 1260 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
19:56:06.0211 1260 btwaudio - ok
19:56:06.0258 1260 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\drivers\btwavdt.sys
19:56:06.0273 1260 btwavdt - ok
19:56:06.0382 1260 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:56:06.0429 1260 btwdins - ok
19:56:06.0460 1260 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
19:56:06.0460 1260 btwl2cap - ok
19:56:06.0492 1260 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
19:56:06.0507 1260 btwrchid - ok
19:56:06.0570 1260 catchme - ok
19:56:06.0616 1260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:56:06.0632 1260 cdfs - ok
19:56:06.0679 1260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:56:06.0694 1260 cdrom - ok
19:56:06.0772 1260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:56:06.0772 1260 CertPropSvc - ok
19:56:06.0819 1260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:56:06.0819 1260 circlass - ok
19:56:06.0866 1260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:56:06.0882 1260 CLFS - ok
19:56:06.0960 1260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:56:06.0960 1260 clr_optimization_v2.0.50727_32 - ok
19:56:06.0991 1260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:56:07.0006 1260 clr_optimization_v2.0.50727_64 - ok
19:56:07.0100 1260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:56:07.0100 1260 clr_optimization_v4.0.30319_32 - ok
19:56:07.0116 1260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:56:07.0131 1260 clr_optimization_v4.0.30319_64 - ok
19:56:07.0178 1260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:56:07.0194 1260 CmBatt - ok
19:56:07.0194 1260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:56:07.0209 1260 cmdide - ok
19:56:07.0272 1260 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
19:56:07.0287 1260 CNG - ok
19:56:07.0334 1260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:56:07.0334 1260 Compbatt - ok
19:56:07.0381 1260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:56:07.0381 1260 CompositeBus - ok
19:56:07.0412 1260 COMSysApp - ok
19:56:07.0428 1260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:56:07.0428 1260 crcdisk - ok
19:56:07.0490 1260 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll
19:56:07.0490 1260 CryptSvc - ok
19:56:07.0568 1260 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
19:56:07.0584 1260 CtClsFlt - ok
19:56:07.0646 1260 [ 88123E5A5572405DF6FE56E4A2A95BD4 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
19:56:07.0646 1260 dc3d - ok
19:56:07.0724 1260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch  C:\windows\system32\rpcss.dll
19:56:07.0755 1260 DcomLaunch - ok
19:56:07.0802 1260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:56:07.0818 1260 defragsvc - ok
19:56:07.0833 1260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:56:07.0833 1260 DfsC - ok
19:56:07.0864 1260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:56:07.0880 1260 Dhcp - ok
19:56:07.0911 1260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:56:07.0911 1260 discache - ok
19:56:07.0958 1260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:56:07.0958 1260 Disk - ok
19:56:07.0989 1260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:56:08.0005 1260 Dnscache - ok
19:56:08.0020 1260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:56:08.0036 1260 dot3svc - ok
19:56:08.0052 1260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:56:08.0067 1260 DPS - ok
19:56:08.0114 1260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:56:08.0114 1260 drmkaud - ok
19:56:08.0176 1260 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:56:08.0192 1260 DXGKrnl - ok
19:56:08.0254 1260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:56:08.0270 1260 EapHost - ok
19:56:08.0395 1260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:56:08.0488 1260 ebdrv - ok
19:56:08.0504 1260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:56:08.0504 1260 EFS - ok
19:56:08.0613 1260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:56:08.0644 1260 ehRecvr - ok
19:56:08.0676 1260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:56:08.0676 1260 ehSched - ok
19:56:08.0738 1260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:56:08.0754 1260 elxstor - ok
19:56:08.0785 1260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:56:08.0785 1260 ErrDev - ok
19:56:08.0847 1260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:56:08.0863 1260 EventSystem - ok
19:56:08.0925 1260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:56:08.0941 1260 exfat - ok
19:56:08.0972 1260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:56:08.0972 1260 fastfat - ok
19:56:09.0050 1260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:56:09.0081 1260 Fax - ok
19:56:09.0112 1260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:56:09.0112 1260 fdc - ok
19:56:09.0159 1260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:56:09.0159 1260 fdPHost - ok
19:56:09.0190 1260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:56:09.0190 1260 FDResPub - ok
19:56:09.0222 1260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:56:09.0222 1260 FileInfo - ok
19:56:09.0237 1260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:56:09.0237 1260 Filetrace - ok
19:56:09.0268 1260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:56:09.0268 1260 flpydisk - ok
19:56:09.0300 1260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:56:09.0300 1260 FltMgr - ok
19:56:09.0378 1260 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
19:56:09.0424 1260 FontCache - ok
19:56:09.0487 1260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:56:09.0487 1260 FontCache3.0.0.0 - ok
19:56:09.0502 1260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:56:09.0502 1260 FsDepends - ok
19:56:09.0549 1260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:56:09.0549 1260 Fs_Rec - ok
19:56:09.0596 1260 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:56:09.0612 1260 fvevol - ok
19:56:09.0643 1260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:56:09.0658 1260 gagp30kx - ok
19:56:09.0736 1260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:56:09.0768 1260 gpsvc - ok
19:56:09.0892 1260 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:56:09.0908 1260 gupdate - ok
19:56:09.0939 1260 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:56:09.0939 1260 gupdatem - ok
19:56:09.0986 1260 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:56:10.0002 1260 gusvc - ok
19:56:10.0033 1260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:56:10.0033 1260 hcw85cir - ok
19:56:10.0095 1260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:56:10.0095 1260 HdAudAddService - ok
19:56:10.0126 1260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:56:10.0126 1260 HDAudBus - ok
19:56:10.0142 1260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:56:10.0142 1260 HidBatt - ok
19:56:10.0158 1260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:56:10.0173 1260 HidBth - ok
19:56:10.0189 1260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:56:10.0189 1260 HidIr - ok
19:56:10.0220 1260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
19:56:10.0220 1260 hidserv - ok
19:56:10.0251 1260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:56:10.0251 1260 HidUsb - ok
19:56:10.0314 1260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:56:10.0314 1260 hkmsvc - ok
19:56:10.0345 1260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:56:10.0360 1260 HomeGroupListener - ok
19:56:10.0392 1260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:56:10.0392 1260 HomeGroupProvider - ok
19:56:10.0407 1260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:56:10.0423 1260 HpSAMD - ok
19:56:10.0470 1260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:56:10.0501 1260 HTTP - ok
19:56:10.0532 1260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:56:10.0532 1260 hwpolicy - ok
19:56:10.0563 1260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:56:10.0563 1260 i8042prt - ok
19:56:10.0610 1260 [ D469B77687E12FE43E344806740B624D ] iaStor  C:\windows\system32\DRIVERS\iaStor.sys
19:56:10.0610 1260 iaStor - ok
19:56:10.0688 1260 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:56:10.0688 1260 IAStorDataMgrSvc - ok
19:56:10.0750 1260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:56:10.0766 1260 iaStorV - ok
19:56:10.0828 1260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:56:10.0875 1260 idsvc - ok
19:56:10.0922 1260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:56:10.0922 1260 iirsp - ok
19:56:10.0969 1260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:56:11.0016 1260 IKEEXT - ok
19:56:11.0078 1260 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:56:11.0094 1260 IntcDAud - ok
19:56:11.0109 1260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:56:11.0109 1260 intelide - ok
19:56:11.0421 1260 [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd C:\windows\system32\DRIVERS\igdpmd64.sys
19:56:11.0671 1260 intelkmd - ok
19:56:11.0733 1260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:56:11.0733 1260 intelppm - ok
19:56:11.0796 1260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:56:11.0811 1260 IPBusEnum - ok
19:56:11.0842 1260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:56:11.0842 1260 IpFilterDriver - ok
19:56:11.0905 1260 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:56:11.0936 1260 iphlpsvc - ok
19:56:11.0952 1260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:56:11.0967 1260 IPMIDRV - ok
19:56:11.0998 1260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:56:11.0998 1260 IPNAT - ok
19:56:12.0030 1260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:56:12.0045 1260 IRENUM - ok
19:56:12.0061 1260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:56:12.0061 1260 isapnp - ok
19:56:12.0092 1260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:56:12.0108 1260 iScsiPrt - ok
19:56:12.0139 1260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:56:12.0139 1260 kbdclass - ok
19:56:12.0170 1260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:56:12.0170 1260 kbdhid - ok
19:56:12.0217 1260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:56:12.0217 1260 KeyIso - ok
19:56:12.0357 1260 [ 140692763A50BFFF322CDC076300587E ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
19:56:12.0388 1260 Kodak AiO Network Discovery Service - ok
19:56:12.0498 1260 [ E29F999616D7C08B0E91296908C47CAF ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
19:56:12.0529 1260 Kodak AiO Status Monitor Service - ok
19:56:12.0576 1260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:56:12.0576 1260 KSecDD - ok
19:56:12.0638 1260 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:56:12.0638 1260 KSecPkg - ok
19:56:12.0700 1260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:56:12.0700 1260 ksthunk - ok
19:56:12.0747 1260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:56:12.0747 1260 KtmRm - ok
19:56:12.0856 1260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
19:56:12.0856 1260 LanmanServer - ok
19:56:12.0919 1260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:56:12.0919 1260 LanmanWorkstation - ok
19:56:12.0981 1260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:56:12.0981 1260 lltdio - ok
19:56:13.0012 1260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:56:13.0028 1260 lltdsvc - ok
19:56:13.0044 1260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:56:13.0059 1260 lmhosts - ok
19:56:13.0200 1260 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:56:13.0215 1260 LMS - ok
19:56:13.0262 1260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:56:13.0262 1260 LSI_FC - ok
19:56:13.0309 1260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:56:13.0309 1260 LSI_SAS - ok
19:56:13.0340 1260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:56:13.0340 1260 LSI_SAS2 - ok
19:56:13.0356 1260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:56:13.0356 1260 LSI_SCSI - ok
19:56:13.0418 1260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:56:13.0434 1260 luafv - ok
19:56:13.0496 1260 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
19:56:13.0496 1260 MBAMProtector - ok
19:56:13.0605 1260 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:56:13.0621 1260 MBAMScheduler - ok
19:56:13.0699 1260 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:56:13.0730 1260 MBAMService - ok
19:56:13.0761 1260 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:56:13.0761 1260 Mcx2Svc - ok
19:56:13.0792 1260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:56:13.0792 1260 megasas - ok
19:56:13.0839 1260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:56:13.0855 1260 MegaSR - ok
19:56:13.0917 1260 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:56:13.0917 1260 MEIx64 - ok
19:56:13.0964 1260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:56:13.0980 1260 MMCSS - ok
19:56:13.0995 1260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:56:13.0995 1260 Modem - ok
19:56:14.0058 1260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:56:14.0058 1260 monitor - ok
19:56:14.0089 1260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:56:14.0104 1260 mouclass - ok
19:56:14.0151 1260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:56:14.0151 1260 mouhid - ok
19:56:14.0198 1260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:56:14.0198 1260 mountmgr - ok
19:56:14.0276 1260 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
19:56:14.0292 1260 MpFilter - ok
19:56:14.0307 1260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:56:14.0307 1260 mpio - ok
19:56:14.0338 1260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:56:14.0354 1260 mpsdrv - ok
19:56:14.0401 1260 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:56:14.0432 1260 MpsSvc - ok
19:56:14.0448 1260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:56:14.0463 1260 MRxDAV - ok
19:56:14.0494 1260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:56:14.0494 1260 mrxsmb - ok
19:56:14.0510 1260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:56:14.0526 1260 mrxsmb10 - ok
19:56:14.0557 1260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:56:14.0557 1260 mrxsmb20 - ok
19:56:14.0588 1260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:56:14.0588 1260 msahci - ok
19:56:14.0604 1260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:56:14.0604 1260 msdsm - ok
19:56:14.0635 1260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:56:14.0635 1260 MSDTC - ok
19:56:14.0682 1260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:56:14.0682 1260 Msfs - ok
19:56:14.0728 1260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:56:14.0728 1260 mshidkmdf - ok
19:56:14.0744 1260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:56:14.0744 1260 msisadrv - ok
19:56:14.0775 1260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:56:14.0791 1260 MSiSCSI - ok
19:56:14.0791 1260 msiserver - ok
19:56:14.0838 1260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:56:14.0838 1260 MSKSSRV - ok
19:56:14.0962 1260 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:56:14.0962 1260 MsMpSvc - ok
19:56:14.0994 1260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:56:14.0994 1260 MSPCLOCK - ok
19:56:15.0040 1260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:56:15.0040 1260 MSPQM - ok
19:56:15.0072 1260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:56:15.0087 1260 MsRPC - ok
19:56:15.0103 1260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:56:15.0103 1260 mssmbios - ok
19:56:15.0150 1260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:56:15.0150 1260 MSTEE - ok
19:56:15.0165 1260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:56:15.0165 1260 MTConfig - ok
19:56:15.0196 1260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:56:15.0196 1260 Mup - ok
19:56:15.0228 1260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:56:15.0259 1260 napagent - ok
19:56:15.0321 1260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:56:15.0337 1260 NativeWifiP - ok
19:56:15.0430 1260 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:56:15.0446 1260 NAUpdate - ok
19:56:15.0524 1260 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:56:15.0555 1260 NDIS - ok
19:56:15.0618 1260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:56:15.0618 1260 NdisCap - ok
19:56:15.0664 1260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:56:15.0664 1260 NdisTapi - ok
19:56:15.0711 1260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:56:15.0711 1260 Ndisuio - ok
19:56:15.0742 1260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:56:15.0742 1260 NdisWan - ok
19:56:15.0789 1260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:56:15.0789 1260 NDProxy - ok
19:56:15.0836 1260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:56:15.0836 1260 NetBIOS - ok
19:56:15.0852 1260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:56:15.0867 1260 NetBT - ok
19:56:15.0898 1260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:56:15.0898 1260 Netlogon - ok
19:56:15.0976 1260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:56:15.0992 1260 Netman - ok
19:56:16.0039 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:16.0054 1260 NetMsmqActivator - ok
19:56:16.0054 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:16.0070 1260 NetPipeActivator - ok
19:56:16.0086 1260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:56:16.0101 1260 netprofm - ok
19:56:16.0210 1260 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\windows\system32\DRIVERS\netr28ux.sys
19:56:16.0242 1260 netr28ux - ok
19:56:16.0257 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:16.0257 1260 NetTcpActivator - ok
19:56:16.0257 1260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:56:16.0273 1260 NetTcpPortSharing - ok
19:56:16.0351 1260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:56:16.0351 1260 nfrd960 - ok
19:56:16.0429 1260 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:56:16.0429 1260 NisDrv - ok
19:56:16.0522 1260 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:56:16.0538 1260 NisSrv - ok
19:56:16.0554 1260 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:56:16.0569 1260 NlaSvc - ok
19:56:16.0710 1260 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
19:56:16.0819 1260 NOBU - ok
19:56:16.0834 1260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:56:16.0834 1260 Npfs - ok
19:56:16.0850 1260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:56:16.0866 1260 nsi - ok
19:56:16.0881 1260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:56:16.0897 1260 nsiproxy - ok
19:56:16.0975 1260 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:56:17.0053 1260 Ntfs - ok
19:56:17.0131 1260 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\windows\system32\DRIVERS\NuidFltr.sys
19:56:17.0131 1260 NuidFltr - ok
19:56:17.0162 1260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:56:17.0162 1260 Null - ok
19:56:17.0178 1260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:56:17.0193 1260 nvraid - ok
19:56:17.0209 1260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:56:17.0224 1260 nvstor - ok
19:56:17.0271 1260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:56:17.0271 1260 nv_agp - ok
19:56:17.0287 1260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:56:17.0287 1260 ohci1394 - ok
19:56:17.0443 1260 [ E70194ABD72FDC776B73CB2334A0BD09 ] Orange update Core Service C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
19:56:17.0490 1260 Orange update Core Service - ok
19:56:17.0568 1260 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:56:17.0583 1260 ose - ok
19:56:17.0614 1260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:56:17.0614 1260 p2pimsvc - ok
19:56:17.0646 1260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:56:17.0661 1260 p2psvc - ok
19:56:17.0677 1260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:56:17.0692 1260 Parport - ok
19:56:17.0724 1260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:56:17.0724 1260 partmgr - ok
19:56:17.0755 1260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:56:17.0755 1260 PcaSvc - ok
19:56:17.0786 1260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:56:17.0786 1260 pci - ok
19:56:17.0802 1260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:56:17.0802 1260 pciide - ok
19:56:17.0833 1260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:56:17.0848 1260 pcmcia - ok
19:56:17.0864 1260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:56:17.0864 1260 pcw - ok
19:56:17.0895 1260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:56:17.0895 1260 PEAUTH - ok
19:56:18.0004 1260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:56:18.0020 1260 PerfHost - ok
19:56:18.0082 1260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:56:18.0129 1260 pla - ok
19:56:18.0207 1260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:56:18.0223 1260 PlugPlay - ok
19:56:18.0254 1260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:56:18.0254 1260 PNRPAutoReg - ok
19:56:18.0285 1260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:56:18.0285 1260 PNRPsvc - ok
19:56:18.0348 1260 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\windows\system32\DRIVERS\point64.sys
19:56:18.0348 1260 Point64 - ok
19:56:18.0379 1260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:56:18.0410 1260 PolicyAgent - ok
19:56:18.0472 1260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:56:18.0488 1260 Power - ok
19:56:18.0535 1260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:56:18.0550 1260 PptpMiniport - ok
19:56:18.0566 1260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:56:18.0566 1260 Processor - ok
19:56:18.0613 1260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:56:18.0628 1260 ProfSvc - ok
19:56:18.0644 1260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:56:18.0644 1260 ProtectedStorage - ok
19:56:18.0691 1260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:56:18.0691 1260 Psched - ok
19:56:18.0738 1260 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
19:56:18.0753 1260 PxHlpa64 - ok
19:56:18.0816 1260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:56:18.0894 1260 ql2300 - ok
19:56:18.0925 1260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:56:18.0925 1260 ql40xx - ok
19:56:18.0956 1260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:56:18.0972 1260 QWAVE - ok
19:56:18.0987 1260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:56:18.0987 1260 QWAVEdrv - ok
19:56:19.0159 1260 [ DE004C5857A45EB59FBFDC57AAA17026 ] RapportCerberus_51755 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys
19:56:19.0159 1260 RapportCerberus_51755 - ok
19:56:19.0221 1260 [ B0040B579E086B872893C3A87B657FCF ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
19:56:19.0237 1260 RapportEI64 - ok
19:56:19.0268 1260 [ 3E310D8B360BED2FF4175C02DF9C96C1 ] RapportKE64 C:\windows\system32\Drivers\RapportKE64.sys
19:56:19.0268 1260 RapportKE64 - ok
19:56:19.0377 1260 [ 975E3A0CBABDD7ABB326ECE6860F5EC8 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
19:56:19.0408 1260 RapportMgmtService - ok
19:56:19.0471 1260 [ 2FE40DF592F9236296783DC44B1556C3 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
19:56:19.0471 1260 RapportPG64 - ok
19:56:19.0486 1260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:56:19.0486 1260 RasAcd - ok
19:56:19.0549 1260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:56:19.0549 1260 RasAgileVpn - ok
19:56:19.0596 1260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:56:19.0611 1260 RasAuto - ok
19:56:19.0658 1260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:56:19.0658 1260 Rasl2tp - ok
19:56:19.0705 1260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:56:19.0736 1260 RasMan - ok
19:56:19.0783 1260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:56:19.0783 1260 RasPppoe - ok
19:56:19.0798 1260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:56:19.0798 1260 RasSstp - ok
19:56:19.0830 1260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:56:19.0845 1260 rdbss - ok
19:56:19.0861 1260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:56:19.0861 1260 rdpbus - ok
19:56:19.0892 1260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:56:19.0892 1260 RDPCDD - ok
19:56:19.0939 1260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:56:19.0939 1260 RDPENCDD - ok
19:56:19.0954 1260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:56:19.0970 1260 RDPREFMP - ok
19:56:20.0032 1260 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:56:20.0032 1260 RdpVideoMiniport - ok
19:56:20.0079 1260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:56:20.0079 1260 RDPWD - ok
19:56:20.0126 1260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:56:20.0142 1260 rdyboost - ok
19:56:20.0188 1260 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:56:20.0188 1260 RemoteAccess - ok
19:56:20.0251 1260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:56:20.0266 1260 RemoteRegistry - ok
19:56:20.0313 1260 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:56:20.0329 1260 RFCOMM - ok
19:56:20.0454 1260 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:56:20.0500 1260 RoxMediaDB12OEM - ok
19:56:20.0563 1260 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:56:20.0578 1260 RoxWatch12 - ok
19:56:20.0610 1260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:56:20.0610 1260 RpcEptMapper - ok
19:56:20.0641 1260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:56:20.0656 1260 RpcLocator - ok
19:56:20.0672 1260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:56:20.0688 1260 RpcSs - ok
19:56:20.0734 1260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:56:20.0734 1260 rspndr - ok
19:56:20.0812 1260 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
19:56:20.0812 1260 RSUSBSTOR - ok
19:56:20.0859 1260 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:56:20.0875 1260 RTL8167 - ok
19:56:20.0890 1260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:56:20.0890 1260 SamSs - ok
19:56:20.0968 1260 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:56:20.0968 1260 SASDIFSV - ok
19:56:21.0046 1260 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:56:21.0046 1260 SASKUTIL - ok
19:56:21.0078 1260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:56:21.0078 1260 sbp2port - ok
19:56:21.0124 1260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:56:21.0140 1260 SCardSvr - ok
19:56:21.0140 1260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:56:21.0156 1260 scfilter - ok
19:56:21.0187 1260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:56:21.0234 1260 Schedule - ok
19:56:21.0265 1260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:56:21.0265 1260 SCPolicySvc - ok
19:56:21.0280 1260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:56:21.0296 1260 SDRSVC - ok
19:56:21.0358 1260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:56:21.0358 1260 secdrv - ok
19:56:21.0390 1260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:56:21.0390 1260 seclogon - ok
19:56:21.0436 1260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
19:56:21.0436 1260 SENS - ok
19:56:21.0483 1260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:56:21.0483 1260 SensrSvc - ok
19:56:21.0514 1260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:56:21.0514 1260 Serenum - ok
19:56:21.0561 1260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:56:21.0561 1260 Serial - ok
19:56:21.0592 1260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:56:21.0592 1260 sermouse - ok
19:56:21.0639 1260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:56:21.0639 1260 SessionEnv - ok
19:56:21.0639 1260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:56:21.0655 1260 sffdisk - ok
19:56:21.0655 1260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:56:21.0655 1260 sffp_mmc - ok
19:56:21.0670 1260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:56:21.0670 1260 sffp_sd - ok
19:56:21.0686 1260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:56:21.0686 1260 sfloppy - ok
19:56:21.0795 1260 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:56:21.0873 1260 SftService - ok
19:56:21.0936 1260 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:56:21.0951 1260 SharedAccess - ok
19:56:21.0998 1260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:56:22.0029 1260 ShellHWDetection - ok
19:56:22.0060 1260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:56:22.0060 1260 SiSRaid2 - ok
19:56:22.0092 1260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:56:22.0092 1260 SiSRaid4 - ok
19:56:22.0154 1260 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:56:22.0170 1260 SkypeUpdate - ok
19:56:22.0216 1260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:56:22.0216 1260 Smb - ok
19:56:22.0294 1260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:56:22.0294 1260 SNMPTRAP - ok
19:56:22.0326 1260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:56:22.0326 1260 spldr - ok
19:56:22.0372 1260 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:56:22.0404 1260 Spooler - ok
19:56:22.0497 1260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:56:22.0606 1260 sppsvc - ok
19:56:22.0622 1260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:56:22.0622 1260 sppuinotify - ok
19:56:22.0653 1260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:56:22.0653 1260 srv - ok
19:56:22.0684 1260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:56:22.0700 1260 srv2 - ok
19:56:22.0716 1260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:56:22.0731 1260 srvnet - ok
19:56:22.0778 1260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:56:22.0794 1260 SSDPSRV - ok
19:56:22.0809 1260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:56:22.0825 1260 SstpSvc - ok
19:56:22.0918 1260 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:56:22.0934 1260 STacSV - ok
19:56:22.0965 1260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:56:22.0965 1260 stexstor - ok
19:56:23.0028 1260 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
19:56:23.0059 1260 STHDA - ok
19:56:23.0106 1260 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
19:56:23.0121 1260 StillCam - ok
19:56:23.0168 1260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:56:23.0215 1260 stisvc - ok
19:56:23.0277 1260 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
19:56:23.0277 1260 stllssvr - ok
19:56:23.0293 1260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:56:23.0308 1260 swenum - ok
19:56:23.0433 1260 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:56:23.0449 1260 SwitchBoard - ok
19:56:23.0496 1260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:56:23.0527 1260 swprv - ok
19:56:23.0605 1260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:56:23.0652 1260 SysMain - ok
19:56:23.0667 1260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:56:23.0667 1260 TabletInputService - ok
19:56:23.0714 1260 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\windows\system32\DRIVERS\taphss.sys
19:56:23.0714 1260 taphss - ok
19:56:23.0745 1260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:56:23.0761 1260 TapiSrv - ok
19:56:23.0776 1260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:56:23.0776 1260 TBS - ok
19:56:23.0886 1260 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:56:23.0964 1260 Tcpip - ok
19:56:24.0073 1260 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:56:24.0088 1260 TCPIP6 - ok
19:56:24.0151 1260 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:56:24.0151 1260 tcpipreg - ok
19:56:24.0182 1260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:56:24.0182 1260 TDPIPE - ok
19:56:24.0213 1260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:56:24.0213 1260 TDTCP - ok
19:56:24.0260 1260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:56:24.0260 1260 tdx - ok
19:56:24.0291 1260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:56:24.0291 1260 TermDD - ok
19:56:24.0338 1260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:56:24.0369 1260 TermService - ok
19:56:24.0385 1260 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:56:24.0401 1260 Themes - ok
19:56:24.0432 1260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:56:24.0432 1260 THREADORDER - ok
19:56:24.0479 1260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:56:24.0479 1260 TrkWks - ok
19:56:24.0541 1260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:56:24.0557 1260 TrustedInstaller - ok
19:56:24.0588 1260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:56:24.0603 1260 tssecsrv - ok
19:56:24.0650 1260 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:56:24.0650 1260 TsUsbFlt - ok
19:56:24.0697 1260 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:56:24.0713 1260 TsUsbGD - ok
19:56:24.0775 1260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:56:24.0775 1260 tunnel - ok
19:56:24.0853 1260 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
19:56:24.0853 1260 TurboB - ok
19:56:24.0978 1260 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:56:24.0978 1260 TurboBoost - ok
19:56:25.0009 1260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:56:25.0009 1260 uagp35 - ok
19:56:25.0040 1260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:56:25.0056 1260 udfs - ok
19:56:25.0103 1260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:56:25.0103 1260 UI0Detect - ok
19:56:25.0134 1260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:56:25.0134 1260 uliagpkx - ok
19:56:25.0181 1260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:56:25.0181 1260 umbus - ok
19:56:25.0212 1260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:56:25.0212 1260 UmPass - ok
19:56:25.0368 1260 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:56:25.0477 1260 UNS - ok
19:56:25.0508 1260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:56:25.0524 1260 upnphost - ok
19:56:25.0571 1260 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:56:25.0571 1260 usbaudio - ok
19:56:25.0617 1260 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:56:25.0617 1260 usbccgp - ok
19:56:25.0664 1260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:56:25.0680 1260 usbcir - ok
19:56:25.0711 1260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:56:25.0711 1260 usbehci - ok
19:56:25.0773 1260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:56:25.0789 1260 usbhub - ok
19:56:25.0820 1260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:56:25.0820 1260 usbohci - ok
19:56:25.0836 1260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
19:56:25.0836 1260 usbprint - ok
19:56:25.0851 1260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:56:25.0867 1260 USBSTOR - ok
19:56:25.0867 1260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:56:25.0867 1260 usbuhci - ok
19:56:25.0929 1260 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:56:25.0929 1260 usbvideo - ok
19:56:25.0961 1260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:56:25.0961 1260 UxSms - ok
19:56:25.0992 1260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:56:25.0992 1260 VaultSvc - ok
19:56:26.0039 1260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:56:26.0054 1260 vdrvroot - ok
19:56:26.0085 1260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:56:26.0117 1260 vds - ok
19:56:26.0132 1260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:56:26.0132 1260 vga - ok
19:56:26.0148 1260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:56:26.0163 1260 VgaSave - ok
19:56:26.0163 1260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:56:26.0179 1260 vhdmp - ok
19:56:26.0179 1260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:56:26.0195 1260 viaide - ok
19:56:26.0210 1260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:56:26.0210 1260 volmgr - ok
19:56:26.0226 1260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:56:26.0226 1260 volmgrx - ok
19:56:26.0257 1260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:56:26.0273 1260 volsnap - ok
19:56:26.0335 1260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:56:26.0335 1260 vsmraid - ok
19:56:26.0397 1260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:56:26.0475 1260 VSS - ok
19:56:26.0507 1260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:56:26.0507 1260 vwifibus - ok
19:56:26.0553 1260 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:56:26.0553 1260 vwififlt - ok
19:56:26.0600 1260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:56:26.0631 1260 W32Time - ok
19:56:26.0663 1260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:56:26.0663 1260 WacomPen - ok
19:56:26.0709 1260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:56:26.0709 1260 WANARP - ok
19:56:26.0725 1260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:56:26.0725 1260 Wanarpv6 - ok
19:56:26.0819 1260 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:56:26.0912 1260 WatAdminSvc - ok
19:56:26.0975 1260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:56:27.0053 1260 wbengine - ok
19:56:27.0084 1260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:56:27.0084 1260 WbioSrvc - ok
19:56:27.0099 1260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:56:27.0115 1260 wcncsvc - ok
19:56:27.0131 1260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:56:27.0146 1260 WcsPlugInService - ok
19:56:27.0162 1260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:56:27.0177 1260 Wd - ok
19:56:27.0224 1260 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:56:27.0255 1260 Wdf01000 - ok
19:56:27.0287 1260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:56:27.0287 1260 WdiServiceHost - ok
19:56:27.0287 1260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:56:27.0287 1260 WdiSystemHost - ok
19:56:27.0302 1260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:56:27.0302 1260 WebClient - ok
19:56:27.0318 1260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:56:27.0333 1260 Wecsvc - ok
19:56:27.0333 1260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:56:27.0349 1260 wercplsupport - ok
19:56:27.0380 1260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:56:27.0396 1260 WerSvc - ok
19:56:27.0443 1260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:56:27.0458 1260 WfpLwf - ok
19:56:27.0536 1260 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
19:56:27.0536 1260 WimFltr - ok
19:56:27.0583 1260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:56:27.0583 1260 WIMMount - ok
19:56:27.0599 1260 WinDefend - ok
19:56:27.0645 1260 WinHttpAutoProxySvc - ok
19:56:27.0708 1260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:56:27.0708 1260 Winmgmt - ok
19:56:27.0879 1260 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Users\Kev\Desktop\RealTemp\WinRing0x64.sys
19:56:27.0879 1260 WinRing0_1_2_0 - ok
19:56:27.0973 1260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:56:28.0051 1260 WinRM - ok
19:56:28.0145 1260 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:56:28.0145 1260 WinUsb - ok
19:56:28.0191 1260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:56:28.0223 1260 Wlansvc - ok
19:56:28.0285 1260 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:56:28.0301 1260 wlcrasvc - ok
19:56:28.0441 1260 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:56:28.0519 1260 wlidsvc - ok
19:56:28.0566 1260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:56:28.0566 1260 WmiAcpi - ok
19:56:28.0597 1260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:56:28.0613 1260 wmiApSrv - ok
19:56:28.0644 1260 WMPNetworkSvc - ok
19:56:28.0675 1260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:56:28.0675 1260 WPCSvc - ok
19:56:28.0706 1260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:56:28.0722 1260 WPDBusEnum - ok
19:56:28.0737 1260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:56:28.0753 1260 ws2ifsl - ok
19:56:28.0769 1260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
19:56:28.0769 1260 wscsvc - ok
19:56:28.0815 1260 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
19:56:28.0831 1260 WSDPrintDevice - ok
19:56:28.0831 1260 WSearch - ok
19:56:28.0940 1260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:56:29.0003 1260 wuauserv - ok
19:56:29.0049 1260 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:56:29.0049 1260 WudfPf - ok
19:56:29.0096 1260 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:56:29.0112 1260 WUDFRd - ok
19:56:29.0143 1260 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:56:29.0159 1260 wudfsvc - ok
19:56:29.0221 1260 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
19:56:29.0221 1260 WwanSvc - ok
19:56:29.0268 1260 ================ Scan global ===============================
19:56:29.0299 1260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:56:29.0346 1260 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:56:29.0361 1260 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:56:29.0393 1260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:56:29.0424 1260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:56:29.0439 1260 [Global] - ok
19:56:29.0439 1260 ================ Scan MBR ==================================
19:56:29.0455 1260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:56:29.0720 1260 \Device\Harddisk0\DR0 - ok
19:56:29.0720 1260 ================ Scan VBR ==================================
19:56:29.0736 1260 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
19:56:29.0736 1260 \Device\Harddisk0\DR0\Partition1 - ok
19:56:29.0751 1260 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
19:56:29.0751 1260 \Device\Harddisk0\DR0\Partition2 - ok
19:56:29.0751 1260 ============================================================
19:56:29.0751 1260 Scan finished
19:56:29.0751 1260 ============================================================
19:56:29.0767 3528 Detected object count: 0
19:56:29.0767 3528 Actual detected object count: 0
19:58:01.0121 2276 Deinitialize success


