Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Blekko

  • 02-07-2012 6:26pm
    #1
    Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭


    Hi guys,

    I