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## kevhatch (Jun 20, 2005)

OTL logfile created on: 22/06/2013 20:27:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.91 Gb Total Physical Memory | 6.62 Gb Available Physical Memory | 83.69% Memory free
15.82 Gb Paging File | 14.48 Gb Available in Paging File | 91.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 344.52 Gb Free Space | 76.39% Space Free | Partition Type: NTFS

Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/22 20:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
PRC - [2012/11/29 11:25:50 | 000,561,320 | ---- | M] () -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
PRC - [2012/11/16 08:57:12 | 001,530,520 | ---- | M] (Orange) -- C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/29 11:25:50 | 000,561,320 | ---- | M] () -- C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
MOD - [2011/09/15 06:52:16 | 000,978,958 | ---- | M] () -- C:\Program Files (x86)\Orange\Orange Installer\libstdc++-6.dll
MOD - [2011/09/15 06:52:16 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Orange\Orange Installer\libgcc_s_dw2-1.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/12/05 23:11:58 | 000,235,520 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:*64bit:* - [2011/05/27 20:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:*64bit:* - [2011/01/13 22:56:40 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:*64bit:* - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:*64bit:* - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/11 18:33:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/02 13:15:56 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/09/18 15:33:48 | 001,082,016 | ---- | M] (France Telecom SA) [Disabled | Stopped] -- C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/02/01 20:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 20:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/13 01:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 19:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/04/30 01:28:50 | 000,236,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:*64bit:* - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:*64bit:* - [2013/01/22 09:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:*64bit:* - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:*64bit:* - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2012/01/05 00:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:*64bit:* - [2011/12/05 23:45:42 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:*64bit:* - [2011/12/05 22:12:16 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:*64bit:* - [2011/08/18 23:40:08 | 004,719,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:*64bit:* - [2011/08/18 23:39:52 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:*64bit:* - [2011/08/18 23:39:52 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:*64bit:* - [2011/08/18 23:39:50 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:*64bit:* - [2011/08/18 23:39:50 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:*64bit:* - [2011/08/18 23:39:50 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:*64bit:* - [2011/08/01 08:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:*64bit:* - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/06/09 23:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/05/27 20:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:*64bit:* - [2011/04/01 04:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2011/03/25 19:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/01/13 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:*64bit:* - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/10/30 01:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2010/10/15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:*64bit:* - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:*64bit:* - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:*64bit:* - [2009/06/10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/04/30 01:28:50 | 000,229,040 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2013/04/02 13:16:10 | 000,357,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2013/04/01 12:37:40 | 000,586,072 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys -- (RapportCerberus_51755)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/26 23:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\Kev\Desktop\RealTemp\WinRing0x64.sys -- (WinRing0_1_2_0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 9A F4 8C 9C 1B CE 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms}
IE - HKCU\..\SearchScopes\{D1E3A503-9784-4D57-BFF5-341566194A8C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: "Orange"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: [email protected]:0.1.8
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:4.3.4.0
FF - prefs.js..extensions.enabledAddons: {4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}:1.2.5.0
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:1.0.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.1
FF - prefs.js..keyword.URL: "http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..searchreset.backup.keyword.URL: "http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="

FF - user.js..browser.search.selectedEngine: "Orange"
FF - user.js..keyword.URL: "http://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kev\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/02 14:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/23 12:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.1\extensions\\Components: C:\Program Files (x86)\Pale Moon\components [2013/05/24 13:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.1\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins

[2012/01/13 18:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Extensions
[2013/06/13 16:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions
[2012/10/26 12:19:36 | 000,000,000 | ---D | M] (Plugin Orange Installeur) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}
[2013/04/17 10:39:49 | 000,000,000 | ---D | M] (Menu Contextuel Orange) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\[email protected]
[2013/04/17 10:41:49 | 000,000,000 | ---D | M] (barre d'outils Orange) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\[email protected]
[2013/05/08 09:54:54 | 000,076,049 | ---- | M] () (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\[email protected]
[2012/10/03 09:15:55 | 000,235,457 | ---- | M] () (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\[email protected]
[2012/09/13 04:22:31 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\[email protected]
[2012/08/19 21:24:20 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2012/11/29 18:31:53 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012/11/16 09:53:22 | 000,001,130 | ---- | M] () -- C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\searchplugins\orange.xml
[2013/06/13 16:12:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/23 12:20:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/23 12:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/23 12:20:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/13 05:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 05:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 05:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/06/22 17:54:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:*64bit:* - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2:*64bit:* - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [OrangeInside] C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (Orange)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:*64bit:* - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\AddFavorites_html\AddFavorites.html ()
O8:*64bit:* - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html ()
O8:*64bit:* - Extra context menu item: envoyer par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html ()
O8:*64bit:* - Extra context menu item: envoyer un mail - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html ()
O8:*64bit:* - Extra context menu item: orange.fr - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html ()
O8:*64bit:* - Extra context menu item: rechercher le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html ()
O8:*64bit:* - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:*64bit:* - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:*64bit:* - Extra context menu item: traduire la page - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html ()
O8:*64bit:* - Extra context menu item: traduire le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\AddFavorites_html\AddFavorites.html ()
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html ()
O8 - Extra context menu item: envoyer par sms - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html ()
O8 - Extra context menu item: envoyer un mail - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html ()
O8 - Extra context menu item: orange.fr - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html ()
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: traduire la page - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html ()
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html ()
O9:*64bit:* - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:*64bit:* - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://supportapj.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E805C4F-A592-4AB7-BFD3-5DF9686384C6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54543B6E-98B0-4C14-979B-27DFDD85C392}: DhcpNameServer = 192.168.1.1
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:*64bit:* - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:*64bit:* - Protocol\Filter\text/xml - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/22 20:27:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
[2013/06/22 19:55:31 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kev\Desktop\tdsskiller.exe
[2013/06/22 18:01:14 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/06/22 17:54:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/22 17:45:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/22 17:45:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/22 17:45:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/22 17:42:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/22 17:42:28 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/22 17:41:36 | 005,082,201 | R--- | C] (Swearware) -- C:\Users\Kev\Desktop\puppy.exe
[2013/06/22 15:27:54 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kev\Desktop\dds.scr
[2013/06/22 11:35:37 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{2D1A1D9D-F1B4-4642-9C91-E82243E87169}
[2013/06/21 23:35:14 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{69DB043A-3B7F-4ACA-B97E-A1FB4BCC01B8}
[2013/06/21 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{147108A9-9358-429B-B142-960BCE845C0B}
[2013/06/20 23:11:07 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{423E0B71-8728-4BDE-84F8-C0D6364CEA12}
[2013/06/20 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{6A314A83-C697-443D-AF96-D887BA2C129E}
[2013/06/19 23:10:11 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{A93F2BE5-2DB0-42DD-9B41-94E8DC78D540}
[2013/06/19 11:09:49 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{4D9D670D-F1A0-47EB-9628-BF0B0ABA6413}
[2013/06/18 23:09:14 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{49306D97-73B4-40FF-BDEB-A02BBD116900}
[2013/06/18 11:08:51 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{D621CA0E-5D67-45D4-AF95-D3194A29B6DC}
[2013/06/17 11:16:26 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{A26358E9-238A-49CD-928F-087C6860BBFE}
[2013/06/16 23:15:52 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{F7133418-C3CE-4DC4-AC93-93DE0D310CFD}
[2013/06/16 11:15:28 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{4AB49111-1424-4757-A4B9-E5585F27334B}
[2013/06/16 09:43:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/16 09:43:13 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/15 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{E25F9E2C-EF04-43BD-BC6D-F49AC7EAB462}
[2013/06/14 19:10:54 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{9C06BC50-E3AE-46B8-8712-D7204967B102}
[2013/06/14 17:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/06/13 22:59:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kev\Desktop\HijackThis.exe
[2013/06/13 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{2B95C7DE-F613-4688-BE2F-D08FC40FBBDC}
[2013/06/13 03:52:29 | 000,000,000 | ---D | C] -- C:\a59e14d750f863bc49e8f3a81ff2
[2013/06/13 03:41:06 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/06/13 03:41:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/06/13 03:41:06 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/06/13 03:41:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/06/13 03:41:06 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/06/13 03:41:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/06/13 03:41:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/13 03:40:56 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/06/13 03:40:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/06/13 03:40:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/06/13 03:40:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/06/13 03:40:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/06/13 03:40:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/06/12 11:47:53 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/06/12 11:47:53 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/06/12 11:47:49 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll
[2013/06/12 11:47:49 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll
[2013/06/12 11:47:41 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/06/12 11:47:31 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe
[2013/06/12 11:47:30 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/06/12 11:47:30 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe
[2013/06/12 11:47:30 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/06/12 11:47:29 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll
[2013/06/12 11:47:29 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll
[2013/06/12 11:47:18 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/06/12 11:47:18 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/06/12 11:39:04 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{D2566590-72B0-4E84-A27E-1002C0AF27E6}
[2013/06/11 18:33:00 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/06/11 18:33:00 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/11 12:01:35 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{B200BC73-0B7D-4F6A-A67E-3B1EA993061A}
[2013/06/09 12:18:10 | 000,000,000 | ---D | C] -- C:\Temp
[2013/06/09 07:58:18 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{8054621E-83F9-422C-AD39-D251B45833D9}
[2013/06/08 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{BA1FDEB4-3626-44C7-A9CF-D1AC089AF458}
[2013/06/08 19:07:58 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\U3
[2013/06/08 17:31:02 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\SUPERAntiSpyware.com
[2013/06/08 17:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/06/08 17:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/06/08 17:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/08 16:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/08 16:52:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/08 16:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/08 15:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/06/08 15:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/06/08 02:50:23 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2013/06/08 01:20:59 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/06/08 01:20:36 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Deployment
[2013/06/08 01:20:36 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Apps
[2013/06/07 19:45:07 | 000,000,000 | --SD | C] -- C:\windows\SysWow64\Microsoft
[2013/06/07 15:08:17 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\Dell Edoc Viewer
[2013/06/07 11:06:12 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{0DB58CC7-0D11-4063-9353-717696765A47}
[2013/06/06 22:55:37 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{9D9FB65E-E1AF-42AF-B611-05BC7DD53463}
[2013/06/06 10:55:26 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{89754290-15C0-4749-A587-E70EF8471670}
[2013/06/05 22:55:16 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{1B7C0C92-6878-446A-8AE9-16DB590E8581}
[2013/06/05 10:55:04 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{4DC256D5-4209-4981-8C7C-24E7731F6E39}
[2013/06/04 16:34:09 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{466C021B-A61C-4A0A-B4B3-E52AAB425291}
[2013/06/04 04:33:58 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{B8B4F4B0-62ED-4949-8804-DD2705F63AC5}
[2013/06/03 16:33:47 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{ECB80A13-487D-4989-B9A7-2564B18F025C}
[2013/06/03 04:33:36 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{1F194380-82E8-40D9-ACFC-04D6D853574F}
[2013/06/02 16:33:13 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{00D21EEE-7331-471E-A5C8-050683AB404F}
[2013/06/02 04:32:49 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{4516EFA5-8C79-4653-9695-A5093B2D957F}
[2013/06/01 16:32:38 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{39FA085B-0107-4FE8-8EF5-89F2AB00FE30}
[2013/06/01 04:32:27 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{2A7BC3FC-B0B2-40EB-8FEA-ADB1212EFCC1}
[2013/05/31 16:32:16 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{AAB951CA-1CA0-4768-8832-C9A094BE0EA4}
[2013/05/30 23:52:26 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{53F82B4B-71B1-4CE9-93EE-2406C8A8D202}
[2013/05/30 11:52:15 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{2E5DD52D-BEA0-48A9-B2F1-A9F4B6026AA7}
[2013/05/29 12:35:40 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{E9E27BC4-13A6-4BEF-B7A1-6D8E72AEB2BF}
[2013/05/29 00:35:02 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{DFACD7F0-F0E8-44A3-9CEF-CE7428A3A9F4}
[2013/05/28 12:34:38 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{EF3D86E1-8AEE-4116-A5A4-DF400E451A17}
[2013/05/28 00:34:16 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{9A249CB3-837B-402E-AD1C-3991A5C447B1}
[2013/05/27 12:33:54 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{AC6F2090-34D2-4AB3-9650-52C4C75B3E15}
[2013/05/27 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{57059132-59FD-4376-B729-6A83413DF794}
[2013/05/26 12:32:56 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{E2D6DC44-41D8-4E79-A6A8-340484BC7ED7}
[2013/05/26 00:32:22 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{1D2D029B-E90F-47B6-BD70-1915C2F66A87}
[2013/05/25 12:31:59 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{07A95709-BA36-4BEF-884C-D9C541306D62}
[2013/05/25 00:31:37 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{B3209DCA-DE9E-430A-B12F-B4C65010262F}
[2013/05/24 12:31:15 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{036C81F7-0C57-4A9D-A888-626EFDF42E94}
[2013/05/24 00:30:53 | 000,000,000 | ---D | C] -- C:\Users\Kev\AppData\Local\{FABD3777-E98F-4F4C-BBEB-0C7D8A398718}

========== Files - Modified Within 30 Days ==========

[2013/06/22 20:27:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kev\Desktop\OTL.exe
[2013/06/22 20:23:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/22 19:55:32 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kev\Desktop\tdsskiller.exe
[2013/06/22 19:55:00 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/22 19:28:55 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/22 19:28:55 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/22 19:27:34 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/22 19:27:34 | 000,664,780 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/22 19:27:34 | 000,125,484 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/22 19:22:23 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/22 19:20:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/22 19:19:57 | 2075,037,695 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/22 18:01:03 | 000,000,920 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA.job
[2013/06/22 17:54:54 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/06/22 17:41:44 | 005,082,201 | R--- | M] (Swearware) -- C:\Users\Kev\Desktop\puppy.exe
[2013/06/22 15:33:50 | 000,377,856 | ---- | M] () -- C:\Users\Kev\Desktop\o8jl4ewh.exe
[2013/06/22 15:27:42 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kev\Desktop\dds.scr
[2013/06/22 00:01:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core.job
[2013/06/13 22:59:34 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kev\Desktop\HijackThis.exe
[2013/06/11 18:33:00 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/06/11 18:33:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/08 17:31:01 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/08 16:52:19 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/08 15:43:42 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/06/08 15:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/06/08 12:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/06/02 14:42:21 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/01 17:50:37 | 000,006,656 | ---- | M] () -- C:\Users\Kev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/01 14:38:33 | 000,002,002 | ---- | M] () -- C:\Users\Kev\Desktop\FileZilla Client.lnk
[2013/05/24 13:04:38 | 000,019,766 | ---- | M] () -- C:\Users\Kev\Documents\cc_20130524_130413.reg

========== Files Created - No Company Name ==========

[2013/06/22 17:45:33 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/22 17:45:33 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/22 17:45:33 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/22 17:45:33 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/22 17:45:33 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/06/22 15:33:56 | 000,377,856 | ---- | C] () -- C:\Users\Kev\Desktop\o8jl4ewh.exe
[2013/06/11 18:33:01 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/08 17:31:01 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/08 16:52:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/08 15:43:34 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/06/07 15:05:58 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/06/02 14:42:21 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/02 14:42:21 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/24 13:04:20 | 000,019,766 | ---- | C] () -- C:\Users\Kev\Documents\cc_20130524_130413.reg
[2013/02/13 00:07:58 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2013/02/13 00:07:54 | 000,204,960 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/02/13 00:07:54 | 000,157,152 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/02/13 00:07:52 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/12/27 02:09:42 | 000,007,597 | ---- | C] () -- C:\Users\Kev\AppData\Local\Resmon.ResmonCfg
[2012/08/23 00:19:16 | 000,000,075 | RHS- | C] () -- C:\windows\CT4CET.bin
[2012/06/08 09:49:05 | 000,000,132 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/06/08 09:18:38 | 000,000,132 | ---- | C] () -- C:\Users\Kev\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/14 14:59:45 | 000,006,656 | ---- | C] () -- C:\Users\Kev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/21 09:11:39 | 000,798,720 | ---- | C] () -- C:\Users\Kev\GestureMouseSession.etl
[2012/02/15 12:57:27 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/12/05 23:04:00 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/12/05 23:03:52 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/11/21 07:57:51 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/11/21 07:57:50 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/11/21 07:57:50 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/11/21 07:56:10 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/21 07:55:45 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/21 07:55:45 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/21 07:55:45 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/21 07:55:45 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/21 07:55:45 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/11/21 06:45:26 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/11/21 06:40:36 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/11/21 06:39:32 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011/11/21 06:35:38 | 000,764,746 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/29 12:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 12:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/02/18 12:26:04 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?ª) -- C:\windows\SysNative\훀ª
[2012/02/18 12:26:04 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?ª) -- C:\windows\SysNative\훀ª

========== Alternate Data Streams ==========

@Alternate Data Stream - 689 bytes -> C:\Users\Kev\Documents\Andy and Maya.eml:OECustomProperty

< End of report >


----------



## kevhatch (Jun 20, 2005)

OTL Extras logfile created on: 22/06/2013 20:27:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kev\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.91 Gb Total Physical Memory | 6.62 Gb Available Physical Memory | 83.69% Memory free
15.82 Gb Paging File | 14.48 Gb Available in Paging File | 91.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 344.52 Gb Free Space | 76.39% Space Free | Partition Type: NTFS

Computer Name: KEV-PC | User Name: Kev | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D787007-7205-4E12-A197-33E430DD2BFB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2CCDF676-2800-4660-B7D5-BF06F0E8ED77}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34FF8292-2016-46C9-B897-A769FCAE1782}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{37433ADE-FFC1-493C-8A2E-A2E1EE8DCB4A}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | 
"{499E0F54-D26D-4D3F-AD39-1519F316911C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4A423FA7-BB99-463A-812E-0997980AD123}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{522D4D6B-2525-4727-91C6-5CC7AC03F6B9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5A440C27-0972-4FF9-8112-C90D16458210}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5F68CCC5-AD61-4CDE-B21F-2860F268ADF9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{60863A38-AB96-4FD3-9A8E-82CB7933A4F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{614B72F0-8021-4779-AC1F-D90632EDDFB1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{64CE71A8-B923-4DDE-A8C8-18B7008C582C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{656A9171-B5BB-4FD6-A0EA-0E79E5C9DAA0}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | 
"{7371EAA7-A2FF-4014-B1A0-A68339C09660}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{770B8F0F-D62D-459F-8337-A2E5431C1FF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{7901CBD8-17F2-43D5-9A40-7D553DEC12E0}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | 
"{7E90F685-FE92-4C56-9258-20AFB03451A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81C1D773-0D6C-4AB3-BDF7-B217D4B9FD66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85B4B413-64F3-453F-9CF6-B99CE2FE19A4}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{8B7600CD-8672-4793-AAD6-9428A8784820}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97956B50-015C-4554-883C-5B21684F1068}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9E801AAE-6471-49CD-9DE9-98A1F2B3D326}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9E91481F-9619-4898-843C-349873010DA5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A46F2DA8-A39C-4001-BE7F-7DC741D77C82}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B27F415D-F65C-46AD-BCFE-3C52DFC9D7F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD88FE4F-0724-4917-8930-384A80B2798B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DEBDC415-2586-4B99-BF83-9CA402F9BEAA}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | 
"{E49D5CEC-107B-47B7-9EA7-DB0A3FB2BB4E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E5EA4DC2-36D2-4FB4-8E8A-21DC3FE2DB3A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EC111F66-1748-4917-818C-E7A0B1768479}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | 
"{ED3A3815-A456-4013-8C6F-EB4FB25B464F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0383B0D5-10CB-4DD4-8374-E2F1E4D1FC00}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\orange installer\orangeinstaller.exe | 
"{0A972C05-68EC-498A-B492-8E2A9AB848F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0AC7B3FA-EB23-4D50-8A19-33E8A5BF1C90}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{0B208BF3-CDCE-4B08-9CAE-538A1CC8A363}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{150055D5-697C-4DCC-AD00-F3A02700EEEC}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\orangeupdate\service\oucore.exe | 
"{193DEE9F-BC7A-4C49-A295-3E83F66314E6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{194CC6DA-CF26-4A7E-8CED-1D5707F993DB}" = protocol=1 | dir=out | [email protected],-28544 | 
"{1AB03D89-E550-40A1-A0E7-5CCA25CD8A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{2340397F-6B97-4170-8B43-F444E59AA80D}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{2AAA5364-2C1E-456A-9A43-4058F954F41B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | 
"{31169EC5-F454-4839-B722-F9BAF9736317}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3202D2F7-1648-45A1-B083-C4DD908E121B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A7234F8-D4FC-401E-832A-771C5357BC7C}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | 
"{5021163B-1280-4F61-A583-D67CCB5EF3E7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{50D7399F-BCE6-47E9-8892-12BB61C5EEC1}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{51EED0C7-EAA5-44F8-B5DC-B48D2DF2B403}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5450C8FC-03E8-4A85-A79F-39E64AF05181}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{574A8C86-FA78-4A00-AB11-0A0D2ADC34DE}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{5772EB96-E264-4D55-8B67-37D1AB7B8477}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6290F1DA-9A62-4ACA-9DC8-6A32ECFF9F0A}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\orange installer\orangeinstaller.exe | 
"{65912C48-7FA1-46D3-8652-25662E8FE18B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{65D01558-F325-4071-A640-D0D291A65624}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | 
"{6BB305DB-46D7-4226-A3BB-916ADD9E961A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{6E5E1034-B629-486A-B56A-2BA5070ED801}" = dir=in | app=c:\users\kev\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{73FF1E01-28AD-4875-B44B-A9051B0BAB20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{76B2B139-022A-45D2-A3C2-D56EDB253FB9}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{77A437D1-FF08-4253-AB63-B439AFA29537}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | 
"{7D69DFF9-667E-41AC-81C6-E1A78663089C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{7FC79099-191F-41AE-B9A3-7A638D382450}" = protocol=6 | dir=out | app=system | 
"{82A33787-6140-4F7E-BDE0-D0207E2AF97C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83FF3332-377A-41D0-B4DB-97E49FA6061A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{879C01BE-4BD2-491D-9085-271AD5FEA846}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | 
"{894D791F-3EFB-445A-84BA-E7B8E7F5D644}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8CB69254-62CE-448B-8C24-7160FAD2E968}" = protocol=6 | dir=in | app=d:\fscommand\cksocketserver.exe | 
"{98153A91-0236-40FF-9864-9D1A24A51B2D}" = protocol=58 | dir=in | [email protected],-28545 | 
"{9E456A2E-FE28-4392-870E-E882F65031B3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A3DD30E9-839F-414C-BB77-7BDAC44CB878}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB69662A-867B-4EFB-8F81-C49A0F2733BE}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\orange installer\orangeinstaller.exe | 
"{AC534BF9-8388-4843-AE66-9E02D78B41A7}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\orangeupdate\service\oucore.exe | 
"{B23AC88D-970B-4018-A9D1-37E10356CB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | 
"{B451BD36-08D3-45F0-A6E6-353B427E2FAC}" = protocol=17 | dir=in | app=d:\fscommand\cksocketserver.exe | 
"{B4CDDBB8-F765-4ECB-A476-95F3B4B6FD34}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{BA3261C8-9886-44B5-A2C7-01DD38C42BB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BEE6ABEA-3BA2-4A7C-AB0E-F8FF7887DEE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C00084A6-6D41-40BD-AF0E-FA39FA82FCB0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | 
"{C36AD1F6-AE04-46DF-8AC9-1322C553B5E9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{C5105F44-4EBF-47BF-9C61-CFF029E09D86}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\orangeupdate\service\oucore.exe | 
"{C8955B53-3865-4F15-BA11-B14273D26097}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C90D0CF4-0AE5-409B-91EA-137BA4B471C5}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | 
"{CB434DE2-F92C-4C54-98F8-27AEB5B37F8F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D7DD6AC4-8615-47CE-82DA-E6369C1452F2}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | 
"{D8080D23-FE3F-43B8-88D9-2B6D16AFE67D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{E68130A6-8711-441D-A446-4F3D964B85B2}" = protocol=17 | dir=in | app=c:\program files (x86)\orange\orange installer\orangeinstaller.exe | 
"{E77A1F82-8266-4151-9E42-69918A333B50}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{E8A460A7-6579-48DC-BD54-19BF2CB3B9D3}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | 
"{EA43459B-3D6E-4E59-8C31-FDBD32078C85}" = protocol=58 | dir=out | [email protected],-28546 | 
"{EF528D7B-88B7-43C2-93E9-D43FBF9786E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F1869BB7-05A2-46FD-9D3F-8A0AB0592855}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F1EEB658-2A19-4E04-80C9-C980CCF92C8D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FEB3FBAE-EB0B-4EFF-99A8-3215E70B3CBA}" = protocol=6 | dir=in | app=c:\program files (x86)\orange\orangeupdate\service\oucore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{08FD30B6-93F1-506E-F0DD-48E6229FF570}" = AMD Catalyst Install Manager
"{0E01D636-BF85-782A-10DE-2AF71B2D1958}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2DB2044D-CA7F-75C4-35DD-2DF9BED7602B}" = AMD AVIVO64 Codecs
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17083D41-15B2-CCE3-8138-1260CE70C3A2}" = PX Profile Update
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B4ED35F-DB51-D134-9E79-430E4D58EF8E}" = CCC Help Finnish
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{42410FB4-DFA6-FFEF-1630-AB32E67ED424}" = CCC Help Chinese Standard
"{466B3057-81D9-EA2F-C6EF-CA107667BD9D}" = CCC Help Korean
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49B5093C-B5E6-C017-38F7-CFF2B1804E1F}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FDDD8FF-A5EE-EF19-21A6-6379C181FE7C}" = CCC Help English
"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F2F5A2-F0E4-4425-7A19-768C3ED5D732}" = Catalyst Control Center Localization All
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C5694C9-5658-77F5-E050-4EEC6DE29F77}" = CCC Help Portuguese
"{7D6087C3-EF30-143E-2D3A-BE403F37CF80}" = CCC Help Dutch
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DD427DD-1BCA-E587-0C70-95A893241631}" = CCC Help Chinese Traditional
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D230B5-207C-4EE7-D157-E772691EAC16}" = CCC Help French
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A047FE02-C91C-41CB-898C-4ED21B86025A}" = ToolbarFR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFB21317-F698-F366-2E8E-B0FDC594D121}" = Catalyst Control Center Profiles Mobile
"{B0DF7A37-14DC-226E-59E5-13C0C4DEC1EB}" = Catalyst Control Center
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C38C7AFD-3DA6-B485-DDC2-C3E7832CB047}" = CCC Help Russian
"{C3A31504-5E02-F6B3-FA2E-2EEC2F24251C}" = CCC Help Italian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C865D11F-C5E4-0C59-59A8-86CDCFC9CD4F}" = PX Profile Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3DA6ECE-E5C1-35BE-759D-B9315757E7ED}" = CCC Help Danish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8696AC8-5A26-F0F0-D97E-956032DAD373}" = CCC Help Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{D976713C-6EB9-BFFA-EBA5-CF490E126FE9}" = CCC Help Swedish
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E2850FD4-1B2A-89C2-51DB-B9921DF27F4B}" = CCC Help German
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6329B6D-1E66-5677-4E75-34FB4BBECEF2}" = CCC Help Spanish
"{FC5F025B-A455-C0D0-F35F-7197003B543C}" = Catalyst Control Center InstallProxy
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Assistance Livebox" = Assistance Livebox
"CometBird 11.0 (x86 en-US)" = CometBird 11.0 (x86 en-US)
"Dell Webcam Central" = Dell Webcam Central
"Encrypt Files_is1" = Encrypt Files v1.5
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage 
"MailNotifier" = Notification Mail
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Orange Installer" = Orange Installer
"OrangeUpdateManager" = Orange update
"Pale Moon 20.1 (x86 en-US)" = Pale Moon 20.1 (x86 en-US)
"Picasa 3" = Picasa 3
"PrintProjects" = PrintProjects
"Rapport_msi" = Rapport
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"FileZilla Client" = FileZilla Client 3.7.0.2
"Orange Inside" = Orange Inside

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/06/2013 08:11:34 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 07/06/2013 08:11:34 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 07/06/2013 08:11:34 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 07/06/2013 08:11:34 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07/06/2013 08:11:35 | Computer Name = Kev-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/06/2013 08:11:36 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 07/06/2013 08:11:36 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 07/06/2013 08:11:36 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 07/06/2013 08:11:36 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 07/06/2013 08:12:43 | Computer Name = Kev-PC | Source = Windows Search Service | ID = 1006
Description =

[ Dell Events ]
Error - 14/02/2012 05:47:39 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/02/2012 07:54:09 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/02/2012 07:54:09 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/02/2012 10:13:37 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/02/2012 10:13:37 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/02/2012 11:37:36 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/02/2012 11:37:36 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 18/02/2012 09:49:42 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 18/02/2012 09:49:42 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 23/03/2012 11:33:40 | Computer Name = Kev-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 07/08/2012 16:18:28 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 9:18:28 PM - Error connecting to the internet. 9:18:28 PM - Unable
to contact server..

Error - 07/08/2012 17:18:33 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 10:18:33 PM - Error connecting to the internet. 10:18:33 PM - Unable
to contact server..

Error - 07/08/2012 17:18:38 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 10:18:38 PM - Error connecting to the internet. 10:18:38 PM - Unable
to contact server..

Error - 09/08/2012 16:08:01 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 9:08:00 PM - Error connecting to the internet. 9:08:01 PM - Unable
to contact server..

Error - 09/08/2012 16:08:12 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 9:08:06 PM - Error connecting to the internet. 9:08:06 PM - Unable
to contact server..

Error - 10/08/2012 03:41:56 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 8:41:56 AM - Error connecting to the internet. 8:41:56 AM - Unable
to contact server..

Error - 10/08/2012 03:42:06 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 8:42:01 AM - Error connecting to the internet. 8:42:01 AM - Unable
to contact server..

Error - 13/08/2012 04:43:09 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 9:43:09 AM - Error connecting to the internet. 9:43:09 AM - Unable
to contact server..

Error - 13/08/2012 04:43:22 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 9:43:14 AM - Error connecting to the internet. 9:43:14 AM - Unable
to contact server..

Error - 13/08/2012 05:43:29 | Computer Name = Kev-PC | Source = MCUpdate | ID = 0
Description = 10:43:28 AM - Error connecting to the internet. 10:43:28 AM - Unable
to contact server..

[ System Events ]
Error - 22/06/2013 13:39:43 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:39:44 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:39:45 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:39:46 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:39:47 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:40:02 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:40:03 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 13:40:04 | Computer Name = Kev-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 22/06/2013 14:21:34 | Computer Name = Kev-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll
Error
Code: 258

Error - 22/06/2013 14:22:47 | Computer Name = Kev-PC | Source = DCOM | ID = 10016
Description =

< End of report >


----------



## Cookiegal (Aug 27, 2003)

So far we haven't found anything but I'd like to check a few more things.

Open Notepad and copy and paste the text in the code box below into it:


```
DirLook::
C:\Users\Kev\AppData\Local\{2D1A1D9D-F1B4-4642-9C91-E82243E87169}
C:\Users\Kev\AppData\Local\{E25F9E2C-EF04-43BD-BC6D-F49AC7EAB462}
C:\Users\Kev\AppData\Local\{FABD3777-E98F-4F4C-BBEB-0C7D8A398718}
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Also, please do this:

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## kevhatch (Jun 20, 2005)

ComboFix 13-06-22.01 - Kev 22/06/2013 22:20:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8100.6526 [GMT 1:00]
Running from: c:\users\Kev\Desktop\puppy.exe
Command switches used :: c:\users\Kev\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))
.
.
2013-06-22 21:27 . 2013-06-22 21:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-22 16:22 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD70D7E9-C857-4636-A198-9FC551B7BAF3}\mpengine.dll
2013-06-21 16:22 . 2013-06-21 16:22	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CBDC8E4D-F0B4-4C50-A06A-8E6CF6215C02}\gapaengine.dll
2013-06-21 16:22 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-14 16:41 . 2013-06-08 14:44	964552	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 16:21 . 2013-06-14 16:21	--------	d-----w-	c:\program files (x86)\Common Files\Adobe AIR
2013-06-13 02:52 . 2013-06-13 02:52	--------	d-----w-	C:\a59e14d750f863bc49e8f3a81ff2
2013-06-13 02:41 . 2013-05-17 01:25	257536	----a-w-	c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 02:41 . 2013-05-17 00:58	701952	----a-w-	c:\program files\Internet Explorer\ieproxy.dll
2013-06-13 02:41 . 2013-05-17 00:58	356352	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-06-13 02:41 . 2013-05-17 01:25	235520	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-06-13 02:41 . 2013-05-17 01:25	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-06-13 02:41 . 2013-05-17 00:59	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2013-06-13 02:41 . 2013-05-17 00:58	67072	----a-w-	c:\windows\system32\iesetup.dll
2013-06-13 02:41 . 2013-05-17 00:58	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-06-13 02:41 . 2013-05-17 01:25	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-06-13 02:41 . 2013-05-14 08:40	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-13 02:40 . 2013-05-14 12:23	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-06-13 02:40 . 2013-05-17 00:58	136704	----a-w-	c:\windows\system32\iesysprep.dll
2013-06-13 02:40 . 2013-05-17 02:32	770648	----a-w-	c:\program files (x86)\Internet Explorer\iexplore.exe
2013-06-13 02:40 . 2013-05-17 03:30	775256	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-06-13 02:40 . 2013-05-17 00:58	603136	----a-w-	c:\windows\system32\msfeeds.dll
2013-06-13 02:40 . 2013-05-17 00:58	855552	----a-w-	c:\windows\system32\jscript.dll
2013-06-13 02:40 . 2013-05-17 00:58	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-06-13 02:39 . 2013-05-17 01:25	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-06-13 02:39 . 2013-05-17 00:58	148992	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-13 02:39 . 2013-05-17 01:25	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-13 02:39 . 2013-05-17 01:25	817664	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 02:39 . 2013-05-17 00:58	1084928	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 02:39 . 2013-05-17 00:58	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-06-13 02:39 . 2013-05-17 01:25	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-06-13 02:39 . 2013-05-17 00:59	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-12 10:48 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-11 17:33 . 2013-06-11 17:33	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 17:33 . 2013-06-11 17:33	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-09 11:18 . 2013-06-10 17:21	--------	d-----w-	C:\Temp
2013-06-08 18:07 . 2013-06-08 18:08	--------	d-----w-	c:\users\Kev\AppData\Roaming\U3
2013-06-08 16:31 . 2013-06-08 16:31	--------	d-----w-	c:\users\Kev\AppData\Roaming\SUPERAntiSpyware.com
2013-06-08 16:30 . 2013-06-08 16:31	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-08 16:30 . 2013-06-08 16:30	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-06-08 15:52 . 2013-06-08 15:52	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-08 15:52 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-06-08 14:43 . 2013-06-08 14:43	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-06-08 14:43 . 2013-06-08 14:43	--------	d-----w-	c:\program files\Microsoft Security Client
2013-06-08 01:50 . 2013-06-08 14:23	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-06-08 00:20 . 2013-06-09 17:09	--------	d-----w-	c:\users\Kev\AppData\Local\Deployment
2013-06-08 00:20 . 2013-06-08 00:20	--------	d-----w-	c:\users\Kev\AppData\Local\Apps
2013-06-07 18:45 . 2013-06-07 18:45	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2013-06-07 14:08 . 2013-06-07 14:08	--------	d-----w-	c:\users\Kev\AppData\Local\Dell Edoc Viewer
2013-06-07 13:56 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8AC9467-8AA0-497E-B6F4-36C173EB6B6F}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 02:53 . 2012-01-13 19:17	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 08:17 . 2010-06-24 17:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-30 00:28 . 2012-04-11 10:05	236688	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
2013-04-13 05:49 . 2013-05-14 21:10	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 21:10	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 21:10	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 21:10	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 21:10	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 21:10	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 01:25	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-14 21:10	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-14 21:10	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-14 21:10	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-02 14:09 . 2013-04-02 14:09	4550656	----a-w-	c:\windows\SysWow64\GPhotos.scr
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Kev\AppData\Local\{2D1A1D9D-F1B4-4642-9C91-E82243E87169} ----
.
.
---- Directory of c:\users\Kev\AppData\Local\{E25F9E2C-EF04-43BD-BC6D-F49AC7EAB462} ----
.
.
---- Directory of c:\users\Kev\AppData\Local\{FABD3777-E98F-4F4C-BBEB-0C7D8A398718} ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangeInside"="c:\users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe" [2012-11-16 1530520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2013-03-15 2236792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Kev\Desktop\RealTemp\WinRing0x64.sys;c:\users\Kev\Desktop\RealTemp\WinRing0x64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R4 Orange update Core Service;Orange update Core Service;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe;c:\program files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [x]
R4 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 RapportCerberus_51755;RapportCerberus_51755;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37634588
*Deregistered* - 37634588
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11 17:33]
.
2013-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core.job
- c:\users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 22:56]
.
2013-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA.job
- c:\users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19 22:56]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 10:27]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: ajouter cette page à vos favoris Orange - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: envoyer le texte sélectionné par sms - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: traduire la page - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\users\Kev\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\
FF - prefs.js: browser.search.selectedEngine - Orange
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF - ExtSQL: 2013-05-23 12:20; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2013-05-23 12:20; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: browser.search.selectedEngine - Orange
FF - user.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-22 22:29:16
ComboFix-quarantined-files.txt 2013-06-22 21:29
ComboFix2.txt 2013-06-22 17:01
.
Pre-Run: 369,884,459,008 bytes free
Post-Run: 369,587,400,704 bytes free
.
- - End Of File - - 251E3FA564D30BE7E86C8BECECE2C460
D41D8CD98F00B204E9800998ECF8427E


----------



## kevhatch (Jun 20, 2005)

Ran aswMBR ... saved the logfile to the desktop and double clicked to open it and my whole system has frozen up again ... 
Tried to reboot and I have lost Desktop wallpaper/Sys tray and bottom toolbar - just have Desktop icons on a white background with a system busy icon in the middle of the screen


----------



## Cookiegal (Aug 27, 2003)

Aswmbr wasn't making any changes and the log is only a .txt file which wouldn't cause that behaviour.

Did you try another reboot?

If that doesn't work can you boot to safe mode?


----------



## kevhatch (Jun 20, 2005)

System is now shutting down .. Configuring windows message showing ,, and booted back to normal desktop ... I'll run asw again in case I saved log to early


----------



## Cookiegal (Aug 27, 2003)

OK good. It also creates a file named mbr.dat on the desktop. That's just a backup copy of the MBR so don't try to open that one.


----------



## kevhatch (Jun 20, 2005)

Ran asw again ... nothing is responding ... dbl clicking icons either wipes the Desktop wallpaper or does nothing at all .. Trying to shut down but very slow responding.


----------



## Cookiegal (Aug 27, 2003)

Leave that for now then.

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## kevhatch (Jun 20, 2005)

My fault ...... asw had seemed to stop and the Save log file was highlighted, I jumped the gun and clicked it... Did the same with the second scan, freezing everything up again .... 
asw running again, I will wait for a definite scan finished message this time!


----------



## kevhatch (Jun 20, 2005)

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-22 23:01:56
-----------------------------
23:01:56.198 OS Version: Windows x64 6.1.7601 Service Pack 1
23:01:56.198 Number of processors: 4 586 0x2A07
23:01:56.198 ComputerName: KEV-PC UserName: Kev
23:01:58.118 Initialize success
23:02:17.338 AVAST engine defs: 13062201
23:02:25.008 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:02:25.018 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
23:02:25.138 Disk 0 MBR read successfully
23:02:25.148 Disk 0 MBR scan
23:02:25.158 Disk 0 Windows 7 default MBR code
23:02:25.178 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
23:02:25.188 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
23:02:25.208 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
23:02:25.338 Disk 0 scanning C:\windows\system32\drivers
23:02:37.558 Service scanning
23:03:10.398 Modules scanning
23:03:10.408 Disk 0 trace - called modules:
23:03:10.438 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
23:03:10.788 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800939c060]
23:03:10.798 3 CLASSPNP.SYS[fffff88001acd43f] -> nt!IofCallDriver -> [0xfffffa800743d040]
23:03:10.808 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007444050]
23:03:12.438 AVAST engine scan C:\windows
23:03:18.858 AVAST engine scan C:\windows\system32
23:26:48.061 AVAST engine scan C:\windows\system32\drivers
23:27:03.061 AVAST engine scan C:\Users\Kev
23:54:13.089 AVAST engine scan C:\ProgramData
00:01:02.106 Scan finished successfully
00:01:41.199 Disk 0 MBR has been saved successfully to "C:\Users\Kev\Desktop\MBR.dat"
00:01:41.199 The log file has been saved successfully to "C:\Users\Kev\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## kevhatch (Jun 20, 2005)

2 hrs into the eset scan .. it's 03:10 here, so I am off for some zzzzz's, will post the logfile tomorrow


----------



## Cookiegal (Aug 27, 2003)

That's fine.


----------



## kevhatch (Jun 20, 2005)

Can't find the scan log for the Eset scan I ran last night .. running it again this morning.


----------



## kevhatch (Jun 20, 2005)

Ran the scan again, IE shut down guessing after scan finished, no report!


----------



## Cookiegal (Aug 27, 2003)

Generally, there will be no report produced if no threats were found. Was that the case?


----------



## kevhatch (Jun 20, 2005)

I assume so - on both occasions I missed the end of the scan.


----------



## Cookiegal (Aug 27, 2003)

Well assuming that's the case, we haven't found any further malware as a possible cause so anyone who wishes to continue troubleshooting feel free to do so.


----------



## kevhatch (Jun 20, 2005)

Thx for your help Cookiegal ..... Next!!!!


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.

There are still some firewall rules pertaining to McAfee but I doubt that would cause any issues.

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook_x64.exe* to run it.
Copy the content of the following code box into the main text field:

```
:folderfind
*McAfee*
:regfind
McAfee
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## kevhatch (Jun 20, 2005)

SystemLook 04.09.10 by jpshortstuff
Log created at 20:01 on 23/06/2013 by Kev
Administrator - Elevation successful

========== folderfind ==========

Searching for "*McAfee*"
C:\Users\Kev\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SL2PMT35\home.mcafee.com	d------	[12:29 24/05/2013]
C:\Users\Kev\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SL2PMT35\home.mcafee.com\AppSupport\Common\Secure\McAfee.swf	d------	[12:29 24/05/2013]
C:\Users\Kev\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.mcafee.com	d------	[12:29 24/05/2013]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\McAfee	d------	[11:46 12/11/2012]

========== regfind ==========

Searching for "McAfee"
[HKEY_CURRENT_USER\Software\McAfee Online Backup]
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"CheckVersionURL"="https://us.mcafee.com/apps/mdm/en-US/6.1/mdm.aspx?appux=pearl"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"DisplayName"="McAfee All Access - Total Protection"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"apSuccessURL"="https://us.mcafee.com/apps/mdm/en-US/6.1/apSuccess.aspx?affid=0&pkgid=396&flexpkgid=394&accountid=153384542&productKey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8&mcsubdbrepair=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"apBackURL"="https://us.mcafee.com/apps/mdm/en-US/6.1/selectpkg.aspx?backFlag=1&PkgID=&AffiliateID=0&AccountID=b2d9ce18bddbf112eaf8e5337c64a62d5e46475f5906011161&ProductKey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8&mcsubdbrepair=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"MDMSubInfoXml"="<?xml version='1.0' encoding='utf-8' ?><subinfo><app appid='MAT' code='MAT' name='McAfee File Lock'><appid><![CDATA[MAT]]></appid><app_code><![CDATA[MAT]]></app_code><app_name><![CDATA[McAfee File Lock]]></app_name><accnt_id><![CDATA[153384542]]></accnt_id><backend><![CDATA[EBIZSOL]]></backend><perpetual><![CDATA[0]]></perpetual><trial><![CDATA[1]]></trial><settings><![CDATA[20130707]]></settings><website><![CDATA[us.mcafee.com]]></website><sync_url><![CDATA[https://us.mcafee.com/Apps/msc/submgr/mispsync.asp]]></sync_url><applang><![CDATA[en-us]]></applang><product_key><![CDATA[EDBF7394-B8C2-4E3B-BEB2-62C8333147C8]]></product_key><package_id><![CDATA[396]]></package_id><package_name><![CDATA[McAfee All Access - Total Protection]]></package_name><flex_pkg_id><![CDATA[394]]></flex_pkg_id><e_mail><![CDATA[[email protected]]]></e_mail><affid><![CDATA[0]]></affid><renewalurl><![CDATA[http://us.mcafee.com/root/renewpackage.asp]]></renewalurl><num_license
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo1"="MAT|153384542|https://us.mcafee.com/apps/mat/en-us/3.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo2"="MOBK|153384542|https://us.mcafee.com/apps/mobk/en-us/4.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo3"="MPF|153384542|https://us.mcafee.com/apps/mpf/en-us/13.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo4"="MPS|153384542|https://us.mcafee.com/apps/mps/en-us/14.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo5"="MQS|153384542|https://us.mcafee.com/apps/mqs/en-us/12.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo6"="MSAD|153384542|https://us.mcafee.com/apps/msad/en-us/3.6/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo7"="MSK|153384542|https://us.mcafee.com/apps/msk/en-us/13.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo8"="VSO|153384542|https://us.mcafee.com/apps/vso/en-us/16.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo9"="VUL|153384542|https://us.mcafee.com/apps/vul/en-us/2.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo10"="MSC|153384542|https://us.mcafee.com/apps/msc/en-us/12.1/freshinstall.asp?affid=0&pkgid=396|"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"AppDownloadInfo11"="MMI|153384542|https://us.mcafee.com/apps/mmi/en-us/6.1/freshinstall.asp?affid=0&pkgid=396|"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"personalizeSuccessUrl"="https://us.mcafee.com/apps/mdm/en-US/6.1/StartDownload.aspx?flexpkgid=394&accountid=153384542&productkey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"personalizeBackUrl"="https://us.mcafee.com/apps/mdm/en-US/6.1/apSuccess.aspx?affid=0&pkgid=396&flexpkgid=394&accountid=153384542&productKey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8&mcsubdbrepair=0"
[HKEY_CURRENT_USER\Software\McAfeeInstaller]
"personalizeXml"="<Features>
<Feature id="67" code="SKO" cat="MSK" name="McAfee Anti-Spam" tooltip="Stops junk mail and phishing attacks from invading your inbox." />
<Feature id="2" code="VSO" cat="VSO" name="McAfee Anti-Virus and Anti-Spyware" tooltip="Provide ongoing protection against viruses, spyware, and other potential threats." />
<Feature id="190" code="MAT" cat="MAT" name="McAfee File Lock" tooltip="Lock files that you want to protect in secure digital vaults on your PC-so only you can get to them." />
<Feature id="180" code="MOBK" cat="MOBK" name="McAfee Online Backup" tooltip="Lets you save your most important files online so that you can get to them from anywhere at any time-with just one click." />
<Feature id="28" code="MPS" cat="MPS" name="McAfee Parental Controls" tooltip="Lets you take control of what your family can see and do on the web." />
<Feature id="33" code="MPFP" cat="MPF" name="McAfee Personal Firewall" tooltip="Protec
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\mcagent.exe]
"Path"="C:\Program Files\mcafee.com\agent\mcagent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\McUICnt.exe]
"Path"="C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\mcuihost.exe]
"Path"="C:\Program Files\mcafee\msc\mcuihost.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\mcagent.exe]
"Path"="C:\Program Files\mcafee.com\agent\mcagent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\McUICnt.exe]
"Path"="C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\mcuihost.exe]
"Path"="C:\Program Files\mcafee\msc\mcuihost.exe"
[HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_CURRENT_USER\Software\WinRAR\VirusScan]
"Name"="C:\Program Files\mcafee\virusscan\McVsShld.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5F936876-EB3C-4C5B-810D-05E1F36CB130}\InprocServer32]
@="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB3CEFCA-6E78-4bd6-9582-047A8F377767}\InprocServer32]
@="C:\Program Files (x86)\McAfeeMOBK\mozymscintegration.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1646887-73BC-429E-A2D3-2299B684F91F}]
@="McAfee VSO Setting Manger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1646887-73BC-429E-A2D3-2299B684F91F}\InprocServer32]
@="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsocfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CoMcSettingManager]
@="McAfee VSO Setting Manger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList]
"LastUsedSource"="n;1;C:\Program Files (x86)\McAfee\Temp\qxz3C69\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\844C97FE649617D41843300487880C45\SourceList\Net]
"1"="C:\Program Files (x86)\McAfee\Temp\qxz3C69\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60636013-404E-401C-B588-F301E8FEE462}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\Platform\MSM\mcsmtfwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6549441-5AFD-4C48-A4CE-28543694E113}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\McAfee\Platform\PlatformServiceFWPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6549441-5AFD-4C48-A4CE-28543694E113}\1.0\HELPDIR]
@="c:\PROGRA~1\COMMON~1\mcafee\platform"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0]
@="McAfee VirusScan SettingManager API 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsocfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\VIRUSS~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A404171B-F5E6-40F5-8E35-90C616052B28}\InProcServer32]
@="C:\Program Files (x86)\Common Files\McAfee\Platform\PlatformServiceFWPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{60636013-404E-401C-B588-F301E8FEE462}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\Platform\MSM\mcsmtfwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6549441-5AFD-4C48-A4CE-28543694E113}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\McAfee\Platform\PlatformServiceFWPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B6549441-5AFD-4C48-A4CE-28543694E113}\1.0\HELPDIR]
@="c:\PROGRA~1\COMMON~1\mcafee\platform"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0]
@="McAfee VirusScan SettingManager API 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsocfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\VIRUSS~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
"AppPath"="c:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\McAfee SiteAdvisor Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mcpltui_exe]
"command"=""C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\McAfee Online Backup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\McAfee Online Backup\Data\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"Contact"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"InstallSource"="C:\Program Files (x86)\McAfee\Temp\qxz3C69\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\844C97FE649617D41843300487880C45\InstallProperties]
"Publisher"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"Contact"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"InstallSource"="C:\Program Files (x86)\McAfee\Temp\qxz3C69\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}]
"Publisher"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"RestoreErrorContext"="System Restore failed to extract the file (C:\Program Files\mcafee\msc\mcactui.dll) from the restore point."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"RestoreStatusDetails"="\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy7\Program Files\mcafee\msc\mcactui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC6F}]
"AppPath"="c:\Program Files (x86)\McAfee\SiteAdvisor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A404171B-F5E6-40F5-8E35-90C616052B28}\InProcServer32]
@="C:\Program Files (x86)\Common Files\McAfee\Platform\PlatformServiceFWPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{60636013-404E-401C-B588-F301E8FEE462}\1.0\0\win32]
@="C:\Program Files\Common Files\McAfee\Platform\MSM\mcsmtfwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6549441-5AFD-4C48-A4CE-28543694E113}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\McAfee\Platform\PlatformServiceFWPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{B6549441-5AFD-4C48-A4CE-28543694E113}\1.0\HELPDIR]
@="c:\PROGRA~1\COMMON~1\mcafee\platform"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0]
@="McAfee VirusScan SettingManager API 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsocfg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{EFBC30F6-CEC0-4BCD-9418-0B5793C7650B}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\VIRUSS~1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\cfwids.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\mfeapfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\mfeavfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\mfefirek.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\mfenlfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\mferkdet.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65912C48-7FA1-46D3-8652-25662E8FE18B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E456A2E-FE28-4392-870E-E882F65031B3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193DEE9F-BC7A-4C49-A295-3E83F66314E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5021163B-1280-4F61-A583-D67CCB5EF3E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\cfwids.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\mfeapfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\mfeavfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\mfefirek.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\mfenlfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\mferkdet.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65912C48-7FA1-46D3-8652-25662E8FE18B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E456A2E-FE28-4392-870E-E882F65031B3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193DEE9F-BC7A-4C49-A295-3E83F66314E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5021163B-1280-4F61-A583-D67CCB5EF3E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFEAVFK02\0000]
"DeviceDesc"="McAfee Inc."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFENCBDC\0000]
"DeviceDesc"="McAfee Inc. mfencbdc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MFERKDET\0000]
"DeviceDesc"="McAfee Inc. mferkdet"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\cfwids.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mfeapfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mfeavfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mfefirek.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mfenlfk.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\mferkdet.sys]
"EventMessageFile"="C:\Program Files\Common Files\McAfee\SystemCore\\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65912C48-7FA1-46D3-8652-25662E8FE18B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E456A2E-FE28-4392-870E-E882F65031B3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{193DEE9F-BC7A-4C49-A295-3E83F66314E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5021163B-1280-4F61-A583-D67CCB5EF3E7}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|"
[HKEY_USERS\.DEFAULT\Software\McAfee Online Backup]
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfee Online Backup]
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"CheckVersionURL"="https://us.mcafee.com/apps/mdm/en-US/6.1/mdm.aspx?appux=pearl"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"DisplayName"="McAfee All Access - Total Protection"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"apSuccessURL"="https://us.mcafee.com/apps/mdm/en-US/6.1/apSuccess.aspx?affid=0&pkgid=396&flexpkgid=394&accountid=153384542&productKey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8&mcsubdbrepair=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"apBackURL"="https://us.mcafee.com/apps/mdm/en-US/6.1/selectpkg.aspx?backFlag=1&PkgID=&AffiliateID=0&AccountID=b2d9ce18bddbf112eaf8e5337c64a62d5e46475f5906011161&ProductKey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8&mcsubdbrepair=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"MDMSubInfoXml"="<?xml version='1.0' encoding='utf-8' ?><subinfo><app appid='MAT' code='MAT' name='McAfee File Lock'><appid><![CDATA[MAT]]></appid><app_code><![CDATA[MAT]]></app_code><app_name><![CDATA[McAfee File Lock]]></app_name><accnt_id><![CDATA[153384542]]></accnt_id><backend><![CDATA[EBIZSOL]]></backend><perpetual><![CDATA[0]]></perpetual><trial><![CDATA[1]]></trial><settings><![CDATA[20130707]]></settings><website><![CDATA[us.mcafee.com]]></website><sync_url><![CDATA[https://us.mcafee.com/Apps/msc/submgr/mispsync.asp]]></sync_url><applang><![CDATA[en-us]]></applang><product_key><![CDATA[EDBF7394-B8C2-4E3B-BEB2-62C8333147C8]]></product_key><package_id><![CDATA[396]]></package_id><package_name><![CDATA[McAfee All Access - Total Protection]]></package_name><flex_pkg_id><![CDATA[394]]></flex_pkg_id><e_mail><![CDATA[[email protected]]]></e_mail><affid><![CDATA[0]]></affid><renewalurl><![CDATA[http://us.mcafee.com/root/renewp
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo1"="MAT|153384542|https://us.mcafee.com/apps/mat/en-us/3.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo2"="MOBK|153384542|https://us.mcafee.com/apps/mobk/en-us/4.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo3"="MPF|153384542|https://us.mcafee.com/apps/mpf/en-us/13.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo4"="MPS|153384542|https://us.mcafee.com/apps/mps/en-us/14.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo5"="MQS|153384542|https://us.mcafee.com/apps/mqs/en-us/12.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo6"="MSAD|153384542|https://us.mcafee.com/apps/msad/en-us/3.6/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo7"="MSK|153384542|https://us.mcafee.com/apps/msk/en-us/13.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo8"="VSO|153384542|https://us.mcafee.com/apps/vso/en-us/16.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo9"="VUL|153384542|https://us.mcafee.com/apps/vul/en-us/2.1/freshinstall.asp?affid=0&pkgid=396|AffId=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo10"="MSC|153384542|https://us.mcafee.com/apps/msc/en-us/12.1/freshinstall.asp?affid=0&pkgid=396|"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"AppDownloadInfo11"="MMI|153384542|https://us.mcafee.com/apps/mmi/en-us/6.1/freshinstall.asp?affid=0&pkgid=396|"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"personalizeSuccessUrl"="https://us.mcafee.com/apps/mdm/en-US/6.1/StartDownload.aspx?flexpkgid=394&accountid=153384542&productkey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"personalizeBackUrl"="https://us.mcafee.com/apps/mdm/en-US/6.1/apSuccess.aspx?affid=0&pkgid=396&flexpkgid=394&accountid=153384542&productKey=EDBF7394-B8C2-4E3B-BEB2-62C8333147C8&mcsubdbrepair=0"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\McAfeeInstaller]
"personalizeXml"="<Features>
<Feature id="67" code="SKO" cat="MSK" name="McAfee Anti-Spam" tooltip="Stops junk mail and phishing attacks from invading your inbox." />
<Feature id="2" code="VSO" cat="VSO" name="McAfee Anti-Virus and Anti-Spyware" tooltip="Provide ongoing protection against viruses, spyware, and other potential threats." />
<Feature id="190" code="MAT" cat="MAT" name="McAfee File Lock" tooltip="Lock files that you want to protect in secure digital vaults on your PC-so only you can get to them." />
<Feature id="180" code="MOBK" cat="MOBK" name="McAfee Online Backup" tooltip="Lets you save your most important files online so that you can get to them from anywhere at any time-with just one click." />
<Feature id="28" code="MPS" cat="MPS" name="McAfee Parental Controls" tooltip="Lets you take control of what your family can see and do on the web." />
<Feature id="33" code="MPFP" cat="MPF" name="McA
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\IntelliPoint\AppSpecific\mcagent.exe]
"Path"="C:\Program Files\mcafee.com\agent\mcagent.exe"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\IntelliPoint\AppSpecific\McUICnt.exe]
"Path"="C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\IntelliPoint\AppSpecific\mcuihost.exe]
"Path"="C:\Program Files\mcafee\msc\mcuihost.exe"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\IntelliType Pro\AppSpecific\mcagent.exe]
"Path"="C:\Program Files\mcafee.com\agent\mcagent.exe"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\IntelliType Pro\AppSpecific\McUICnt.exe]
"Path"="C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\IntelliType Pro\AppSpecific\mcuihost.exe]
"Path"="C:\Program Files\mcafee\msc\mcuihost.exe"
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-768171273-2258216897-828858201-1000\Software\WinRAR\VirusScan]
"Name"="C:\Program Files\mcafee\virusscan\McVsShld.exe"
[HKEY_USERS\S-1-5-18\Software\McAfee Online Backup]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

There's still a lot of McAfee stuff there. Were you using McAfee Online Backup?

I wouldn't even venture to create a registry fix to delete all of that for fear of causing more problems.


----------



## kevhatch (Jun 20, 2005)

I thought there was a lot there, especially after running the Mcafee removal tool so many times!!!! As far as I am aware I wasn't using the online backup - I don't even like Mcafee but it came installed when I bought the laptop.


----------



## Cookiegal (Aug 27, 2003)

You could try reinstalling it just to see if that solves the issues you're experiencing. If it does then I would contact McAfee support for help uninstalling it.


----------



## kevhatch (Jun 20, 2005)

I didn't re-install McAfee as I wasn't sure which version I had on here but I did go to McAfee support. They have supposedly now cleared the registry of all McAfee files.


----------



## Cookiegal (Aug 27, 2003)

Have things improved with the system or are you still having problems?


----------



## kevhatch (Jun 20, 2005)

Not as good as it was before the problems started but a lot better .. Re-Booting after McaFee cleaned up went ok until the welcome screen then it hung for a little while, maybe a minute before going to a black screen for a few seconds and then the desktop ... Internet seems to be ok at the moment.
Haven't tried to get the Accuweather widget back on to desktop yet and don't know if Dell Stage Remote is working or not - or even if I need it!!


----------



## Cookiegal (Aug 27, 2003)

Did you ask the support technician why it would have caused you such trouble?


----------



## kevhatch (Jun 20, 2005)

Sorry no, never thought too :-(


----------



## Cookiegal (Aug 27, 2003)

If you boot to safe mode does it start up much faster?


----------



## kevhatch (Jun 20, 2005)

Boot to Safe Mode is much quicker ... type in password, hit enter and Desktop appears immediately.


----------



## Cookiegal (Aug 27, 2003)

In the Windows start menu search box type "msconfig" (without the quotes) then right click the entry and select "Run as Administrator", enter your user credentials for the UAC prompt and click yes. In the window that opens, select the "startup" tab and post a screenshot of the entries listed there please.

Also, click on the Services tab and then select to Hide Microsoft services so you should only be left with a short list of entries. Please post a screenshot of that as well.


----------



## kevhatch (Jun 20, 2005)

Also, web browsers are a lot faster in Safe Mode.


----------



## kevhatch (Jun 20, 2005)

Not getting a UAC Prompt .. should I be back in normal mode?


----------



## throoper (Jan 20, 2007)

kevhatch said:


> Not getting a UAC Prompt .. should I be back in normal mode?


If you can open MSCONFIG, it doesn't matter if Safe or Normal.


----------



## kevhatch (Jun 20, 2005)

If it helps - 
Orange inside is something to do with my ISP ... it refuses to stay out of start up.
Goto Assist is from chat session with McAfee.


----------



## Cookiegal (Aug 27, 2003)

You'll have to scroll down the bar on the right as we can't see everything. Or if you like just tell us the names of any entries that have a check mark beside them under both the startup and services tabs.


----------



## kevhatch (Jun 20, 2005)

They are the only checked items.


----------



## Cookiegal (Aug 27, 2003)

Try unchecking GotoAssist service and see if there's any improvement in booting to Windows normally.


----------



## kevhatch (Jun 20, 2005)

Shutdown from safe mode really quick - Boot to normal ok until after p/word screen, spent 2-3 minutes on the welcome screen then Desktop slow to load - Probably 5 minutes in all from entering p/word to being able to use the Desktop.


----------



## Cookiegal (Aug 27, 2003)

Please open HijackThis.
Click on *Open Misc Tools Section*
Make sure that both boxes beside "Generate StartupList Log" are checked:

*List all minor sections(Full)*
*List Empty Sections(Complete)*
Click *Generate StartupList Log*.
Click *Yes* at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.


----------



## Cookiegal (Aug 27, 2003)

Also, are you saying the startup time is worse now that it was before?


----------



## kevhatch (Jun 20, 2005)

Start up is a lot worse now.


----------



## kevhatch (Jun 20, 2005)

StartupList report, 24/06/2013, 00:37:23
StartupList version: 1.52.2
Started from : C:\Users\Kev\Desktop\HijackThis.EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v10.0 (10.00.9200.16611)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
C:\Program Files (x86)\CometBird\cometbird.exe
C:\Program Files (x86)\CometBird\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\Kev\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

OrangeInside = C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\ComFile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\windows\Explorer\Explorer.exe: not present
C:\windows\System\Explorer.exe: not present
C:\windows\System32\Explorer.exe: not present
C:\windows\Command\Explorer.exe: not present
C:\windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - mscoree.dll (file missing) - {1d970ed5-3eda-438d-bffd-715931e2775b}
(no name) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core.job
FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job

--------------------------------------------------

Enumerating Download Program Files:

[WMI Class]
CODEBASE = https://support.dell.com/systemprofiler/SysProExe.CAB

[Launcher Class]
InProcServer32 = C:\Windows\Downloaded Program Files\PcdBrowserControlAx.ocx
CODEBASE = http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab

[Creative Software AutoUpdate]
InProcServer32 = C:\Windows\DOWNLO~1\CTSUEngn.ocx
CODEBASE = http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab

[Java Plug-in 10.5.1]
InProcServer32 = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

[DellSystemLite.Scanner]
InProcServer32 = C:\Windows\Downloaded Program Files\DellSystemLite.ocx
CODEBASE = http://supportapj.dell.com/systemprofiler/DellSystemLite.CAB

[Java Plug-in 1.6.0_37]
InProcServer32 = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

[Java Plug-in 10.5.1]
InProcServer32 = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

[Creative Software AutoUpdate Support Package 2]
InProcServer32 = C:\Windows\DOWNLO~1\CTPIDPDE.ocx
CODEBASE = http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\Windows\DOWNLO~1\CTPID.ocx
CODEBASE = http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\windows\system32\NLAapi.dll
NameSpace #2: C:\windows\system32\napinsp.dll
NameSpace #3: C:\windows\system32\pnrpnsp.dll
NameSpace #4: C:\windows\system32\pnrpnsp.dll
NameSpace #5: C:\windows\System32\mswsock.dll
NameSpace #6: C:\windows\System32\winrnr.dll
NameSpace #7: C:\windows\system32\wshbth.dll
NameSpace #8: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
NameSpace #9: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Protocol #1: C:\windows\system32\mswsock.dll
Protocol #2: C:\windows\system32\mswsock.dll
Protocol #3: C:\windows\system32\mswsock.dll
Protocol #4: C:\windows\system32\mswsock.dll
Protocol #5: C:\windows\system32\mswsock.dll
Protocol #6: C:\windows\system32\mswsock.dll
Protocol #7: C:\windows\system32\mswsock.dll
Protocol #8: C:\windows\system32\mswsock.dll
Protocol #9: C:\windows\system32\mswsock.dll
Protocol #10: C:\windows\system32\mswsock.dll
Protocol #11: C:\windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

SAS Core Service: "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" (disabled)
1394 OHCI Compliant Host Controller: \SystemRoot\system32\drivers\1394ohci.sys (manual start)
Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)
Adobe Acrobat Update Service: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" (disabled)
Adobe Flash Player Update Service: C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (disabled)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
Andrea ST Filters Service: C:\Program Files\IDT\WDM\AESTSr64.exe (disabled)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)
AMD External Events Utility: %SystemRoot%\system32\atiesrxx.exe (disabled)
amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (manual start)
amdkmdag: system32\DRIVERS\atikmdag.sys (manual start)
amdkmdap: system32\DRIVERS\atikmpag.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\drivers\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\drivers\amdsbs.sys (manual start)
amdxata: system32\drivers\amdxata.sys (system)
Alps Touch Pad Filter Driver for Windows x64: system32\DRIVERS\Apfiltr.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (manual start)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (manual start)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\drivers\bxvbda.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (manual start)
DW WLAN Card Driver: system32\DRIVERS\bcmwl664.sys (manual start)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
blbdrive: system32\DRIVERS\blbdrive.sys (system)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\BrFiltUp.sys (manual start)
@%SystemRoot%\system32\bridgeres.dll,-1: system32\DRIVERS\bridge.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Request Block Driver: \SystemRoot\system32\drivers\BthEnum.sys (manual start)
Bluetooth Serial Communications Driver: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: \SystemRoot\System32\Drivers\BTHport.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)
Bluetooth Radio USB Driver: \SystemRoot\System32\Drivers\BTHUSB.sys (manual start)
btwampfl: system32\DRIVERS\btwampfl.sys (manual start)
Bluetooth Audio Device Service: system32\drivers\btwaudio.sys (manual start)
Bluetooth AVDT Service: system32\drivers\btwavdt.sys (manual start)
Bluetooth Service: C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (disabled)
Bluetooth L2CAP Service: system32\DRIVERS\btwl2cap.sys (manual start)
btwrchid: system32\DRIVERS\btwrchid.sys (manual start)
catchme: \??\C:\puppy\catchme.sys (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft .NET Framework NGEN v4.0.30319_X64: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Microsoft Composite Battery Driver: system32\drivers\compbatt.sys (system)
Composite Bus Enumerator Driver: system32\DRIVERS\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\drivers\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Creative Camera Class Upper Filter Driver: system32\DRIVERS\CtClsFlt.sys (manual start)
MS Hardware Device Detection Driver: system32\DRIVERS\dc3d.sys (manual start)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\drivers\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\drivers\evbda.sys (manual start)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (manual start)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: \SystemRoot\system32\drivers\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: \SystemRoot\system32\drivers\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
GoToAssist: "C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe" Start=service (disabled)
@gpapi.dll,-112: %windir%\system32\svchost.exe -k GPSvcGroup (autostart)
Google Update Service (gupdate): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (disabled)
Google Update Service (gupdatem): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (disabled)
Google Updater Service: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" (disabled)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\drivers\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)
Intel AHCI Controller: system32\DRIVERS\iaStor.sys (system)
Intel(R) Rapid Storage Technology: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" (disabled)
iaStorV: \SystemRoot\system32\drivers\iaStorV.sys (manual start)
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Intel(R) Display Audio: system32\DRIVERS\IntcDAud.sys (manual start)
intelide: \SystemRoot\system32\drivers\intelide.sys (manual start)
intelkmd: system32\DRIVERS\igdpmd64.sys (manual start)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (manual start)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
Kodak AiO Network Discovery Service: C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (disabled)
Kodak AiO Status Monitor Service: "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" (disabled)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Intel(R) Management and Security Application Local Management Service: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (disabled)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\drivers\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
MBAMProtector: \??\C:\windows\system32\drivers\mbam.sys (manual start)
MBAMScheduler: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" (disabled)
MBAMService: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" (disabled)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
megasas: \SystemRoot\system32\drivers\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\drivers\MegaSR.sys (manual start)
Intel(R) Management Engine Interface: system32\DRIVERS\HECIx64.sys (manual start)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
Microsoft Malware Protection Driver: system32\DRIVERS\MpFilter.sys (system)
mpio: \SystemRoot\system32\drivers\mpio.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: system32\drivers\msahci.sys (system)
msdsm: \SystemRoot\system32\drivers\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Antimalware Service: "c:\Program Files\Microsoft Security Client\MsMpEng.exe" (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\drivers\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200: "C:\Program Files (x86)\Nero\Update\NASvc.exe" (disabled)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (disabled)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
RT2870 USB Wireless LAN Card Driver for Vista: system32\DRIVERS\netr28ux.sys (manual start)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (manual start)
Microsoft Network Inspection System: system32\DRIVERS\NisDrvWFP.sys (autostart)
@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243: "c:\Program Files\Microsoft Security Client\NisSrv.exe" (manual start)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Dell DataSafe Online: "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE (disabled)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
NUID filter driver: system32\DRIVERS\NuidFltr.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)
Orange update Core Service: C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe (disabled)
Office Source Engine: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (manual start)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Microsoft Mouse and Keyboard Center Filter Driver: system32\DRIVERS\point64.sys (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
PxHlpa64: System32\Drivers\PxHlpa64.sys (system)
ql2300: \SystemRoot\system32\drivers\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\drivers\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
RapportCerberus_51755: \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys (system)
RapportEI64: \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (system)
RapportKE64: System32\Drivers\RapportKE64.sys (system)
Rapport Management Service: "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" (disabled)
RapportPG64: \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: \SystemRoot\system32\drivers\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
Remote Desktop Video Miniport Driver: System32\drivers\rdpvideominiport.sys (manual start)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
RoxMediaDB12OEM: "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" (disabled)
Roxio Hard Drive Watcher 12: "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" (disabled)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
RtsUStor.Sys Realtek USB Card Reader: System32\Drivers\RtsUStor.sys (manual start)
Realtek 8167 NT Driver: system32\DRIVERS\Rt64win7.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (system)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (system)
sbp2port: \SystemRoot\system32\drivers\sbp2port.sys (manual start)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Windows Backup: %SystemRoot%\system32\svchost.exe -k SDRSVC (autostart)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (manual start)
SoftThinks Agent Service: "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiSRaid2: \SystemRoot\system32\drivers\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (manual start)
Skype Updater: "C:\Program Files (x86)\Skype\Updater\Updater.exe" (disabled)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
Print Spooler: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\stlang64.dll,-10101: C:\Program Files\IDT\WDM\STacSV64.exe (disabled)
stexstor: \SystemRoot\system32\drivers\stexstor.sys (manual start)
@%SystemRoot%\system32\stlang64.dll,-10301: system32\DRIVERS\stwrt64.sys (manual start)
Still Serial Digital Camera Driver: system32\DRIVERS\serscan.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
stllssvr: "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" (disabled)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
SwitchBoard: "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" (disabled)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Anchorfree HSS Adapter: system32\DRIVERS\taphss.sys (manual start)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
: system32\drivers\tsusbflt.sys (manual start)
Remote Desktop Generic USB Device: \SystemRoot\system32\drivers\TsUsbGD.sys (manual start)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Turbo Boost UI Monitor driver: system32\DRIVERS\TurboB.sys (autostart)
Intel(R) Turbo Boost Technology Monitor 2.0: "C:\Program Files\Intel\TurboBoost\TurboBoost.exe" (disabled)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: \SystemRoot\system32\drivers\umpass.sys (manual start)
Intel(R) Management and Security Application User Notification Service: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" (disabled)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (manual start)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\drivers\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)
viaide: \SystemRoot\system32\drivers\viaide.sys (manual start)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (manual start)
Volume Shadow Copy: %systemroot%\system32\vssvc.exe (manual start)
Virtual WiFi Bus Driver: system32\DRIVERS\vwifibus.sys (manual start)
Virtual WiFi Filter Driver: system32\DRIVERS\vwififlt.sys (system)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\Wat\WatUX.exe,-601: %SystemRoot%\system32\Wat\WatAdminSvc.exe (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Wd: \SystemRoot\system32\drivers\wd.sys (manual start)
@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WimFltr: system32\DRIVERS\wimfltr.sys (manual start)
WIMMount: system32\drivers\wimmount.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (manual start)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WinRing0_1_2_0: \??\C:\Users\Kev\Desktop\RealTemp\WinRing0x64.sys (manual start)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
WinUsb: system32\DRIVERS\WinUsb.sys (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Live Mesh remote connections service: "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" (disabled)
Windows Live ID Sign-in Assistant: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (autostart)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (system)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
WSD Print Support via UMB: system32\DRIVERS\WSDPrint.sys (manual start)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 56,910 bytes
Report generated in 0.266 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## kevhatch (Jun 20, 2005)

Will have to come back to this tomorrow evening .. have to be up in 6 hrs ..aaarrrggghh!!!!!


----------



## Cookiegal (Aug 27, 2003)

The only thing we did was uncheck GotoAssist. 

I'll be off most of the rest of the evening too so we can continue tomorrow.


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## Cookiegal (Aug 27, 2003)

Also, please do the following:

Open Notepad and copy the contents of the following code box and paste it into Notepad:


```
@echo off
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
notepad c:\look.txt
del c:\look.txt
del %0
```
Save the file as *look.bat* - when doing so you need to change the "save as type" to All Files and save it on your Desktop.

Right-click the look.bat file on your desktop and choose *Run as administrator*. Notepad should open with a report. Please coy and paste the contents of it in your next reply.


----------



## kevhatch (Jun 20, 2005)

Evening,
Here are the files you asked for -

Adobe AIR
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5
Adobe Reader X (10.1.7) MUI
Advanced Audio FX Engine
aioscnnr
aioscnnr
Apple Application Support
Apple Software Update
Assistance Livebox
C4USelfUpdater
Catalyst Control Center - Branding
center
CometBird 11.0 (x86 en-US)
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell VideoStage 
Dell VideoStage 
Dell Webcam Central
DirectX 9 Runtime
Encrypt Files v1.5
ESET Online Scanner v3
essentials
Facebook Video Calling 1.2.0.287
Google Earth
Google Update Helper
GoToAssist Corporate
High-Definition Video Playback
IDT Audio
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 7
Java(TM) 6 Update 37
JavaFX 2.1.1
Junk Mail filter update
KODAK AiO Software
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
msvcrt_installer
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Notification Mail
ocr
Orange Installer
Orange update
Pale Moon 20.1 (x86 en-US)
PDF Settings CS5
PhotoShowExpress
Picasa 3
PowerXpressHybrid
PreReq
PrintProjects
QuickTime
Rapport
Rapport
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Creator Starter
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Sonic CinePlayer Decoder Pack
swMSM
SyncUP
SyncUP
TeamSpeak 3 Client
ToolbarFR
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
Zinio Reader 4
Zinio Reader 4

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"="\"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey"


----------



## Cookiegal (Aug 27, 2003)

I assume the McAfee technician had you install GoToAssist and if that's the case then I would uninstall it as it's no longer needed.

You should also update your Java to the latest version and then uninstall these older ones:

Java 7 Update 7
Java(TM) 6 Update 37

The HijackThis startup log showed that the registry checked failed. That might just be because the tool doesn't really work fully on 64-bit machines and you were able to do the export but let's check to see if you can open the registry editor.

Open the Run box with the keyboard combination Windows key + R and then enter *regedit *in the run line and click OK. Say "yes" to the UAC prompt and let me know if the registry editor opens?

Also, reboot after uninstalling GoToAssist and let me know if there's any improvement please.


----------



## kevhatch (Jun 20, 2005)

Goto Assist removed - No improvement after reboot.

Java won't update - 

Installation Failed
The wizard was interrupted before Java 7 Update 25 could be completely installed. To complete installation at another time, please run setup again.

Tick in the box to open Java help and I get -
BrowserLaunchError:3


Also trying to uninstall Java with the Java uninstall tool fails.


----------



## kevhatch (Jun 20, 2005)

Yes. registry editor opens


----------



## Cookiegal (Aug 27, 2003)

Is this the name of the Java installer you downloaded?

re-7u25-windows-x64.exe


----------



## kevhatch (Jun 20, 2005)

Don't know what version it was - I went to the Java site and didn't see any options apart from - 
Recommended Version 7 Update 25 (Filesize:861kb) 
Agree and start free download


----------



## kevhatch (Jun 20, 2005)

Googled that installer version and found it on their site - installed ok


----------



## kevhatch (Jun 20, 2005)

Got this message again after closing installer - BrowserLaunchError:3


----------



## kevhatch (Jun 20, 2005)

01:15 here .. time for zzzz's Will check in tomorrow A.M.


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here


----------



## kevhatch (Jun 20, 2005)

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/06/2013 15:20:36

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/06/2013 23:46:30
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/06/2013 22:23:22
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/06/2013 23:28:34
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/06/2013 23:25:32
Type: Error Category: 0
Event: 512 Source: Microsoft-Windows-CAPI2
The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress. .

Log: 'Application' Date/Time: 23/06/2013 22:42:35
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/06/2013 21:52:29
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/06/2013 08:11:11
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/06/2013 22:00:27
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/06/2013 21:38:37
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/06/2013 18:21:51
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 23/06/2013 23:25:32
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 23/06/2013 23:25:31
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 23/06/2013 22:41:30
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 22/06/2013 21:57:25
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-768171273-2258216897-828858201-1000_Classes:
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000_CLASSES
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\30\Shell

Log: 'Application' Date/Time: 22/06/2013 21:57:24
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 5 user registry handles leaked from \Registry\User\S-1-5-21-768171273-2258216897-828858201-1000:
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2024 (\Device\HarddiskVolume3\Users\Kev\Desktop\aswMBR.exe) has opened key \REGISTRY\USER\S-1-5-21-768171273-2258216897-828858201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache

Log: 'Application' Date/Time: 22/06/2013 21:38:31
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 60 second(s) to handle the notification event (Logon).

Log: 'Application' Date/Time: 22/06/2013 21:38:30
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon).

Log: 'Application' Date/Time: 18/06/2013 12:48:40
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 65 second(s) to handle the notification event (Logon).

Log: 'Application' Date/Time: 18/06/2013 12:48:34
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon).

Log: 'Application' Date/Time: 18/06/2013 10:05:07
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 77 second(s) to handle the notification event (Logon).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/06/2013 16:08:12
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2013 13:49:55
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2013 12:47:11
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2013 10:03:17
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/06/2013 08:18:39
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/06/2013 23:04:00
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/06/2013 17:38:03
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/06/2013 08:25:01
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/06/2013 08:35:51
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/06/2013 15:09:34
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/06/2013 23:47:30
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/06/2013 23:46:18
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 258

Log: 'System' Date/Time: 24/06/2013 23:45:49
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2013 23:45:49
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

Log: 'System' Date/Time: 24/06/2013 22:53:33
Type: Error Category: 0
Event: 14 Source: volsnap
The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Log: 'System' Date/Time: 24/06/2013 22:24:24
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 24/06/2013 22:23:10
Type: Error Category: 0
Event: 10000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\bcmihvsrv64.dll Error Code: 258

Log: 'System' Date/Time: 24/06/2013 09:08:26
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2013 09:08:26
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

Log: 'System' Date/Time: 24/06/2013 09:08:26
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2013 13:10:39
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.apps.facebook.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2013 23:58:58
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.kenspchelp.co.uk timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2013 23:46:18
Type: Warning Category: 0
Event: 10004 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has timed out. Module Path: C:\windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 24/06/2013 23:44:40
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 24/06/2013 23:44:14
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 24/06/2013 22:35:50
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.apps.facebook.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2013 22:23:10
Type: Warning Category: 0
Event: 10004 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has timed out. Module Path: C:\windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 24/06/2013 22:21:27
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 24/06/2013 22:20:54
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 24/06/2013 19:27:21
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.apps.facebook.com timed out after none of the configured DNS servers responded.


----------



## kevhatch (Jun 20, 2005)

Don't know if it is related but I have noticed another strange occurrence - when I am typing sometimes, quite often actually, the cursor will reposition itself within the text instead of remaining at the end!


----------



## Cookiegal (Aug 27, 2003)

Some of the errors seem to indicate possible hard drive failure.

I know you said you ran chkdsk earlier but never posted the report. Please run it again and let's see the report to check for any bad clusters or sectors.

Click *Start*, type *cmd*, when cmd.exe appears in the list, right click it and click *Run as administrator*

Type *chkdsk /R C:* and press Enter. (Note the spaces between "chkdsk" and the "/" and between the "R" and the "C" and be sure to include the colon at the end as well).

You'll likely see this:
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

Hit Y and Enter, then reboot. This could take a long time depending on size of drive and how many errors it finds.

Chkdsk will create a log in the Event Viewer in the Application log (Start | Run, type eventvwr.msc, press Enter) and scroll down under the source colum to the Winninit entry. Open that and copy and paste the results here please.


----------



## kevhatch (Jun 20, 2005)

Chkdsk been running for around 3 hours now - for the last 1 hr 30 mins it seems to be stuck at the same point - 11 percent complete. (112478 of 264944 files processed)
Is that normal?


----------



## Cookiegal (Aug 27, 2003)

It can take a very long time and may seem to stay on one percentage for a while and then skip forward. I'd let it continue to run.


----------



## kevhatch (Jun 20, 2005)

ok - I'll leave it run


----------



## kevhatch (Jun 20, 2005)

17:20 Wed evening when I noticed chkdsk might have frozen - It is now 01:22 Thurs morning and it is still at 11 percent complete. (112478 of 264944 files processed)


----------



## Cookiegal (Aug 27, 2003)

It's not good to interrupt a chkdsk run. But a long run time could indicate a problem with the hard drive.

I've seen some report taking upwards of 12-17 hours but still completing so I'd wait it out.


----------



## kevhatch (Jun 20, 2005)

Ah --- wasn't thinking it could take that long .. I will leave it running.


----------



## kevhatch (Jun 20, 2005)

Sorry if I am being a pain Cookiegal - We are now at 30 hours at the same percentage + the couple of hours that it ran before I thought it froze - still normal??


----------



## Cookiegal (Aug 27, 2003)

What exactly does it say on the screen. Is it repairing something?


----------



## kevhatch (Jun 20, 2005)

This is what it has been displaying since I first posted I thought it was frozen.


----------



## Cookiegal (Aug 27, 2003)

Were you intending to post a photo? Because I don't see anything.

Also, is the hard drive light flashing and do you hear it working?


----------



## kevhatch (Jun 20, 2005)

Try again!


----------



## Cookiegal (Aug 27, 2003)

What is the file format (extension)? Perhaps it's too big but that would be shown at the top of the upload screen if it failed.


----------



## kevhatch (Jun 20, 2005)

Pic is to large .. have to resize


----------



## Cookiegal (Aug 27, 2003)

kevhatch said:


> Pic is to large .. have to resize


That's what I thought.

I assume you have everything backed up like documents, photos, etc.?


----------



## kevhatch (Jun 20, 2005)

Got it this time!!
HDD light is solid and can only here the fan running.
Yes I have everything important backed up.


----------



## Cookiegal (Aug 27, 2003)

I don't know what to tell you at this point. There is a risk of file corruption and data loss if the computer is shut down and it may not boot afterward. It's my understanding that if that happens it should launch a startup repair automatically that may or may not fix the issues but it may also try to launch chkdsk again since it failed to complete the run. I'm checking with our Trusted Advisors to see if I can get any more suggestions on the best way to proceed.


----------



## kevhatch (Jun 20, 2005)

If it is relevent - Dell Stage remote was one of the failed programmes causing a problem after uninstalling McAfee - I see that is the last line showing in the pic!


----------



## Cookiegal (Aug 27, 2003)

Well it is obvious that something has to be done as the computer can't be used in its current state. 

I've heard from a couple of people and there really is no safe way to exist chkdsk so you might as well just "go for it". It's a good thing that you have your important stuff backed up.

If you want to give it a shot, try using Ctrl-Alt-Del to break out of chkdsk. 

It's my understanding that if the system won't boot after it should launch the startup repair automatically.

Let us know how it goes.


----------



## kevhatch (Jun 20, 2005)

No response from Ctrl+Alt+Del - Power button????


----------



## kevhatch (Jun 20, 2005)

Switched off on power button, restarted and gave the option to skip scheduled chkdsk.
Booted to desktop fairly quickly.
Seems to be working ok!!


----------



## Cookiegal (Aug 27, 2003)

That's great! Are all of the previous problems gone?

Nevertheless, I would run the manufacturer's diagnostics on the hard drive as it may be failing.

Did chkdsk create the log in the Event Viewer?


----------



## kevhatch (Jun 20, 2005)

I'm happy with the way it is running at the moment, however, I am annoyed that just uninstalling McaFee could have caused all this hassle.
I have Event Viewer open, but not sure what log I should be looking for.
How would I run a Manufacturers diagnostic on my HD?


----------



## Cookiegal (Aug 27, 2003)

Chkdsk will create a log in the Event Viewer in the Application log (Start | Run, type eventvwr.msc, press Enter) and scroll down under the source colum to the Winninit entry. Open that and copy and paste the results here please.

In fact, it would be good to scroll down to the previous chkdsk that you said you ran that fixed some things and post that log as well so we can see what it did.


----------



## kevhatch (Jun 20, 2005)

Clicked start/all programmes and I'm hearing the HD scratching and it takes time for the programme/folder items in the list to load - not good I'm guessing!!
Scratching noise from HDD is intermittent.
I don't see anything in Event Viewer under the source column that resembles winninit!


----------



## Cookiegal (Aug 27, 2003)

See this link for instructions on finding the chkdsk logs:

http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html


----------



## kevhatch (Jun 20, 2005)

Only finding the first chkdsk that I did at the start of this thread.





TimeCreated : 7/6/2013 13:32:01
Message : 

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk. 

CHKDSK is verifying files (stage 1 of 3)...
264960 file records processed. 

File verification completed.
395 large file records processed. 

0 bad file records processed. 

0 EA records processed. 

44 reparse records processed. 

CHKDSK is verifying indexes (stage 2 of 3)...
Unable to locate the file name attribute of index entry BA4AC1~1.
LOG
of index $I30 with parent 0x13ced in file 0x5bd1.
Deleting index entry BA4AC1~1.LOG in index $I30 of file 81133.
Unable to locate the file name attribute of index entry backend-c
md.1.log
of index $I30 with parent 0x13ced in file 0x5bd1.
Deleting index entry backend-cmd.1.log in index $I30 of file 8113
3.
327588 index entries processed.  

Index verification completed.
0 unindexed files scanned. 

0 unindexed files recovered. 

CHKDSK is verifying security descriptors (stage 3 of 3)...
264960 file SDs/SIDs processed. 

Cleaning up 776 unused index entries from index $SII of file 0x9.
Cleaning up 776 unused index entries from index $SDH of file 0x9.
Cleaning up 776 unused security descriptors.
Security descriptor verification completed.
31315 data files processed. 

CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0x23af81530 in file 0x14c8
3
should be filled with zeros.
Repairing Usn Journal file record segment.
34206048 USN bytes processed. 

Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribu
te.
CHKDSK discovered free space marked as allocated in the volume bi
tmap.
Windows has made corrections to the file system.

472922135 KB total disk space.
116495004 KB in 187953 files.
100368 KB in 31316 indexes.
0 KB in bad sectors.
380135 KB in use by the system.
65536 KB occupied by the log file.
355946628 KB available on disk.

4096 bytes in each allocation unit.
118230533 total allocation units on disk.
88986657 allocation units available on disk.

Internal Info:
00 0b 04 00 91 58 03 00 3e e7 05 00 00 00 00 00 .....X..>.......
15 2d 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 .-..,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.


----------



## Cookiegal (Aug 27, 2003)

Well that didn't show any bad sectors so that's a good sign.

Let's back track a bit.

Please download  *Autoruns for Windows* and save the *Autoruns.zip* file to your desktop.

Unzip it (extract) the file and double click the autoruns.exe file to run the program.

Then click on *File* - *Save* and save it as *AutoRuns.txt* to your desktop. You also need to click on the drop-down menu beside "save as type" and change the file type to *Text (.txt)*.

Then open the AutoRuns.txt file in Notepad and copy and paste the contents. If the file is too large then upload it as an attachment please.


----------



## kevhatch (Jun 20, 2005)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"	""	""	""	"22/6/2013 22:29"
+ "MSC"	"Microsoft Security Client User Interface"	"Microsoft Corporation"	"c:\program files\microsoft security client\msseces.exe"	"25/1/2013 08:57"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"	""	""	""	"23/2/2011 14:07"
+ "Microsoft Windows"	"Windows Mail"	"Microsoft Corporation"	"c:\program files\windows mail\winmail.exe"	"14/7/2009 00:58"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"	""	""	""	"23/2/2011 14:07"
+ "Microsoft Windows"	"Windows Mail"	"Microsoft Corporation"	"c:\program files (x86)\windows mail\winmail.exe"	"14/7/2009 00:42"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"	""	""	""	"22/6/2013 22:19"
+ "DellSystemDetect"	""	""	"c:\users\kev\appdata\roaming\microsoft\windows\start menu\programs\dell\dell system detect.appref-ms"	"8/6/2013 01:20"
+ "OrangeInside"	"Executable Orange Inside"	"Orange"	"c:\users\kev\appdata\roaming\orange\orangeinside\one\orangeinside.exe"	"15/11/2012 16:56"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"	""	""	""	"14/7/2009 05:53"
+ "EPP"	"Microsoft Security Client Shell Extension"	"Microsoft Corporation"	"c:\program files\microsoft security client\shellext.dll"	"25/1/2013 08:57"
+ "Roxio Burn"	"TODO: <File description>"	"TODO: <Company name>"	"c:\program files\roxio\roxio burn\rb_contextmenu64.dll"	"11/11/2010 07:53"
+ "SASContextMenu Class"	"SUPERAntiSpyware Context Menu Extension"	"SUPERAntiSpyware.com"	"c:\program files\superantispyware\sasctxmn64.dll"	"23/5/2013 21:00"
+ "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"	"17/2/2012 15:55"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"	""	""	""	"14/7/2009 05:53"
+ "Roxio Burn"	"TODO: <File description>"	"TODO: <Company name>"	"c:\program files (x86)\roxio\oem\roxio burn\rb_contextmenu.dll"	"17/11/2010 19:32"
+ "WinRAR32"	""	""	"c:\program files\winrar\rarext32.dll"	"17/2/2012 15:55"
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers"	""	""	""	"30/4/2012 14:17"
+ "EPP"	"Microsoft Security Client Shell Extension"	"Microsoft Corporation"	"c:\program files\microsoft security client\shellext.dll"	"25/1/2013 08:57"
"HKLM\Software\Wow6432Node\Classes\Drive\ShellEx\ContextMenuHandlers"	""	""	""	"30/4/2012 14:17"
+ "OIShellExt"	"Orange Shell Extension"	"Orange"	"c:\users\kev\appdata\roaming\orange\orangeinside\oiext.dll"	"27/5/2010 15:14"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"	""	""	""	"14/7/2009 05:53"
+ "MBAMShlExt"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"	"28/2/2013 21:39"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"	""	""	""	"14/7/2009 05:53"
+ "OIShellExt"	"Orange Shell Extension"	"Orange"	"c:\users\kev\appdata\roaming\orange\orangeinside\oiext.dll"	"27/5/2010 15:14"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"	""	""	""	"30/4/2012 14:17"
+ "EPP"	"Microsoft Security Client Shell Extension"	"Microsoft Corporation"	"c:\program files\microsoft security client\shellext.dll"	"25/1/2013 08:57"
+ "SASContextMenu Class"	"SUPERAntiSpyware Context Menu Extension"	"SUPERAntiSpyware.com"	"c:\program files\superantispyware\sasctxmn64.dll"	"23/5/2013 21:00"
+ "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"	"17/2/2012 15:55"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"	""	""	""	"30/4/2012 14:17"
+ "OIShellExt"	"Orange Shell Extension"	"Orange"	"c:\users\kev\appdata\roaming\orange\orangeinside\oiext.dll"	"27/5/2010 15:14"
+ "WinRAR32"	""	""	"c:\program files\winrar\rarext32.dll"	"17/2/2012 15:55"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"	""	""	""	"30/4/2012 14:17"
+ "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"	"17/2/2012 15:55"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers"	""	""	""	"30/4/2012 14:17"
+ "WinRAR32"	""	""	"c:\program files\winrar\rarext32.dll"	"17/2/2012 15:55"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers"	""	""	""	"30/4/2012 14:17"
+ "FileZilla3CopyHook"	"fzshellext Dynamic Link Library"	""	"c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"	"1/8/2009 11:34"
+ "Monitor"	"BTNCopy Module"	"Broadcom Corporation."	"c:\program files\widcomm\bluetooth software\btncopy.dll"	"14/1/2011 00:15"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers"	""	""	""	"30/4/2012 14:17"
+ "FileZilla3CopyHook"	"fzshellext Dynamic Link Library"	""	"c:\program files (x86)\filezilla ftp client\fzshellext.dll"	"26/5/2013 16:53"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"	""	""	""	"14/7/2009 05:53"
+ "ACE"	"AMD Desktop Control Panel"	"Advanced Micro Devices, Inc."	"c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"	"6/12/2011 04:06"
+ "Gadgets"	"Sidebar droptarget"	"Microsoft Corporation"	"c:\program files\windows sidebar\sbdrop.dll"	"14/7/2009 02:32"
+ "igfxcui"	"igfxpph Module"	"Intel Corporation"	"c:\windows\system32\igfxpph.dll"	"26/3/2011 01:39"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"	""	""	""	"14/7/2009 05:53"
+ "Gadgets"	"Sidebar droptarget"	"Microsoft Corporation"	"c:\program files (x86)\windows sidebar\sbdrop.dll"	"14/7/2009 02:09"
+ "OIShellExt"	"Orange Shell Extension"	"Orange"	"c:\users\kev\appdata\roaming\orange\orangeinside\oiext.dll"	"27/5/2010 15:14"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"	""	""	""	"21/11/2011 07:16"
+ "PDF Shell Extension"	"PDF Shell Extension"	"Adobe Systems, Inc."	"c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"	"10/5/2013 07:33"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"	""	""	""	"21/11/2011 07:16"
+ "MBAMShlExt"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"	"28/2/2013 21:39"
+ "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"	"17/2/2012 15:55"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"	""	""	""	"21/11/2011 07:16"
+ "WinRAR32"	""	""	"c:\program files\winrar\rarext32.dll"	"17/2/2012 15:55"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"	""	""	""	"21/11/2011 07:16"
+ "WinRAR"	""	""	"c:\program files\winrar\rarext.dll"	"17/2/2012 15:55"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"	""	""	""	"21/11/2011 07:16"
+ "WinRAR32"	""	""	"c:\program files\winrar\rarext32.dll"	"17/2/2012 15:55"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"	""	""	""	"22/6/2013 17:52"
+ "Java(tm) Plug-In 2 SSV Helper"	"Java(TM) Platform SE binary"	"Oracle Corporation"	"c:\program files\java\jre7\bin\jp2ssv.dll"	"21/6/2013 21:46"
+ "Java(tm) Plug-In SSV Helper"	"Java(TM) Platform SE binary"	"Oracle Corporation"	"c:\program files\java\jre7\bin\ssv.dll"	"21/6/2013 21:46"
+ "Windows Live ID Sign-in Helper"	"Microsoft® Windows Live ID Login Helper"	"Microsoft Corp."	"c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"	"29/3/2011 05:12"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"	""	""	""	"28/6/2013 09:09"
+ "Java(tm) Plug-In 2 SSV Helper"	"Java(TM) Platform SE binary"	"Oracle Corporation"	"c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"	"4/5/2012 22:47"
+ "Java(tm) Plug-In SSV Helper"	"Java(TM) Platform SE binary"	"Oracle Corporation"	"c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll"	"4/5/2012 22:49"
+ "Windows Live ID Sign-in Helper"	"Microsoft® Windows Live ID Login Helper"	"Microsoft Corp."	"c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"	"29/3/2011 04:32"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"	""	""	""	"22/6/2013 17:52"
+ "Send to &Bluetooth Device..."	""	""	"c:\program files\widcomm\bluetooth software\btsendto_ie.htm"	"25/8/2009 05:43"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"	""	""	""	"16/6/2013 09:59"
+ "&Blog This in Windows Live Writer"	"Windows Live Writer Blog This Extension"	"Microsoft Corporation"	"c:\program files (x86)\windows live\writer\writerbrowserextension.dll"	"9/3/2012 03:13"
+ "Send to &Bluetooth Device..."	""	""	"c:\program files\widcomm\bluetooth software\btsendto_ie.htm"	"25/8/2009 05:43"
"Task Scheduler"	""	""	""	""
X "\AdobeAAMUpdater-1.0-Kev-PC-Kev"	"Adobe Updater Startup Utility"	"Adobe Systems Incorporated"	"c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"	"15/2/2010 12:11"
+ "\Apple\AppleSoftwareUpdate"	"Apple Software Update"	"Apple Inc."	"c:\program files (x86)\apple software update\softwareupdate.exe"	"2/6/2011 01:46"
+ "\CCleanerSkipUAC"	"CCleaner"	"Piriform Ltd"	"c:\program files\ccleaner\ccleaner.exe"	"25/3/2013 20:19"
+ "\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core"	"Facebook Installer"	"Facebook Inc."	"c:\users\kev\appdata\local\facebook\update\facebookupdate.exe"	"2/7/2012 22:07"
+ "\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA"	"Facebook Installer"	"Facebook Inc."	"c:\users\kev\appdata\local\facebook\update\facebookupdate.exe"	"2/7/2012 22:07"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"	"Microsoft Malware Protection Command Line Utility"	"Microsoft Corporation"	"c:\program files\microsoft security client\mpcmdrun.exe"	"25/1/2013 08:56"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask"	"Microsoft Malware Protection Command Line Utility"	"Microsoft Corporation"	"c:\program files\microsoft security client\mpcmdrun.exe"	"25/1/2013 08:56"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task"	"Windows Live Social Object Extractor Engine"	"Microsoft Corporation"	"c:\program files (x86)\windows live\soxe\wlsoxe.dll"	"9/3/2012 03:13"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"	""	""	"c:\windows\system32\gathernetworkinfo.vbs"	"10/6/2009 21:36"
+ "\Microsoft\Windows\orangeinside"	"Executable Orange Inside"	"Orange"	"c:\users\kev\appdata\roaming\orange\orangeinside\one\orangeinside.exe"	"15/11/2012 16:56"
+ "\Microsoft\Windows\orangeinstaller"	""	""	"c:\program files (x86)\orange\orange installer\orangeinstaller.exe"	"29/11/2012 11:24"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"	"Windows Media Player Network Sharing Service Configuration Application"	"Microsoft Corporation"	"c:\program files\windows media player\wmpnscfg.exe"	"14/7/2009 01:24"
+ "\Microsoft_Hardware_Launch_ipoint_exe"	"IPoint.exe"	"Microsoft Corporation"	"c:\program files\microsoft mouse and keyboard center\ipoint.exe"	"2/11/2012 05:32"
+ "\Microsoft_Hardware_Launch_itype_exe"	"IType.exe"	"Microsoft Corporation"	"c:\program files\microsoft mouse and keyboard center\itype.exe"	"2/11/2012 05:32"
+ "\Microsoft_Hardware_Launch_mousekeyboardcenter_exe"	"Microsoft Mouse and Keyboard Center"	"Microsoft"	"c:\program files\microsoft mouse and keyboard center\mousekeyboardcenter.exe"	"2/11/2012 05:30"
+ "\PCDEventLauncherTask"	"PC-Doctor Module"	"PC-Doctor, Inc."	"c:\program files\my dell\sessionchecker.exe"	"3/5/2013 07:08"
+ "\PCDoctorBackgroundMonitorTask"	"PC-Doctor Module"	"PC-Doctor, Inc."	"c:\program files\my dell\uaclauncher.exe"	"3/5/2013 07:06"
+ "\SystemToolsDailyTest"	""	""	"File not found: uaclauncher.exe"	""
"HKLM\System\CurrentControlSet\Services"	""	""	""	"19/6/2013 10:11"
+ "MsMpSvc"	"Helps protect users from malware and other potentially unwanted software"	"Microsoft Corporation"	"c:\program files\microsoft security client\msmpeng.exe"	"25/1/2013 08:55"
+ "NisSrv"	"Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"	"Microsoft Corporation"	"c:\program files\microsoft security client\nissrv.exe"	"25/1/2013 08:56"
+ "ose"	"Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."	"Microsoft Corporation"	"c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"	"27/7/2003 17:52"
+ "WinDefend"	"Protection against spyware and potentially unwanted software"	"Microsoft Corporation"	"c:\program files\windows defender\mpsvc.dll"	"14/7/2009 02:29"
+ "wlidsvc"	"Enables Windows Live ID authentication."	"Microsoft Corp."	"c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"	"29/3/2011 05:11"
+ "WMPNetworkSvc"	"Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"	"Microsoft Corporation"	"c:\program files\windows media player\wmpnetwk.exe"	"20/11/2010 12:18"
"HKLM\System\CurrentControlSet\Services"	""	""	""	"19/6/2013 10:11"
+ "adp94xx"	"Adaptec Windows SAS/SATA Storport Driver"	"Adaptec, Inc."	"c:\windows\system32\drivers\adp94xx.sys"	"6/12/2008 00:54"
+ "adpahci"	"Adaptec Windows SATA Storport Driver"	"Adaptec, Inc."	"c:\windows\system32\drivers\adpahci.sys"	"1/5/2007 18:30"
+ "adpu320"	"Adaptec StorPort Ultra320 SCSI Driver (X64)"	"Adaptec, Inc."	"c:\windows\system32\drivers\adpu320.sys"	"28/2/2007 01:04"
+ "aliide"	"ALi mini IDE Driver"	"Acer Laboratories Inc."	"c:\windows\system32\drivers\aliide.sys"	"14/7/2009 00:19"
+ "amdkmdag"	"ATI Radeon Kernel Mode Driver"	"Advanced Micro Devices, Inc."	"c:\windows\system32\drivers\atikmdag.sys"	"6/12/2011 03:52"
+ "amdkmdap"	"AMD multi-vendor Miniport Driver"	"Advanced Micro Devices, Inc."	"c:\windows\system32\drivers\atikmpag.sys"	"6/12/2011 03:12"
+ "amdsata"	"AHCI 1.2 Device Driver"	"Advanced Micro Devices"	"c:\windows\system32\drivers\amdsata.sys"	"19/3/2010 01:45"
+ "amdsbs"	"AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"	"AMD Technologies Inc."	"c:\windows\system32\drivers\amdsbs.sys"	"20/3/2009 19:36"
+ "amdxata"	"Storage Filter Driver"	"Advanced Micro Devices"	"c:\windows\system32\drivers\amdxata.sys"	"19/3/2010 17:18"
+ "ApfiltrService"	"Alps Touch Pad Driver"	"Alps Electric Co., Ltd."	"c:\windows\system32\drivers\apfiltr.sys"	"31/3/2011 11:35"
+ "arc"	"Adaptec RAID Storport Driver"	"Adaptec, Inc."	"c:\windows\system32\drivers\arc.sys"	"24/5/2007 22:27"
+ "arcsas"	"Adaptec SAS RAID WS03 Driver"	"Adaptec, Inc."	"c:\windows\system32\drivers\arcsas.sys"	"14/1/2009 20:27"
+ "b06bdrv"	"Broadcom NetXtreme II GigE VBD"	"Broadcom Corporation"	"c:\windows\system32\drivers\bxvbda.sys"	"13/2/2009 23:18"
+ "b57nd60a"	"Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."	"Broadcom Corporation"	"c:\windows\system32\drivers\b57nd60a.sys"	"26/4/2009 12:14"
+ "BCM43XX"	"Broadcom 802.11 Network Adapter wireless driver"	"Broadcom Corporation"	"c:\windows\system32\drivers\bcmwl664.sys"	"23/11/2010 20:13"
+ "BrFiltLo"	"Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"	"Brother Industries, Ltd."	"c:\windows\system32\drivers\brfiltlo.sys"	"7/8/2006 02:51"
+ "BrFiltUp"	"Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"	"Brother Industries, Ltd."	"c:\windows\system32\drivers\brfiltup.sys"	"7/8/2006 02:51"
+ "Brserid"	"Brotehr Serial I/F Driver (WDM)"	"Brother Industries Ltd."	"c:\windows\system32\drivers\brserid.sys"	"7/8/2006 02:51"
+ "BrSerWdm"	"Brother Serial driver (WDM version)"	"Brother Industries Ltd."	"c:\windows\system32\drivers\brserwdm.sys"	"7/8/2006 02:51"
+ "BrUsbMdm"	"Brother USB MDM Driver "	"Brother Industries Ltd."	"c:\windows\system32\drivers\brusbmdm.sys"	"7/8/2006 02:51"
+ "BrUsbSer"	"Brother USB Serial Driver"	"Brother Industries Ltd."	"c:\windows\system32\drivers\brusbser.sys"	"9/8/2006 13:11"
+ "BTWAMPFL"	"btwampfl Bluetooth filter driver"	"Broadcom Corporation."	"c:\windows\system32\drivers\btwampfl.sys"	"9/1/2011 22:16"
+ "btwaudio"	"Bluetooth Audio Device"	"Broadcom Corporation."	"c:\windows\system32\drivers\btwaudio.sys"	"20/8/2010 20:16"
+ "btwavdt"	"Broadcom Bluetooth AVDT Service"	"Broadcom Corporation."	"c:\windows\system32\drivers\btwavdt.sys"	"8/9/2010 01:18"
+ "btwl2cap"	"Broadcom Bluetooth L2CAP Service"	"Broadcom Corporation."	"c:\windows\system32\drivers\btwl2cap.sys"	"7/1/2011 19:35"
+ "btwrchid"	"Bluetooth Remote Control HID Minidriver"	"Broadcom Corporation."	"c:\windows\system32\drivers\btwrchid.sys"	"8/9/2010 01:19"
+ "catchme"	""	""	"File not found: C:\puppy\catchme.sys"	""
+ "cmdide"	"CMD PCI IDE Bus Driver"	"CMD Technology, Inc."	"c:\windows\system32\drivers\cmdide.sys"	"14/7/2009 00:19"
+ "CtClsFlt"	"Video Class Upper Filter Driver (64-bit)"	"Creative Technology Ltd."	"c:\windows\system32\drivers\ctclsflt.sys"	"15/6/2009 06:06"
+ "ebdrv"	"Broadcom NetXtreme II 10 GigE VBD"	"Broadcom Corporation"	"c:\windows\system32\drivers\evbda.sys"	"31/12/2008 17:29"
+ "elxstor"	"Storport Miniport Driver for LightPulse HBAs"	"Emulex"	"c:\windows\system32\drivers\elxstor.sys"	"3/2/2009 23:52"
+ "hcw85cir"	"Hauppauge WinTV 885 Consumer IR Driver for eHome"	"Hauppauge Computer Works, Inc."	"c:\windows\system32\drivers\hcw85cir.sys"	"11/5/2009 09:26"
+ "HpSAMD"	"Smart Array SAS/SATA Controller Media Driver"	"Hewlett-Packard Company"	"c:\windows\system32\drivers\hpsamd.sys"	"20/4/2010 19:32"
+ "iaStor"	"Intel Rapid Storage Technology driver - x64"	"Intel Corporation"	"c:\windows\system32\drivers\iastor.sys"	"13/1/2011 02:50"
+ "iaStorV"	"Intel Matrix Storage Manager driver - x64"	"Intel Corporation"	"c:\windows\system32\drivers\iastorv.sys"	"11/6/2010 01:46"
+ "iirsp"	"Intel/ICP Raid Storport Driver"	"Intel Corp./ICP vortex GmbH"	"c:\windows\system32\drivers\iirsp.sys"	"13/12/2005 22:47"
+ "IntcDAud"	"Intel(R) Display Audio Driver"	"Intel(R) Corporation"	"c:\windows\system32\drivers\intcdaud.sys"	"15/10/2010 09:28"
+ "intelkmd"	"Intel Graphics Kernel Mode Driver"	"Intel Corporation"	"c:\windows\system32\drivers\igdpmd64.sys"	"26/3/2011 02:17"
+ "LSI_FC"	"LSI Fusion-MPT FC Driver (StorPort)"	"LSI Corporation"	"c:\windows\system32\drivers\lsi_fc.sys"	"9/12/2008 23:46"
+ "LSI_SAS"	"LSI Fusion-MPT SAS Driver (StorPort)"	"LSI Corporation"	"c:\windows\system32\drivers\lsi_sas.sys"	"19/5/2009 01:20"
+ "LSI_SAS2"	"LSI SAS Gen2 Driver (StorPort)"	"LSI Corporation"	"c:\windows\system32\drivers\lsi_sas2.sys"	"19/5/2009 01:31"
+ "LSI_SCSI"	"LSI Fusion-MPT SCSI Driver (StorPort)"	"LSI Corporation"	"c:\windows\system32\drivers\lsi_scsi.sys"	"16/4/2009 23:13"
+ "MBAMProtector"	"Malwarebytes Anti-Malware"	"Malwarebytes Corporation"	"c:\windows\system32\drivers\mbam.sys"	"28/2/2013 21:33"
+ "megasas"	"MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"	"LSI Corporation"	"c:\windows\system32\drivers\megasas.sys"	"19/5/2009 02:09"
+ "MegaSR"	"LSI MegaRAID Software RAID Driver"	"LSI Corporation, Inc."	"c:\windows\system32\drivers\megasr.sys"	"19/5/2009 02:25"
+ "MEIx64"	"Intel(R) Management Engine Interface"	"Intel Corporation"	"c:\windows\system32\drivers\hecix64.sys"	"20/10/2010 00:33"
+ "netr28ux"	"Ralink 802.11n Wireless Adapter Driver"	"Ralink Technology Corp."	"c:\windows\system32\drivers\netr28ux.sys"	"26/2/2009 03:49"
+ "nfrd960"	"IBM ServeRAID Controller Driver"	"IBM Corporation"	"c:\windows\system32\drivers\nfrd960.sys"	"6/6/2006 22:11"
+ "nvraid"	"NVIDIA® nForce(TM) RAID Driver"	"NVIDIA Corporation"	"c:\windows\system32\drivers\nvraid.sys"	"19/3/2010 21:59"
+ "nvstor"	"NVIDIA® nForce(TM) Sata Performance Driver"	"NVIDIA Corporation"	"c:\windows\system32\drivers\nvstor.sys"	"19/3/2010 21:45"
+ "PxHlpa64"	"Px Engine Device Driver for 64-bit Windows"	"Sonic Solutions"	"c:\windows\system32\drivers\pxhlpa64.sys"	"20/10/2009 19:08"
+ "ql2300"	"QLogic Fibre Channel Stor Miniport Driver"	"QLogic Corporation"	"c:\windows\system32\drivers\ql2300.sys"	"23/1/2009 00:05"
+ "ql40xx"	"QLogic iSCSI Storport Miniport Driver"	"QLogic Corporation"	"c:\windows\system32\drivers\ql40xx.sys"	"19/5/2009 02:18"
+ "RapportCerberus_51755"	""	""	"c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_51755.sys"	"6/3/2013 12:28"
+ "RapportEI64"	"RapportEI"	"Trusteer Ltd."	"c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys"	"29/4/2013 23:26"
+ "RapportKE64"	"RapportKE"	"Trusteer Ltd."	"c:\windows\system32\drivers\rapportke64.sys"	"29/4/2013 23:26"
+ "RapportPG64"	"RapportPG64"	"Trusteer Ltd."	"c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys"	"29/4/2013 23:26"
+ "RSUSBSTOR"	"Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7"	"Realtek Semiconductor Corp."	"c:\windows\system32\drivers\rtsustor.sys"	"27/10/2010 09:25"
+ "RTL8167"	"Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver "	"Realtek "	"c:\windows\system32\drivers\rt64win7.sys"	"10/6/2011 07:33"
+ "SASDIFSV"	"SASDIFSV64.SYS"	"SUPERAdBlocker.com and SUPERAntiSpyware.com"	"c:\program files\superantispyware\sasdifsv64.sys"	"22/7/2011 00:03"
+ "SASKUTIL"	"SASKUTIL64.SYS"	"SUPERAdBlocker.com and SUPERAntiSpyware.com"	"c:\program files\superantispyware\saskutil64.sys"	"12/7/2011 22:00"
+ "secdrv"	"Macrovision SECURITY Driver"	"Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."	"c:\windows\system32\drivers\secdrv.sys"	"13/9/2006 14:18"
+ "SiSRaid2"	"SiS RAID Stor Miniport Driver"	"Silicon Integrated Systems Corp."	"c:\windows\system32\drivers\sisraid2.sys"	"24/9/2008 19:28"
+ "SiSRaid4"	"SiS AHCI Stor-Miniport Driver"	"Silicon Integrated Systems"	"c:\windows\system32\drivers\sisraid4.sys"	"1/10/2008 22:56"
+ "stexstor"	"Promise SuperTrak EX Series Driver for Windows "	"Promise Technology"	"c:\windows\system32\drivers\stexstor.sys"	"18/2/2009 00:03"
+ "STHDA"	"IDT PC Audio TPE"	"IDT, Inc."	"c:\windows\system32\drivers\stwrt64.sys"	"27/5/2011 04:13"
+ "taphss"	"TAP-Win32 Virtual Network Driver"	"AnchorFree Inc"	"c:\windows\system32\drivers\taphss.sys"	"15/9/2009 20:58"
+ "TurboB"	"Turbo Boost UI Monitor driver"	"Intel(R) Corporation"	"c:\windows\system32\drivers\turbob.sys"	"30/11/2010 00:02"
+ "viaide"	"VIA Generic PCI IDE Bus Driver"	"VIA Technologies, Inc."	"c:\windows\system32\drivers\viaide.sys"	"14/7/2009 00:19"
+ "vsmraid"	"VIA RAID DRIVER FOR AMD-X86-64"	"VIA Technologies Inc.,Ltd"	"c:\windows\system32\drivers\vsmraid.sys"	"31/1/2009 02:18"
+ "WinRing0_1_2_0"	"WinRing0"	"OpenLibSys.org"	"c:\users\kev\desktop\realtemp\winring0x64.sys"	"26/7/2008 14:29"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"	""	""	""	"22/6/2013 22:29"
+ "msacm.l3acm"	"MPEG Layer-3 Audio Codec for MSACM"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\system32\l3codeca.acm"	"14/7/2009 02:28"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"	""	""	""	"28/6/2013 09:09"
+ "msacm.l3acm"	"MPEG Layer-3 Audio Codec for MSACM"	"Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\syswow64\l3codeca.acm"	"14/7/2009 02:06"
+ "msacm.l3codecp"	"MPEG Audio Layer-3 Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS"	"c:\windows\syswow64\l3codecp.acm"	"14/7/2009 02:06"
+ "vidc.cvid"	"Cinepak® Codec"	"Radius Inc."	"c:\windows\syswow64\iccvid.dll"	"20/11/2010 12:59"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"	""	""	""	"14/7/2009 05:53"
+ "Audio Destination"	"WAVDest Filter (Sample)"	"Microsoft Corporation"	"c:\program files (x86)\google\google earth\client\wavdest.ax"	"27/2/2013 02:25"
+ "Capture File Writer"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "Creative MJPEG Decoder 2"	"Decoder"	"Creative Technology Ltd."	"c:\program files (x86)\creative\shared files\ctmjpgdec2.ax"	"1/12/2008 10:44"
+ "Creative Video Processing Filter"	"Creative Video Processing Filter"	"Creative Technology Ltd."	"c:\program files (x86)\creative\shared files\vidprocu.ax"	"6/1/2009 04:42"
+ "Half Size to Stereo"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "LVMWriter"	"LVMWriter"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\lvmwriter.ax"	"25/11/2010 16:28"
+ "Media Analyser"	"analyse Filter (Sample)"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\mediaanalyser.ax"	"25/11/2010 16:04"
+ "PSI Parser"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Record Queue"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "Roxio Anaglyph to Stereo"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio Anaglyph to Stereo"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Audio Source 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "Roxio Audio Source Filter"	"Roxio Audio Source Filter"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\audiocodec\rxdsaudiosource.ax"	"25/11/2010 12:20"
+ "Roxio Audio Stream Reader Filter"	"Roxio Audio Stream Reader Filter"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\audiocodec\rxdsaudiostreamreader.ax"	"25/11/2010 12:19"
+ "Roxio Audio Stream Writer Filter"	"Roxio Audio Stream Writer Filter"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\audiocodec\rxdsaudiostreamwriter.ax"	"25/11/2010 12:20"
+ "ROXIO Audio VCFChunker 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO Audio VCFLooper 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO AudioConvert 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO AudioGrabber 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO BDAV Smart Render 1.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO ColorSpace Converter 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO CPU Regulator"	"CPURegulator.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\cpuregulator.ax"	"25/11/2010 16:16"
+ "ROXIO CrossGraphEx Renderer 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO CrossGraphEx Source 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "roxio DCFilters Audio Sync Filter 2 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters Dragons Lair 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters DVD Muxer 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters DVDStream Reader 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters DVDStream Splitter 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters Mpeg I/II Decoder 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters MPEG Transcoder"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters Smart Resizer 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "roxio DCFilters Subpicture Mixer 10"	"roxio DiscCopier DirectShow Filter Collection"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\dllshared\dcfilters12oem.dll"	"25/11/2010 15:51"
+ "ROXIO Deinterlace 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO DV Scene Detector Tee 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO DVDCrossGraphEx Renderer 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO DVDCrossGraphEx Source 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Field Combiner 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Field Splitter 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio File Writer Wrapper"	"Roxio File Writer Wrapper"	"Sonic"	"c:\program files (x86)\roxio\oem\videocore 12\roxfilewriterwrapper.ax"	"25/11/2010 16:16"
+ "ROXIO Image/Colour Source 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO ListImage Source 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO LPCMSyncFilter"	"LPCMSync Filter"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\lpcmsyncfilter.dll"	"24/11/2010 23:34"
+ "Roxio LVM File Source (Async.)"	"LVMAsync"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\lvmasync.ax"	"25/11/2010 16:31"
+ "Roxio Mp3 Encoder (SC)"	"Roxio Audio Codec DLL"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\audiocodec\rxdsmp3encoder.ax"	"25/11/2010 12:23"
+ "Roxio MPEG Analyzer Filter"	"MPEG File Analyzer Dynamic Link Library"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\roxiompegprop.dll"	"24/11/2010 23:29"
+ "Roxio MPEG Stream Analyzer"	"Roxio MPEG Stream Splitter"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpegstreamanalyzer.dll"	"24/11/2010 23:37"
+ "Roxio MPEG1 Audio Encoder"	"ROXIO MPEG Audio Encoder"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\roxioaudioenc.dll"	"24/11/2010 23:38"
+ "Roxio MPEG1 Encoder"	"ROXIO MPEG1 Codec"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg1vidcodec.dll"	"24/11/2010 23:33"
+ "Roxio MPEG1 Muxer"	"ROXIO MPEG MUXER"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg1muxer.dll"	"24/11/2010 23:32"
+ "Roxio MPEG2 Demuxer"	"ROXIO MPEG Demuxer"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\roxiompegdemuxer.dll"	"24/11/2010 23:36"
+ "Roxio MPEG2 Encoder"	"ROXIO MPEG2 Codec"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"	"24/11/2010 23:40"
+ "Roxio MPEG2 Muxer"	"ROXIO MPEG MUXER"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg2muxer.dll"	"24/11/2010 23:32"
+ "Roxio MPEG2 Video Decoder"	"ROXIO MPEG2 Codec"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"	"24/11/2010 23:40"
+ "ROXIO Pan Zoom 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Pin Tee"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio Plasma CrossGraph Renderer"	"MGICGFilter.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\plasmacgfilter.ax"	"25/11/2010 16:35"
+ "Roxio Plasma CrossGraph Source"	"MGICGFilter.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\plasmacgfilter.ax"	"25/11/2010 16:35"
+ "ROXIO QT Source"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO QuickGrabber 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Raw Writer"	"ROXIO Raw Writer"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mgirawwriter.dll"	"24/11/2010 23:34"
+ "Roxio RealD to Stereo"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio Repack Filter"	"Repack Filter"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\repackfilter.dll"	"24/11/2010 23:35"
+ "ROXIO Scene Detector 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO SceneRecorder 1.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio Smart Decoder"	"ROXIO MPEG2 Codec"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"	"24/11/2010 23:40"
+ "Roxio Smart Encoder"	"ROXIO MPEG2 Codec"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\mpeg2vidcodec.dll"	"24/11/2010 23:40"
+ "ROXIO SpyPos 3.0"	"Null-In-Place (Sample)"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\mginullip.ax"	"25/11/2010 16:14"
+ "Roxio StereoSource Cropper"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO ThumbnailGrabber 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio Transport Stream Source"	"ListFrameSource"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\tsmpegsource.dll"	"24/11/2010 23:35"
+ "ROXIO VCFAlphaSplitter 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO VCFAudioMixer 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO VCFDvrSupport 3.0"	"DVR support filter"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\dvrsupportfilt.ax"	"25/11/2010 16:14"
+ "ROXIO VCFDVSceneDetect 1.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO VCFHDVSceneDetect 1.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO VCFLatency 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO VCFpeakmeter 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO VCFStationLogo 1.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO VCFVideoCutList 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO VCFWaveform 1.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "ROXIO Video Effect 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Video Integrate"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Video Resampler 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio Video Rotater,"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO Video VCFLooper 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "ROXIO VideoCombine 3.0"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "Roxio VOB Formatter"	"VOBFormatter"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\vobformatter.ax"	"25/11/2010 16:18"
+ "Roxio Vob Loader"	"VOBLoader"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\vobloader.ax"	"25/11/2010 16:19"
+ "ROXIO WAV Dest 3.0"	"Roxio Audio Filters"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxaudio.ax"	"25/11/2010 16:03"
+ "Sewer"	"MVWcDSutil"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\mvwcdsutil.dll"	"25/11/2010 16:01"
+ "Sonic Audio Resampler"	"Audio Resampler Direct Show Filter"	"Sonic Solutions Inc."	"c:\program files (x86)\roxio\oem\audiocodec\filters\c12oem_trans_audio_samplerate_ds.ax"	"10/5/2010 13:53"
+ "Sonic Cinemaster® Audio Decoder 4.3 (No Dolby)"	"SonicHDAudio"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\common\cinemasteraudiond.dll"	"22/7/2010 09:21"
+ "Sonic Cinemaster® VideoDecoder 4.3 (EMC12)"	"CinemasterVideo"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\common\cinemastervideo.dll"	"22/7/2010 09:33"
+ "Sonic HD Demuxer"	"Sonic HD Demuxer"	""	"c:\program files (x86)\roxio\oem\common\sonichddemuxer.dll"	"22/7/2010 10:01"
+ "Sonic MPEG Multiplexer"	"MPEG Multiplexer-Plus DS Filter"	"Sonic Solutions Inc."	"c:\program files (x86)\roxio\oem\audiocodec\filters\c12oem_mux_mp2_ds.ax"	"10/5/2010 13:40"
+ "Sonic MPEG-2 Video Decoder"	"MPEG-2 Video Decoder"	"Sonic Solutions Inc."	"c:\program files (x86)\common files\sonic shared\sonicmc02\c12oem_dec_mp2v_ds.ax"	"10/5/2010 13:38"
+ "SubPicture Encoder"	"ROXIO SubPicture Encoder"	"Sonic Solutions"	"c:\program files (x86)\common files\roxio shared\oem\12.0\mpeg\subpictenc.dll"	"24/11/2010 23:34"
+ "VCG Null Renderer 3.0"	"VideoCompositing Module"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\videocompositing.ax"	"25/11/2010 16:39"
+ "VCG Video Mixer 3.0"	"VideoCompositing Module"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\videocompositing.ax"	"25/11/2010 16:39"
+ "VCGImageSource"	"VideoCompositing Module"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\videocompositing.ax"	"25/11/2010 16:39"
+ "VMR9 Wrapper 3.0"	"VideoCompositing Module"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\videocompositing.ax"	"25/11/2010 16:39"
+ "Vorbis Decode Filter"	"ogg DShow filters"	""	"c:\program files (x86)\common files\roxio shared\ogg_flac codecs\dsfvorbisdecoder.dll"	"21/7/2008 15:16"
+ "VW Input Selector"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "VW Input Selector 2"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "VW Video Transition"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "VW Video Transition"	"CrossGraphEx.ax"	"Sonic Solutions"	"c:\program files (x86)\roxio\oem\videocore 12\roxvideo.ax"	"25/11/2010 16:13"
+ "WM VIH2 Fix"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "WMT DV Extract Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "WMT Sample Info Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "WMT Switch Filter"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "WMT Virtual Renderer"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
+ "WMT Virtual Source"	"Windows Live Video Acquisition Filters"	"Microsoft Corporation"	"c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"	"9/3/2012 03:32"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"	""	""	""	"14/7/2009 05:53"
+ "BtwCredentialProvider"	"BtwCP DLL"	"Broadcom Corporation."	"c:\program files\widcomm\bluetooth software\btwcp.dll"	"14/1/2011 00:49"
+ "WLIDCredentialProvider"	"Microsoft® Windows Live ID Credential Provider"	"Microsoft Corp."	"c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"	"29/3/2011 05:12"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"	""	""	""	"28/6/2013 09:09"
+ "igfxcui"	"igfxdev Module"	"Intel Corporation"	"c:\windows\system32\igfxdev.dll"	"26/3/2011 01:38"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"	""	""	""	"14/1/2012 06:18"
+ "WindowsLive Local NSP"	"Microsoft® Windows Live ID Namespace Provider"	"Microsoft Corp."	"c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"	"29/3/2011 04:31"
+ "WindowsLive NSP"	"Microsoft® Windows Live ID Namespace Provider"	"Microsoft Corp."	"c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"	"29/3/2011 04:31"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"	""	""	""	"14/1/2012 06:18"
+ "WindowsLive Local NSP"	"Microsoft® Windows Live ID Namespace Provider"	"Microsoft Corp."	"c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"	"29/3/2011 05:10"
+ "WindowsLive NSP"	"Microsoft® Windows Live ID Namespace Provider"	"Microsoft Corp."	"c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"	"29/3/2011 05:10"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"	""	""	""	"28/6/2013 09:11"
+ "KODAK All-in-One Printer"	"Language Monitor for KODAK AiO Printer (64-Bit AMD Athlon(TM)/Opteron(TM) Build)"	"Eastman Kodak Company"	"c:\windows\system32\ekaio2mon.dll"	"15/1/2013 06:49"


----------



## Cookiegal (Aug 27, 2003)

I don't see anything out of place there.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## kevhatch (Jun 20, 2005)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by Kev (administrator) on 28-06-2013 17:25:14
Running from C:\Users\Kev\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Orange) C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
() C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(CometNetwork) C:\Program Files (x86)\CometBird\cometbird.exe
(Mozilla Corporation) C:\Program Files (x86)\CometBird\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(Mozilla Corporation) C:\Program Files (x86)\Pale Moon\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\CometBird\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [OrangeInside] C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1530520 2012-11-16] (Orange)
HKCU\...\Run: [DellSystemDetect] C:\Users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [x]
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKLM-x32\...\Run: [] [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = 
SearchScopes: HKCU - {814C76CB-2623-43F4-AAD0-58A0E5190A20} URL = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms}
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://supportapj.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler: msdaipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default
FF user.js: detected! => C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\user.js
FF SelectedSearchEngine: Orange
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: hxxp://r.orange.fr/r?ref=O_OI_hook_openSearchFF&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Menu Contextuel Orange - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\[email protected]
FF Extension: barre d'outils Orange - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\[email protected]
FF Extension: Plugin Orange Installeur - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}
FF Extension: multifox - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\[email protected]
FF Extension: scriptish - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\[email protected]
FF Extension: testpilot - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
FF Extension: No Name - C:\Users\Kev\AppData\Roaming\Mozilla\Firefox\Profiles\u56vg7o8.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
FF HKLM-x32\...\Mozilla Firefox 11.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 11.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKLM-x32\...\Pale Moon 20.1\Extensions: [Components] C:\Program Files (x86)\Pale Moon\components
FF Extension: No Name - C:\Program Files (x86)\Pale Moon\components
FF HKLM-x32\...\Pale Moon 20.1\Extensions: [Plugins] C:\Program Files (x86)\Pale Moon\plugins

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S4 Orange update Core Service; C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe [1082016 2012-09-18] (France Telecom SA)
S4 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124632 2013-04-02] (Trusteer Ltd.)

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R1 RapportCerberus_51755; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [586072 2013-04-01] ()
R1 RapportCerberus_51755; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [586072 2013-04-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [229040 2013-04-30] (Trusteer Ltd.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [229040 2013-04-30] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236688 2013-04-30] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357712 2013-04-02] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357712 2013-04-02] (Trusteer Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WinRing0_1_2_0; C:\Users\Kev\Desktop\RealTemp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Users\Kev\Desktop\RealTemp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 catchme; \??\C:\puppy\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-28 17:24 - 2013-06-28 17:24 - 01933484 ____A (Farbar) C:\Users\Kev\Desktop\FRST64.exe
2013-06-28 17:24 - 2013-06-28 17:24 - 00000000 ____D C:\FRST
2013-06-28 15:14 - 2013-06-28 15:14 - 00086244 ____A C:\Users\Kev\Desktop\AutoRuns.txt
2013-06-28 15:13 - 2013-06-28 15:13 - 00086244 ____A C:\Users\Kev\Documents\AutoRuns.txt
2013-06-28 15:10 - 2013-06-28 15:10 - 00551072 ____A C:\Users\Kev\Desktop\Autoruns.zip
2013-06-28 14:54 - 2013-06-28 14:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{90FD3E97-92EE-41CD-BA82-ECC01C3C9307}
2013-06-28 10:28 - 2013-06-28 10:28 - 00008522 ____A C:\Users\Kev\Desktop\CHKDSKResults.txt
2013-06-28 01:02 - 2013-06-28 01:03 - 00000000 ____D C:\Users\Kev\AppData\Local\{7B7CBF54-3259-4075-8EA0-B6EEF278F035}
2013-06-26 11:14 - 2013-06-26 11:14 - 00000000 ____D C:\Users\Kev\AppData\Local\{7C85343C-93A5-4AD6-8910-453D5575164F}
2013-06-25 23:13 - 2013-06-25 23:14 - 00000000 ____D C:\Users\Kev\AppData\Local\{0F69D4E8-68D7-426E-B215-7A1FD43EFAE3}
2013-06-25 15:20 - 2013-06-25 15:21 - 00017883 ____A C:\VEW.txt
2013-06-25 15:19 - 2013-06-25 15:19 - 00061440 ____A ( ) C:\Users\Kev\Desktop\VEW.exe
2013-06-25 11:13 - 2013-06-25 11:13 - 00000000 ____D C:\Users\Kev\AppData\Local\{797B5582-A7B6-4B2A-B479-3E40DE069564}
2013-06-25 00:42 - 2013-06-25 00:42 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 00:42 - 2013-06-25 00:42 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 00:42 - 2013-06-25 00:42 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 00:42 - 2013-06-25 00:42 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-25 00:42 - 2013-06-25 00:42 - 00000000 ____D C:\Program Files\Java
2013-06-25 00:40 - 2013-06-25 00:42 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 00:39 - 2013-06-25 00:39 - 33150376 ____A (Oracle Corporation) C:\Users\Kev\Downloads\jre-7u25-windows-x64.exe
2013-06-24 23:32 - 2013-06-24 23:32 - 00000000 ____D C:\Users\Kev\AppData\Roaming\Oracle
2013-06-24 23:12 - 2013-06-24 23:13 - 00000000 ____D C:\Users\Kev\AppData\Local\{8C9D0EEE-D41F-4E9B-8165-E1354EC3DFC9}
2013-06-24 20:35 - 2013-06-24 20:35 - 00000392 ____A C:\look.txt
2013-06-24 20:35 - 2013-06-24 20:35 - 00000146 ____A C:\Users\Kev\Desktop\look.bat
2013-06-24 20:34 - 2013-06-24 20:34 - 00005229 ____A C:\Users\Kev\Desktop\uninstall_list.txt
2013-06-24 11:12 - 2013-06-24 11:12 - 00000000 ____D C:\Users\Kev\AppData\Local\{C7758CA0-2371-4A39-89AC-901173038819}
2013-06-24 00:37 - 2013-06-24 00:37 - 00056179 ____A C:\Users\Kev\Desktop\startuplist.txt
2013-06-23 23:12 - 2013-06-23 23:12 - 00000000 ____D C:\Users\Kev\AppData\Local\{B2DFC3FD-581A-46EA-8EF9-42BF5F3E0576}
2013-06-23 22:04 - 2013-06-23 22:04 - 00000000 ____D C:\ProgramData\Citrix
2013-06-23 21:51 - 2013-06-23 21:51 - 00000000 ____D C:\Users\Kev\AppData\Local\Citrix
2013-06-23 21:51 - 2013-06-23 21:51 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-06-23 21:50 - 2013-06-23 21:50 - 00103832 ____A C:\Users\Kev\GoToAssistDownloadHelper.exe
2013-06-23 20:01 - 2013-06-23 20:04 - 00058604 ____A C:\Users\Kev\Desktop\SystemLook.txt
2013-06-23 20:00 - 2013-06-23 20:00 - 00096256 ____A C:\Users\Kev\Desktop\SystemLook_x64.exe
2013-06-23 09:16 - 2013-06-23 09:16 - 00000000 ____D C:\Users\Kev\AppData\Local\{FC750A16-2128-4024-A3F3-EE94D07C72C4}
2013-06-23 00:02 - 2013-06-23 00:02 - 00002180 ____A C:\Users\Kev\Documents\aswMBR.txt
2013-06-23 00:02 - 2013-06-23 00:02 - 00000512 ____A C:\Users\Kev\Documents\MBR.dat
2013-06-22 22:50 - 2013-06-23 00:01 - 00003419 ____A C:\Users\Kev\Desktop\aswMBR.txt
2013-06-22 22:50 - 2013-06-23 00:01 - 00000512 ____A C:\Users\Kev\Desktop\MBR.dat
2013-06-22 22:40 - 2013-06-22 22:41 - 04745728 ____A (AVAST Software) C:\Users\Kev\Desktop\aswMBR.exe
2013-06-22 22:33 - 2013-06-22 22:33 - 00020620 ____A C:\Users\Kev\Desktop\Puppy2.txt
2013-06-22 22:29 - 2013-06-22 22:29 - 00020620 ____A C:\ComboFix.txt
2013-06-22 20:39 - 2013-06-22 20:39 - 00079852 ____A C:\Users\Kev\Desktop\Extras.Txt
2013-06-22 20:38 - 2013-06-22 20:38 - 00116432 ____A C:\Users\Kev\Desktop\OTL.Txt
2013-06-22 20:27 - 2013-06-22 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\Kev\Desktop\OTL.exe
2013-06-22 19:55 - 2013-06-22 19:55 - 02240864 ____A (Kaspersky Lab ZAO) C:\Users\Kev\Desktop\tdsskiller.exe
2013-06-22 19:19 - 2013-06-22 19:19 - 00021250 ____A C:\Users\Kev\Desktop\puppy.txt
2013-06-22 17:45 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-22 17:45 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-22 17:45 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-22 17:45 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-22 17:45 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-22 17:45 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-22 17:45 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-22 17:45 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-22 17:42 - 2013-06-22 22:29 - 00000000 ____D C:\Qoobox
2013-06-22 17:42 - 2013-06-22 17:59 - 00000000 ____D C:\Windows\erdnt
2013-06-22 17:41 - 2013-06-22 17:41 - 05082201 ____R (Swearware) C:\Users\Kev\Desktop\puppy.exe
2013-06-22 17:13 - 2013-06-22 17:13 - 00001763 ____A C:\Users\Kev\Desktop\ark.txt
2013-06-22 15:33 - 2013-06-22 15:33 - 00377856 ____A C:\Users\Kev\Desktop\o8jl4ewh.exe
2013-06-22 15:29 - 2013-06-22 15:29 - 00026685 ____A C:\Users\Kev\Desktop\dds.txt
2013-06-22 15:29 - 2013-06-22 15:29 - 00008898 ____A C:\Users\Kev\Desktop\attach.txt
2013-06-22 15:27 - 2013-06-22 15:27 - 00688992 ____R (Swearware) C:\Users\Kev\Desktop\dds.scr
2013-06-22 11:35 - 2013-06-22 11:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{2D1A1D9D-F1B4-4642-9C91-E82243E87169}
2013-06-21 23:35 - 2013-06-21 23:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{69DB043A-3B7F-4ACA-B97E-A1FB4BCC01B8}
2013-06-21 13:36 - 2013-06-21 13:36 - 00509440 ____A (Tech Support Guy System) C:\Users\Kev\Downloads\SysInfo.exe
2013-06-21 11:11 - 2013-06-21 11:12 - 00000000 ____D C:\Users\Kev\AppData\Local\{147108A9-9358-429B-B142-960BCE845C0B}
2013-06-20 23:11 - 2013-06-20 23:11 - 00000000 ____D C:\Users\Kev\AppData\Local\{423E0B71-8728-4BDE-84F8-C0D6364CEA12}
2013-06-20 11:10 - 2013-06-20 11:11 - 00000000 ____D C:\Users\Kev\AppData\Local\{6A314A83-C697-443D-AF96-D887BA2C129E}
2013-06-19 23:10 - 2013-06-19 23:10 - 00000000 ____D C:\Users\Kev\AppData\Local\{A93F2BE5-2DB0-42DD-9B41-94E8DC78D540}
2013-06-19 11:09 - 2013-06-19 11:10 - 00000000 ____D C:\Users\Kev\AppData\Local\{4D9D670D-F1A0-47EB-9628-BF0B0ABA6413}
2013-06-18 23:09 - 2013-06-18 23:09 - 00000000 ____D C:\Users\Kev\AppData\Local\{49306D97-73B4-40FF-BDEB-A02BBD116900}
2013-06-18 11:08 - 2013-06-18 11:09 - 00000000 ____D C:\Users\Kev\AppData\Local\{D621CA0E-5D67-45D4-AF95-D3194A29B6DC}
2013-06-17 11:16 - 2013-06-17 11:16 - 00000000 ____D C:\Users\Kev\AppData\Local\{A26358E9-238A-49CD-928F-087C6860BBFE}
2013-06-16 23:15 - 2013-06-16 23:16 - 00000000 ____D C:\Users\Kev\AppData\Local\{F7133418-C3CE-4DC4-AC93-93DE0D310CFD}
2013-06-16 11:15 - 2013-06-16 11:15 - 00000000 ____D C:\Users\Kev\AppData\Local\{4AB49111-1424-4757-A4B9-E5585F27334B}
2013-06-16 09:43 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 09:43 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 09:43 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 09:43 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 09:43 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 09:43 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 09:43 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 09:43 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 09:43 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 09:43 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 09:43 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 09:43 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-15 10:25 - 2013-06-15 10:25 - 00000000 ____D C:\Users\Kev\AppData\Local\{E25F9E2C-EF04-43BD-BC6D-F49AC7EAB462}
2013-06-14 19:10 - 2013-06-14 19:11 - 00000000 ____D C:\Users\Kev\AppData\Local\{9C06BC50-E3AE-46B8-8712-D7204967B102}
2013-06-14 17:21 - 2013-06-14 17:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-06-14 17:21 - 2013-06-14 17:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-06-14 17:20 - 2013-06-14 17:20 - 17991520 ____A (Adobe Systems Inc.) C:\Users\Kev\Downloads\AdobeAIRInstaller.exe
2013-06-13 23:02 - 2013-06-14 14:09 - 00009424 ____A C:\Users\Kev\Desktop\hijackthis.log
2013-06-13 22:59 - 2013-06-13 22:59 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kev\Desktop\HijackThis.exe
2013-06-13 16:40 - 2013-06-13 16:41 - 00001057 ____A C:\AdwCleaner[S2].txt
2013-06-13 16:12 - 2013-06-13 16:13 - 00014033 ____A C:\AdwCleaner[S1].txt
2013-06-13 16:10 - 2013-06-13 16:10 - 00648201 ____A C:\Users\Kev\Downloads\AdwCleaner.exe
2013-06-13 11:24 - 2013-06-13 11:24 - 00000000 ____D C:\Users\Kev\AppData\Local\{2B95C7DE-F613-4688-BE2F-D08FC40FBBDC}
2013-06-13 03:52 - 2013-06-13 03:52 - 00000000 ____D C:\a59e14d750f863bc49e8f3a81ff2
2013-06-13 03:41 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-13 03:41 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-13 03:41 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-13 03:41 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-13 03:41 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-13 03:41 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-13 03:41 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-13 03:40 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-13 03:40 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-13 03:40 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 03:40 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 03:40 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 03:40 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-13 03:40 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 03:39 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-13 03:39 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-13 03:39 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-13 03:39 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 03:39 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 11:48 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 11:47 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 11:47 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 11:47 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 11:47 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 11:47 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 11:47 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 11:47 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 11:47 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 11:47 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 11:47 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 11:47 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 11:47 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 11:47 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 11:47 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 11:47 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 11:47 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 11:47 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 11:47 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 11:39 - 2013-06-12 11:39 - 00000000 ____D C:\Users\Kev\AppData\Local\{D2566590-72B0-4E84-A27E-1002C0AF27E6}
2013-06-11 18:33 - 2013-06-28 17:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-11 18:33 - 2013-06-11 18:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 18:33 - 2013-06-11 18:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 15:16 - 2013-06-11 15:17 - 03191888 ____A (McAfee, Inc.) C:\Users\Kev\Downloads\MCPR.exe
2013-06-11 12:01 - 2013-06-11 12:01 - 00000000 ____D C:\Users\Kev\AppData\Local\{B200BC73-0B7D-4F6A-A67E-3B1EA993061A}
2013-06-09 07:58 - 2013-06-09 07:58 - 00000000 ____D C:\Users\Kev\AppData\Local\{8054621E-83F9-422C-AD39-D251B45833D9}
2013-06-08 19:58 - 2013-06-08 19:58 - 00000000 ____D C:\Users\Kev\AppData\Local\{BA1FDEB4-3626-44C7-A9CF-D1AC089AF458}
2013-06-08 19:07 - 2013-06-08 19:08 - 00000000 ____D C:\Users\Kev\AppData\Roaming\U3
2013-06-08 17:31 - 2013-06-08 17:31 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-08 17:31 - 2013-06-08 17:31 - 00000000 ____D C:\Users\Kev\AppData\Roaming\SUPERAntiSpyware.com
2013-06-08 17:30 - 2013-06-08 17:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-08 17:30 - 2013-06-08 17:30 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-08 17:29 - 2013-06-08 17:30 - 26074448 ____A (SUPERAntiSpyware.com) C:\Users\Kev\Downloads\SUPERAntiSpyware.exe
2013-06-08 16:52 - 2013-06-08 16:52 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-08 16:52 - 2013-06-08 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 16:52 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-08 15:43 - 2013-06-08 15:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-08 15:43 - 2013-06-08 15:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-08 15:19 - 2013-06-08 15:20 - 13475464 ____A (Microsoft Corporation) C:\Users\Kev\Downloads\mseinstall.exe
2013-06-08 01:20 - 2013-06-28 02:59 - 00000000 ____D C:\Users\Kev\AppData\Local\Deployment
2013-06-08 01:20 - 2013-06-23 22:06 - 00000000 ____D C:\Users\Kev\AppData\Local\Apps\2.0
2013-06-07 22:06 - 2013-06-28 02:53 - 00010778 ____A C:\Users\Kev\Downloads\dellsystemdetect.application
2013-06-07 15:08 - 2013-06-07 15:08 - 00000000 ____D C:\Users\Kev\AppData\Local\Dell Edoc Viewer
2013-06-07 15:05 - 2013-06-08 15:43 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-07 11:06 - 2013-06-07 11:06 - 00000000 ____D C:\Users\Kev\AppData\Local\{0DB58CC7-0D11-4063-9353-717696765A47}
2013-06-06 22:55 - 2013-06-06 22:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{9D9FB65E-E1AF-42AF-B611-05BC7DD53463}
2013-06-06 10:55 - 2013-06-06 10:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{89754290-15C0-4749-A587-E70EF8471670}
2013-06-05 22:55 - 2013-06-05 22:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{1B7C0C92-6878-446A-8AE9-16DB590E8581}
2013-06-05 10:55 - 2013-06-05 10:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{4DC256D5-4209-4981-8C7C-24E7731F6E39}
2013-06-04 16:34 - 2013-06-04 16:34 - 00000000 ____D C:\Users\Kev\AppData\Local\{466C021B-A61C-4A0A-B4B3-E52AAB425291}
2013-06-04 04:33 - 2013-06-04 04:34 - 00000000 ____D C:\Users\Kev\AppData\Local\{B8B4F4B0-62ED-4949-8804-DD2705F63AC5}
2013-06-03 16:33 - 2013-06-03 16:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{ECB80A13-487D-4989-B9A7-2564B18F025C}
2013-06-03 04:33 - 2013-06-03 04:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{1F194380-82E8-40D9-ACFC-04D6D853574F}
2013-06-02 16:33 - 2013-06-02 16:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{00D21EEE-7331-471E-A5C8-050683AB404F}
2013-06-02 14:42 - 2013-06-02 14:42 - 00001132 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-02 04:32 - 2013-06-02 04:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{4516EFA5-8C79-4653-9695-A5093B2D957F}
2013-06-01 16:32 - 2013-06-01 16:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{39FA085B-0107-4FE8-8EF5-89F2AB00FE30}
2013-06-01 14:37 - 2013-06-01 14:38 - 04808816 ____A (FileZilla Project) C:\Users\Kev\Downloads\FileZilla_3.7.0.2_win32-setup.exe
2013-06-01 04:32 - 2013-06-01 04:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{2A7BC3FC-B0B2-40EB-8FEA-ADB1212EFCC1}
2013-05-31 16:32 - 2013-05-31 16:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{AAB951CA-1CA0-4768-8832-C9A094BE0EA4}
2013-05-30 23:52 - 2013-05-30 23:52 - 00000000 ____D C:\Users\Kev\AppData\Local\{53F82B4B-71B1-4CE9-93EE-2406C8A8D202}
2013-05-30 11:52 - 2013-05-30 11:52 - 00000000 ____D C:\Users\Kev\AppData\Local\{2E5DD52D-BEA0-48A9-B2F1-A9F4B6026AA7}
2013-05-29 12:35 - 2013-05-29 12:36 - 00000000 ____D C:\Users\Kev\AppData\Local\{E9E27BC4-13A6-4BEF-B7A1-6D8E72AEB2BF}
2013-05-29 00:35 - 2013-05-29 00:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{DFACD7F0-F0E8-44A3-9CEF-CE7428A3A9F4}

==================== One Month Modified Files and Folders =======

2013-06-28 17:24 - 2013-06-28 17:24 - 01933484 ____A (Farbar) C:\Users\Kev\Desktop\FRST64.exe
2013-06-28 17:24 - 2013-06-28 17:24 - 00000000 ____D C:\FRST
2013-06-28 17:23 - 2013-06-11 18:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 16:55 - 2012-04-02 11:27 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-28 15:14 - 2013-06-28 15:14 - 00086244 ____A C:\Users\Kev\Desktop\AutoRuns.txt
2013-06-28 15:13 - 2013-06-28 15:13 - 00086244 ____A C:\Users\Kev\Documents\AutoRuns.txt
2013-06-28 15:10 - 2013-06-28 15:10 - 00551072 ____A C:\Users\Kev\Desktop\Autoruns.zip
2013-06-28 15:01 - 2012-08-19 23:48 - 00000920 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA.job
2013-06-28 14:55 - 2013-06-28 14:54 - 00000000 ____D C:\Users\Kev\AppData\Local\{90FD3E97-92EE-41CD-BA82-ECC01C3C9307}
2013-06-28 10:28 - 2013-06-28 10:28 - 00008522 ____A C:\Users\Kev\Desktop\CHKDSKResults.txt
2013-06-28 09:42 - 2013-05-25 01:00 - 00007514 ____A C:\Windows\setupact.log
2013-06-28 09:20 - 2009-07-14 05:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 09:20 - 2009-07-14 05:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 09:16 - 2011-11-21 06:20 - 01590177 ____A C:\Windows\WindowsUpdate.log
2013-06-28 09:16 - 2009-07-14 06:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 09:13 - 2012-04-02 11:27 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-28 09:09 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 02:59 - 2013-06-08 01:20 - 00000000 ____D C:\Users\Kev\AppData\Local\Deployment
2013-06-28 02:53 - 2013-06-07 22:06 - 00010778 ____A C:\Users\Kev\Downloads\dellsystemdetect.application
2013-06-28 01:03 - 2013-06-28 01:02 - 00000000 ____D C:\Users\Kev\AppData\Local\{7B7CBF54-3259-4075-8EA0-B6EEF278F035}
2013-06-26 11:14 - 2013-06-26 11:14 - 00000000 ____D C:\Users\Kev\AppData\Local\{7C85343C-93A5-4AD6-8910-453D5575164F}
2013-06-26 00:01 - 2012-08-19 23:48 - 00000898 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core.job
2013-06-25 23:14 - 2013-06-25 23:13 - 00000000 ____D C:\Users\Kev\AppData\Local\{0F69D4E8-68D7-426E-B215-7A1FD43EFAE3}
2013-06-25 15:21 - 2013-06-25 15:20 - 00017883 ____A C:\VEW.txt
2013-06-25 15:19 - 2013-06-25 15:19 - 00061440 ____A ( ) C:\Users\Kev\Desktop\VEW.exe
2013-06-25 11:13 - 2013-06-25 11:13 - 00000000 ____D C:\Users\Kev\AppData\Local\{797B5582-A7B6-4B2A-B479-3E40DE069564}
2013-06-25 00:42 - 2013-06-25 00:42 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-25 00:42 - 2013-06-25 00:42 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-25 00:42 - 2013-06-25 00:42 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-25 00:42 - 2013-06-25 00:42 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-25 00:42 - 2013-06-25 00:42 - 00000000 ____D C:\Program Files\Java
2013-06-25 00:42 - 2013-06-25 00:40 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-25 00:42 - 2011-11-21 06:32 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-25 00:39 - 2013-06-25 00:39 - 33150376 ____A (Oracle Corporation) C:\Users\Kev\Downloads\jre-7u25-windows-x64.exe
2013-06-24 23:33 - 2012-04-27 20:21 - 00903080 ____A (Oracle Corporation) C:\Users\Kev\Downloads\jxpiinstall.exe
2013-06-24 23:32 - 2013-06-24 23:32 - 00000000 ____D C:\Users\Kev\AppData\Roaming\Oracle
2013-06-24 23:21 - 2013-05-26 09:50 - 00013324 ____A C:\Windows\PFRO.log
2013-06-24 23:13 - 2013-06-24 23:12 - 00000000 ____D C:\Users\Kev\AppData\Local\{8C9D0EEE-D41F-4E9B-8165-E1354EC3DFC9}
2013-06-24 20:35 - 2013-06-24 20:35 - 00000392 ____A C:\look.txt
2013-06-24 20:35 - 2013-06-24 20:35 - 00000146 ____A C:\Users\Kev\Desktop\look.bat
2013-06-24 20:34 - 2013-06-24 20:34 - 00005229 ____A C:\Users\Kev\Desktop\uninstall_list.txt
2013-06-24 11:12 - 2013-06-24 11:12 - 00000000 ____D C:\Users\Kev\AppData\Local\{C7758CA0-2371-4A39-89AC-901173038819}
2013-06-24 00:37 - 2013-06-24 00:37 - 00056179 ____A C:\Users\Kev\Desktop\startuplist.txt
2013-06-23 23:12 - 2013-06-23 23:12 - 00000000 ____D C:\Users\Kev\AppData\Local\{B2DFC3FD-581A-46EA-8EF9-42BF5F3E0576}
2013-06-23 22:06 - 2013-06-08 01:20 - 00000000 ____D C:\Users\Kev\AppData\Local\Apps\2.0
2013-06-23 22:04 - 2013-06-23 22:04 - 00000000 ____D C:\ProgramData\Citrix
2013-06-23 21:51 - 2013-06-23 21:51 - 00000000 ____D C:\Users\Kev\AppData\Local\Citrix
2013-06-23 21:51 - 2013-06-23 21:51 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-06-23 21:50 - 2013-06-23 21:50 - 00103832 ____A C:\Users\Kev\GoToAssistDownloadHelper.exe
2013-06-23 21:50 - 2012-01-13 07:45 - 00000000 ____D C:\users\Kev
2013-06-23 20:04 - 2013-06-23 20:01 - 00058604 ____A C:\Users\Kev\Desktop\SystemLook.txt
2013-06-23 20:00 - 2013-06-23 20:00 - 00096256 ____A C:\Users\Kev\Desktop\SystemLook_x64.exe
2013-06-23 09:16 - 2013-06-23 09:16 - 00000000 ____D C:\Users\Kev\AppData\Local\{FC750A16-2128-4024-A3F3-EE94D07C72C4}
2013-06-23 00:02 - 2013-06-23 00:02 - 00002180 ____A C:\Users\Kev\Documents\aswMBR.txt
2013-06-23 00:02 - 2013-06-23 00:02 - 00000512 ____A C:\Users\Kev\Documents\MBR.dat
2013-06-23 00:01 - 2013-06-22 22:50 - 00003419 ____A C:\Users\Kev\Desktop\aswMBR.txt
2013-06-23 00:01 - 2013-06-22 22:50 - 00000512 ____A C:\Users\Kev\Desktop\MBR.dat
2013-06-22 22:41 - 2013-06-22 22:40 - 04745728 ____A (AVAST Software) C:\Users\Kev\Desktop\aswMBR.exe
2013-06-22 22:33 - 2013-06-22 22:33 - 00020620 ____A C:\Users\Kev\Desktop\Puppy2.txt
2013-06-22 22:29 - 2013-06-22 22:29 - 00020620 ____A C:\ComboFix.txt
2013-06-22 22:29 - 2013-06-22 17:42 - 00000000 ____D C:\Qoobox
2013-06-22 22:27 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-06-22 20:39 - 2013-06-22 20:39 - 00079852 ____A C:\Users\Kev\Desktop\Extras.Txt
2013-06-22 20:38 - 2013-06-22 20:38 - 00116432 ____A C:\Users\Kev\Desktop\OTL.Txt
2013-06-22 20:27 - 2013-06-22 20:27 - 00602112 ____A (OldTimer Tools) C:\Users\Kev\Desktop\OTL.exe
2013-06-22 19:55 - 2013-06-22 19:55 - 02240864 ____A (Kaspersky Lab ZAO) C:\Users\Kev\Desktop\tdsskiller.exe
2013-06-22 19:19 - 2013-06-22 19:19 - 00021250 ____A C:\Users\Kev\Desktop\puppy.txt
2013-06-22 19:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-22 18:01 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2013-06-22 17:59 - 2013-06-22 17:42 - 00000000 ____D C:\Windows\erdnt
2013-06-22 17:52 - 2009-07-14 03:34 - 74973184 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-06-22 17:52 - 2009-07-14 03:34 - 24641536 ____A C:\Windows\System32\config\SYSTEM.bak
2013-06-22 17:52 - 2009-07-14 03:34 - 01048576 ____A C:\Windows\System32\config\DEFAULT.bak
2013-06-22 17:52 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-06-22 17:52 - 2009-07-14 03:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-06-22 17:41 - 2013-06-22 17:41 - 05082201 ____R (Swearware) C:\Users\Kev\Desktop\puppy.exe
2013-06-22 17:13 - 2013-06-22 17:13 - 00001763 ____A C:\Users\Kev\Desktop\ark.txt
2013-06-22 15:33 - 2013-06-22 15:33 - 00377856 ____A C:\Users\Kev\Desktop\o8jl4ewh.exe
2013-06-22 15:29 - 2013-06-22 15:29 - 00026685 ____A C:\Users\Kev\Desktop\dds.txt
2013-06-22 15:29 - 2013-06-22 15:29 - 00008898 ____A C:\Users\Kev\Desktop\attach.txt
2013-06-22 15:27 - 2013-06-22 15:27 - 00688992 ____R (Swearware) C:\Users\Kev\Desktop\dds.scr
2013-06-22 13:40 - 2012-01-13 19:30 - 00000000 ____D C:\Users\Kev\AppData\Roaming\Skype
2013-06-22 11:35 - 2013-06-22 11:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{2D1A1D9D-F1B4-4642-9C91-E82243E87169}
2013-06-21 23:35 - 2013-06-21 23:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{69DB043A-3B7F-4ACA-B97E-A1FB4BCC01B8}
2013-06-21 13:36 - 2013-06-21 13:36 - 00509440 ____A (Tech Support Guy System) C:\Users\Kev\Downloads\SysInfo.exe
2013-06-21 11:12 - 2013-06-21 11:11 - 00000000 ____D C:\Users\Kev\AppData\Local\{147108A9-9358-429B-B142-960BCE845C0B}
2013-06-20 23:11 - 2013-06-20 23:11 - 00000000 ____D C:\Users\Kev\AppData\Local\{423E0B71-8728-4BDE-84F8-C0D6364CEA12}
2013-06-20 11:11 - 2013-06-20 11:10 - 00000000 ____D C:\Users\Kev\AppData\Local\{6A314A83-C697-443D-AF96-D887BA2C129E}
2013-06-19 23:10 - 2013-06-19 23:10 - 00000000 ____D C:\Users\Kev\AppData\Local\{A93F2BE5-2DB0-42DD-9B41-94E8DC78D540}
2013-06-19 11:10 - 2013-06-19 11:09 - 00000000 ____D C:\Users\Kev\AppData\Local\{4D9D670D-F1A0-47EB-9628-BF0B0ABA6413}
2013-06-18 23:09 - 2013-06-18 23:09 - 00000000 ____D C:\Users\Kev\AppData\Local\{49306D97-73B4-40FF-BDEB-A02BBD116900}
2013-06-18 11:09 - 2013-06-18 11:08 - 00000000 ____D C:\Users\Kev\AppData\Local\{D621CA0E-5D67-45D4-AF95-D3194A29B6DC}
2013-06-17 11:16 - 2013-06-17 11:16 - 00000000 ____D C:\Users\Kev\AppData\Local\{A26358E9-238A-49CD-928F-087C6860BBFE}
2013-06-16 23:16 - 2013-06-16 23:15 - 00000000 ____D C:\Users\Kev\AppData\Local\{F7133418-C3CE-4DC4-AC93-93DE0D310CFD}
2013-06-16 11:15 - 2013-06-16 11:15 - 00000000 ____D C:\Users\Kev\AppData\Local\{4AB49111-1424-4757-A4B9-E5585F27334B}
2013-06-15 10:25 - 2013-06-15 10:25 - 00000000 ____D C:\Users\Kev\AppData\Local\{E25F9E2C-EF04-43BD-BC6D-F49AC7EAB462}
2013-06-14 19:11 - 2013-06-14 19:10 - 00000000 ____D C:\Users\Kev\AppData\Local\{9C06BC50-E3AE-46B8-8712-D7204967B102}
2013-06-14 17:21 - 2013-06-14 17:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-06-14 17:21 - 2013-06-14 17:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-06-14 17:21 - 2011-11-21 06:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-14 17:20 - 2013-06-14 17:20 - 17991520 ____A (Adobe Systems Inc.) C:\Users\Kev\Downloads\AdobeAIRInstaller.exe
2013-06-14 14:09 - 2013-06-13 23:02 - 00009424 ____A C:\Users\Kev\Desktop\hijackthis.log
2013-06-13 22:59 - 2013-06-13 22:59 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kev\Desktop\HijackThis.exe
2013-06-13 16:41 - 2013-06-13 16:40 - 00001057 ____A C:\AdwCleaner[S2].txt
2013-06-13 16:13 - 2013-06-13 16:12 - 00014033 ____A C:\AdwCleaner[S1].txt
2013-06-13 16:10 - 2013-06-13 16:10 - 00648201 ____A C:\Users\Kev\Downloads\AdwCleaner.exe
2013-06-13 11:24 - 2013-06-13 11:24 - 00000000 ____D C:\Users\Kev\AppData\Local\{2B95C7DE-F613-4688-BE2F-D08FC40FBBDC}
2013-06-13 10:36 - 2011-02-23 14:08 - 00000000 ____D C:\Windows\Panther
2013-06-13 03:53 - 2012-01-13 20:17 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-13 03:52 - 2013-06-13 03:52 - 00000000 ____D C:\a59e14d750f863bc49e8f3a81ff2
2013-06-12 11:39 - 2013-06-12 11:39 - 00000000 ____D C:\Users\Kev\AppData\Local\{D2566590-72B0-4E84-A27E-1002C0AF27E6}
2013-06-11 18:33 - 2013-06-11 18:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 18:33 - 2013-06-11 18:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 18:32 - 2012-01-28 12:24 - 00000000 ____D C:\Users\Kev\AppData\Local\Adobe
2013-06-11 18:24 - 2012-07-20 17:18 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-06-11 18:23 - 2011-11-21 06:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-06-11 15:17 - 2013-06-11 15:16 - 03191888 ____A (McAfee, Inc.) C:\Users\Kev\Downloads\MCPR.exe
2013-06-11 12:01 - 2013-06-11 12:01 - 00000000 ____D C:\Users\Kev\AppData\Local\{B200BC73-0B7D-4F6A-A67E-3B1EA993061A}
2013-06-10 18:26 - 2011-11-21 07:20 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-06-10 18:08 - 2011-11-21 07:30 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-06-10 18:08 - 2011-11-21 07:30 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-06-10 17:56 - 2013-03-25 18:18 - 00008704 __ASH C:\Users\Kev\Documents\Thumbs.db
2013-06-10 17:54 - 2012-01-13 20:32 - 00000000 ____D C:\Users\Kev\AppData\Local\Windows Live Writer
2013-06-09 23:43 - 2013-01-16 01:47 - 02347384 ____A (ESET) C:\Users\Kev\Downloads\esetsmartinstaller_enu.exe
2013-06-09 07:58 - 2013-06-09 07:58 - 00000000 ____D C:\Users\Kev\AppData\Local\{8054621E-83F9-422C-AD39-D251B45833D9}
2013-06-08 19:58 - 2013-06-08 19:58 - 00000000 ____D C:\Users\Kev\AppData\Local\{BA1FDEB4-3626-44C7-A9CF-D1AC089AF458}
2013-06-08 19:25 - 2009-07-14 06:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-08 19:08 - 2013-06-08 19:07 - 00000000 ____D C:\Users\Kev\AppData\Roaming\U3
2013-06-08 17:31 - 2013-06-08 17:31 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-08 17:31 - 2013-06-08 17:31 - 00000000 ____D C:\Users\Kev\AppData\Roaming\SUPERAntiSpyware.com
2013-06-08 17:31 - 2013-06-08 17:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-08 17:30 - 2013-06-08 17:30 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-08 17:30 - 2013-06-08 17:29 - 26074448 ____A (SUPERAntiSpyware.com) C:\Users\Kev\Downloads\SUPERAntiSpyware.exe
2013-06-08 16:52 - 2013-06-08 16:52 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-08 16:52 - 2013-06-08 16:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-08 16:45 - 2012-01-16 09:42 - 00000000 ____D C:\Users\Kev\AppData\Roaming\FileZilla
2013-06-08 15:43 - 2013-06-08 15:43 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-06-08 15:43 - 2013-06-08 15:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-06-08 15:43 - 2013-06-07 15:05 - 00001945 ____A C:\Windows\epplauncher.mif
2013-06-08 15:20 - 2013-06-08 15:19 - 13475464 ____A (Microsoft Corporation) C:\Users\Kev\Downloads\mseinstall.exe
2013-06-08 15:08 - 2013-06-16 09:43 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-16 09:43 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-16 09:43 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-16 09:43 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-16 09:43 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:06 - 2012-01-15 09:11 - 00000000 ____D C:\ProgramData\PCDr
2013-06-08 13:28 - 2013-06-16 09:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:22 - 2012-12-27 11:39 - 00000000 ____D C:\ProgramData\Kodak
2013-06-08 12:42 - 2013-06-16 09:43 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-16 09:43 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-16 09:43 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-16 09:43 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-16 09:43 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-16 09:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 15:08 - 2013-06-07 15:08 - 00000000 ____D C:\Users\Kev\AppData\Local\Dell Edoc Viewer
2013-06-07 12:45 - 2013-05-23 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-07 11:06 - 2013-06-07 11:06 - 00000000 ____D C:\Users\Kev\AppData\Local\{0DB58CC7-0D11-4063-9353-717696765A47}
2013-06-06 22:55 - 2013-06-06 22:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{9D9FB65E-E1AF-42AF-B611-05BC7DD53463}
2013-06-06 10:55 - 2013-06-06 10:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{89754290-15C0-4749-A587-E70EF8471670}
2013-06-05 22:55 - 2013-06-05 22:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{1B7C0C92-6878-446A-8AE9-16DB590E8581}
2013-06-05 10:55 - 2013-06-05 10:55 - 00000000 ____D C:\Users\Kev\AppData\Local\{4DC256D5-4209-4981-8C7C-24E7731F6E39}
2013-06-04 16:34 - 2013-06-04 16:34 - 00000000 ____D C:\Users\Kev\AppData\Local\{466C021B-A61C-4A0A-B4B3-E52AAB425291}
2013-06-04 04:34 - 2013-06-04 04:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{B8B4F4B0-62ED-4949-8804-DD2705F63AC5}
2013-06-03 16:33 - 2013-06-03 16:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{ECB80A13-487D-4989-B9A7-2564B18F025C}
2013-06-03 04:33 - 2013-06-03 04:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{1F194380-82E8-40D9-ACFC-04D6D853574F}
2013-06-02 16:33 - 2013-06-02 16:33 - 00000000 ____D C:\Users\Kev\AppData\Local\{00D21EEE-7331-471E-A5C8-050683AB404F}
2013-06-02 14:42 - 2013-06-02 14:42 - 00001132 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-02 04:33 - 2013-06-02 04:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{4516EFA5-8C79-4653-9695-A5093B2D957F}
2013-06-01 17:50 - 2012-04-14 14:59 - 00006656 ____A C:\Users\Kev\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-01 16:32 - 2013-06-01 16:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{39FA085B-0107-4FE8-8EF5-89F2AB00FE30}
2013-06-01 16:28 - 2012-02-15 16:38 - 00000000 ___RD C:\Users\Kev\Desktop\WebSite
2013-06-01 14:38 - 2013-06-01 14:37 - 04808816 ____A (FileZilla Project) C:\Users\Kev\Downloads\FileZilla_3.7.0.2_win32-setup.exe
2013-06-01 14:38 - 2012-01-16 09:42 - 00002002 ____A C:\Users\Kev\Desktop\FileZilla Client.lnk
2013-06-01 14:38 - 2012-01-16 09:41 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-06-01 04:32 - 2013-06-01 04:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{2A7BC3FC-B0B2-40EB-8FEA-ADB1212EFCC1}
2013-05-31 16:32 - 2013-05-31 16:32 - 00000000 ____D C:\Users\Kev\AppData\Local\{AAB951CA-1CA0-4768-8832-C9A094BE0EA4}
2013-05-30 23:52 - 2013-05-30 23:52 - 00000000 ____D C:\Users\Kev\AppData\Local\{53F82B4B-71B1-4CE9-93EE-2406C8A8D202}
2013-05-30 11:52 - 2013-05-30 11:52 - 00000000 ____D C:\Users\Kev\AppData\Local\{2E5DD52D-BEA0-48A9-B2F1-A9F4B6026AA7}
2013-05-29 12:36 - 2013-05-29 12:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{E9E27BC4-13A6-4BEF-B7A1-6D8E72AEB2BF}
2013-05-29 00:35 - 2013-05-29 00:35 - 00000000 ____D C:\Users\Kev\AppData\Local\{DFACD7F0-F0E8-44A3-9CEF-CE7428A3A9F4}

Files to move or delete:
====================
C:\Users\Kev\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-22 19:14

==================== End Of Log ============================


----------



## kevhatch (Jun 20, 2005)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by Kev at 2013-06-28 17:26:37
Running from C:\Users\Kev\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Advanced Audio FX Engine (x32 Version: 1.12.05)
aioscnnr (x32 Version: 5.8.10.0)
aioscnnr (x32 Version: 7.6.13.10)
AMD APP SDK Runtime (Version: 10.0.851.4)
AMD AVIVO64 Codecs (Version: 12.1.0.11205)
AMD Catalyst Install Manager (Version: 3.0.859.0)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Assistance Livebox (x32 Version: 1.3.1.0)
C4USelfUpdater (x32 Version: 1.00.0000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center InstallProxy (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Localization All (x32 Version: 2011.1205.2215.39827)
Catalyst Control Center Profiles Mobile (x32 Version: 2011.1205.2215.39827)
CCC Help Chinese Standard (x32 Version: 2011.1205.2214.39827)
CCC Help Chinese Traditional (x32 Version: 2011.1205.2214.39827)
CCC Help Danish (x32 Version: 2011.1205.2214.39827)
CCC Help Dutch (x32 Version: 2011.1205.2214.39827)
CCC Help English (x32 Version: 2011.1205.2214.39827)
CCC Help Finnish (x32 Version: 2011.1205.2214.39827)
CCC Help French (x32 Version: 2011.1205.2214.39827)
CCC Help German (x32 Version: 2011.1205.2214.39827)
CCC Help Italian (x32 Version: 2011.1205.2214.39827)
CCC Help Japanese (x32 Version: 2011.1205.2214.39827)
CCC Help Korean (x32 Version: 2011.1205.2214.39827)
CCC Help Norwegian (x32 Version: 2011.1205.2214.39827)
CCC Help Portuguese (x32 Version: 2011.1205.2214.39827)
CCC Help Russian (x32 Version: 2011.1205.2214.39827)
CCC Help Spanish (x32 Version: 2011.1205.2214.39827)
CCC Help Swedish (x32 Version: 2011.1205.2214.39827)
ccc-utility64 (Version: 2011.1205.2215.39827)
CCleaner (Version: 4.00)
center (x32 Version: 7.7.2.0)
CometBird 11.0 (x86 en-US) (x32 Version: 11.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell MusicStage (x32 Version: 1.5.201.0)
Dell PhotoStage (x32 Version: 1.5.0.65)
Dell Product Registration (x32 Version: 1.1.3)
Dell Stage (x32 Version: 1.5.201.0)
Dell Stage Remote (x32 Version: 2.0.0.43)
Dell System Detect (HKCU Version: 4.1.2.11)
Dell Touchpad (Version: 7.1207.101.225)
Dell VideoStage (x32 Version: 1.2.0.1719)
Dell Webcam Central (x32 Version: 1.40.05)
DirectX 9 Runtime (x32 Version: 1.00.0000)
DW WLAN Card (Version: 5.100.82.88)
Encrypt Files v1.5 (x32)
ESET Online Scanner v3 (x32)
essentials (x32 Version: 7.7.2.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FileZilla Client 3.7.0.2 (HKCU Version: 3.7.0.2)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0)
IDT Audio (x32 Version: 1.0.6341.0)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel(R) Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 7 (x32 Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK AiO Software (x32 Version: 7.7.6.0)
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (x32 Version: 11.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
msvcrt_installer (x32 Version: 1.0.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.3.6261.27)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0)
Nero Control Center 10 (x32 Version: 10.6.12500.0.5)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800)
Nero Core Components 10 (x32 Version: 2.0.20000.9.12)
Nero Update (x32 Version: 1.0.0018)
Notification Mail (x32 Version: 3.1.3-Fr1.0)
ocr (x32 Version: 6.2.3.50)
Orange Inside (HKCU Version: V1.3.0.0)
Orange Installer (x32 Version: 2.0.0.5)
Orange update (x32 Version: 2.0.8.0)
Pale Moon 20.1 (x86 en-US) (x32 Version: 20.1)
PDF Settings CS5 (x32 Version: 10.0)
PhotoShowExpress (x32 Version: 2.0.063)
Picasa 3 (x32 Version: 3.9)
PowerXpressHybrid (x32 Version: 1.00.0000)
PreReq (x32 Version: 6.2.4.0)
PrintProjects (x32 Version: 1.0.0.9282)
PX Profile Update (x32 Version: 1.00.1.)
Quickset64 (Version: 10.09.25)
QuickTime (x32 Version: 7.73.80.64)
Rapport (Version: 3.5.1205.20)
Rapport (x32 Version: 3.5.1208.36)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.3 (x32 Version: 6.3.107)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (x32 Version: 12.0.0.1)
SyncUP (x32 Version: 1.10.11100.8.106)
SyncUP (x32 Version: 10.2.15400)
TeamSpeak 3 Client (x32 Version: 3.0.10.1)
ToolbarFR (x32 Version: 1.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
WIDCOMM Bluetooth Software (Version: 6.3.0.7600)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
Zinio Reader 4 (x32 Version: 4.2.4164)

==================== Restore Points =========================

28-06-2013 00:12:23 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {00670EBB-7EFD-4D9D-9E17-11105F0728A5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {0DAE57DC-8C53-4A1E-98D1-DCB6E2049CDF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02] (Google Inc.)
Task: {0E880D9B-E63B-4027-B058-021D816E4EB7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-768171273-2258216897-828858201-1000
Task: {1FB7411D-53CF-491E-8239-799B8C5CFFC7} - System32\Tasks\Microsoft\Windows\orangeinside => C:\Users\Kev\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [2012-11-16] (Orange)
Task: {26398165-61A2-4DA6-8DF4-ECBC3501F2B8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {3ACF3407-E3A9-49C3-A568-F2795EB7B1EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA => C:\Users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19] (Facebook Inc.)
Task: {563F0D8E-C011-4ECD-9D16-1A48A207F7B9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core => C:\Users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-19] (Facebook Inc.)
Task: {58556D42-4BEF-4108-9B11-C483D1DC5955} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {5937BAE8-3799-421F-8A3E-F464D625E65D} - System32\Tasks\AdobeAAMUpdater-1.0-Kev-PC-Kev => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {74F5E19A-CEFA-4274-89F7-AB2BC0AA567A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {792C6BBD-389D-450D-8B4D-0ED6B224AEA2} - System32\Tasks\Microsoft\Windows\orangeinstaller => C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe [2012-11-29] ()
Task: {837AA10F-7DDB-4D28-A309-48071FF01410} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {8FD09204-5B16-4A5D-BAE4-B284F80D1B39} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-05-07] (PC-Doctor, Inc.)
Task: {A5163933-D4CC-48B0-A142-2117FDAF30F2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {AE8ABAD4-5F19-4412-9AE2-3066BF32FAC3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {C50DFEDA-A637-454D-A7E0-995897A2423A} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: {CFFD4FB2-F5D8-42DA-B878-B3F8C69BE86B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02] (Google Inc.)
Task: {E516DB81-3851-44B2-997A-547D88F3D610} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {EB893ECF-9439-4C17-9583-EAAC99FB161C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F3CED883-B557-444B-B58E-067A87552F8B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {FA42AC86-D958-411E-AF3C-F09EB4B746C9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000Core.job => C:\Users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-768171273-2258216897-828858201-1000UA.job => C:\Users\Kev\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1701 Bluetooth v3.0+HS
Description: Dell Wireless 1701 Bluetooth v3.0+HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2013 09:13:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 01:01:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2013 00:46:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2013 11:23:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2013 00:28:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2013 00:25:32 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (06/23/2013 11:42:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 10:52:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 09:11:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2013 11:00:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (06/28/2013 09:33:53 AM) (Source: Service Control Manager) (User: )
Description: The Volume Shadow Copy service failed to start due to the following error: 
%%1053

Error: (06/28/2013 09:33:53 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

Error: (06/28/2013 09:33:54 AM) (Source: DCOM) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/28/2013 09:12:52 AM) (Source: Service Control Manager) (User: )
Description: The Internet Connection Sharing (ICS) service hung on starting.

Error: (06/28/2013 09:12:27 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/28/2013 09:10:49 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\System32\bcmihvsrv64.dll
Error Code: 258

Error: (06/28/2013 09:09:32 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:06:21 AM on ?28/?6/?2013 was unexpected.

Error: (06/28/2013 01:01:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/28/2013 01:00:42 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\System32\bcmihvsrv64.dll
Error Code: 258

Error: (06/25/2013 00:47:30 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (06/28/2013 09:13:35 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 01:01:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2013 00:46:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2013 11:23:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2013 00:28:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2013 00:25:32 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (06/23/2013 11:42:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 10:52:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2013 09:11:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2013 11:00:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
Date: 2013-06-22 17:51:41.307
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\puppy\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-22 17:51:41.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\puppy\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 8099.88 MB
Available physical RAM: 3554.15 MB
Total Pagefile: 16197.95 MB
Available Pagefile: 11535.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:347.16 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 59236241)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## kevhatch (Jun 20, 2005)

No restart asked for -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-06-2013
Ran by Kev at 2013-06-28 19:51:48 Run:1
Running from C:\Users\Kev\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\ProgramData\Citrix => Moved successfully.
C:\Users\Kev\AppData\Local\Citrix => Moved successfully.
C:\Program Files (x86)\Citrix => Moved successfully.
C:\Users\Kev\GoToAssistDownloadHelper.exe => Moved successfully.

==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

Any improvement?


----------



## kevhatch (Jun 20, 2005)

I rebooted - Shutdown was quick. On restart it was good until after entering log-on password then it stayed on the welcome screen for at least 3 minutes. Desktop loaded OK but was unresponsive for a minute or two. While the desktop was loading it sounded like the hard drive was scratching again - haven't heard it do that all day! As soon as the desktop started responding the hard drive went quiet, Everything seems to be OK apart from that.


----------



## Cookiegal (Aug 27, 2003)

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook_x64.exe* to run it.
Copy the content of the following code box into the main text field:

```
:dir
C:\windows\SysNative
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## kevhatch (Jun 20, 2005)

SystemLook 04.09.10 by jpshortstuff
Log created at 20:58 on 28/06/2013 by Kev
Administrator - Elevation successful

========== dir ==========

C:\windows\SysNative - Unable to find folder.

-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

That's odd because it should exist.

Can you see the C:\windows\*SysNative* folder if you navigate there?


----------



## kevhatch (Jun 20, 2005)

No .. I don't see it, even showing hidden files!


----------



## Cookiegal (Aug 27, 2003)

OK, I've learned that it's a virtual folder so you can't navigate to it. It's only used when needed.

I think the next step would be to run diagnostics on the hard drive. But note that doing so will stress the drive and if it is fragile it could fail during the test so I know you said you had backups but be sure you have everything you need before proceeding.

First, we need to identify the make and model of your hard drive.

Type *devmgmt.msc* into RUN or SEARCH and press ENTER to open the Device Manager and expand "Disk Drives".

Follow the instructions at the following link to determine the vendor and model and post that information.

http://knowledge.seagate.com/articles/en_US/FAQ/204211en


----------



## kevhatch (Jun 20, 2005)

Their link to determine model number just returns a 404 error - This is my HDD ID if it helps - ST9500325AS


----------



## Cookiegal (Aug 27, 2003)

It's a Seagate so you can use the SeaTools (for Windows) diagnostics.

http://www.seagate.com/au/en/support/downloads/seatools/

You should run the "Long Drive Self Test" or "Long Generic" tests: 
http://knowledge.seagate.com/articles/en_US/FAQ/202435en

Please post the results.


----------



## kevhatch (Jun 20, 2005)

FYI, before I run this I should mention I have no Windows Installation discs - if it matters.


----------



## Cookiegal (Aug 27, 2003)

It doesn't matter for running the diagnostic tool but it does if you have to reinstall Windows.

I don't know if it has a recovery partition (I saw only utilities) or recovery disks are available for it. Perhaps you could check with Dell on that before doing anything.


----------



## kevhatch (Jun 20, 2005)

OK - I have just remembered I saw I have Dell Data Safe Local Backup on here and I can create System Recovery Media onto a Flash Drive from it - I suppose I should do that first?


----------



## Cookiegal (Aug 27, 2003)

That would certainly be wise.


----------



## kevhatch (Jun 20, 2005)

Ran the Long Generic test and in the SeaTools for Windows Pane the Drive Status is showing as Long Generic - FAIL


----------



## kevhatch (Jun 20, 2005)

--------------- SeaTools for Windows v1.2.0.8 ---------------
29/6/2013 01:41:47
Model: ST9500325AS
Serial Number: 5VEKZ78T
Firmware Revision: D005DEM1
Long Generic - Started 29/6/2013 01:41:47
Long Generic - FAIL 29/6/2013 01:44:56
SeaTools Test Code: A9AE9CD2


----------



## Cookiegal (Aug 27, 2003)

I'd check with where you purchased the laptop since it's just over a year old. There's a chance the drive is still under warranty.


----------



## kevhatch (Jun 20, 2005)

Hmmm - that could be a problem, it was at an electronics fair in Singapore while I was travelling, I'll check if I still have the receipts.

In the fail info box of the test "Seagate recommends you run SeaTools for DOS"


----------



## Cookiegal (Aug 27, 2003)

I would try clicking on the Warranty Checker. You will probably have to enter the model number and serial number which were provided in the report.

Model: ST9500325AS
Serial Number: 5VEKZ78T


----------



## kevhatch (Jun 20, 2005)

Checked on the Dell website and warranty ran out end of February :-(


----------



## Cookiegal (Aug 27, 2003)

I expected that from Dell (probably a one-year guarantee) but I'm thinking the Seagate hard drive may have a longer warranty. Although unlikely, it's worth a shot so that's why I suggested you click on the "warranty tab" on the Seagate web site to check there. So I would do that before doing anything else.

Then you can either:

Attempt the SeaTools for DOS repair which could either fix it or provoke immediate failure but even if it fixes it that would probably only prolong the inevitable. 

Leave things the way they are until it gets worse or fails on its own, being sure to keep making backups to prevent potential data loss.

Replace the hard drive now and reload Windows and all of your programs.


----------



## kevhatch (Jun 20, 2005)

Think I will go for leaving as is for now and look for a new Hard Drive.
Thanks to everyone for persevering with this - it is running a lot better now.
If I didn't like McAfee before I certainly hate it now.


----------



## Cookiegal (Aug 27, 2003)

You're welcome and good luck.


----------



## kevhatch (Jun 20, 2005)

Sorry to re-open this thread but I have another question.
I am now getting Fatal HDD error reports daily from Windows and Dell detect so it is just a matter of time before it gives up completely, although it has been running really well since you guys and gals helped me out. Calm before the storm I guess!!
Anyway - I have made a system recovery USB flash drive from the Dell Data Safe utility installed on this laptop, will it be just a case of installing a new hard drive then booting from the Recovery USB and re-installing everything or is it more complicated than that? Will I need installation discs (none provided when I bought the laptop new) and will I have to phone Microsoft for activation keys or whatever?
Thanks


----------



## Cookiegal (Aug 27, 2003)

I've asked for someone to assist you with that as this is not my area of expertise.

However, I would suggest that in addition to the Dell Data safe, I would still recommend transferring documents, photos etc. to an external hard drive or CDs as a second and/or third backup in case the Dell program should fail to restore the backups. That shouldn't happen but you never know and it's best to have more than one copy of backups, especially if they are treasured memories.


----------



## Triple6 (Dec 26, 2002)

If you've made the Dell System Recovery media then you should just be able to boot from it and restore the operating system to the new drive, and then restore the data, unless the Dell backup has both the system, programs, and data backed up. I'm not familiar with that software so I;m not sure.

But when you get a new drive most come with, or offer as a free download, software that can clone the entire drive to the new drive. You would also need a USB to SATA adapter to connect both drives to the laptop at the same time for the cloning, something like this: http://www.newegg.ca/Product/Product.aspx?Item=N82E16812232002
Once done the drive drive will have everything on it just like the old drive.

And I'd definitely take the advice to copy off the data you really don't want to loose to a USB drive or something other then Dell's Data Safe backup just to be sure you have it safe and easily accessible.


----------



## Cookiegal (Aug 27, 2003)

Thanks for stepping in Rob. :up:


----------



## kevhatch (Jun 20, 2005)

Thx for that Rob .. Back ups made as soon as I started having problems so no data loss problems 
I was aware of being able to clone a drive, although not sure what was involved. I remember a while ago having to make calls to Microsoft after having some problems because of no activation/product key after I had to replace the drive and MoBo on an old XP PC.
Assuming my HDD lasts until I get the new drive then I will try the cloning, if not I am just going to have to hope the system recovery USB works.


----------



## TerryNet (Mar 23, 2005)

Supposedly Dell's Data Safe will restore the operating system to factory default settings without losing your data, but I sure wouldn't trust that. You should have at least one extra copy of any important data anyhow. 

There should be no problem with activation whether you clone or use the Recovery USB. A motherboard change is considered a different PC, so that is probably why you previously had an issue.


----------



## kevhatch (Jun 20, 2005)

Thx again all
I know where to come if I get any problems.


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

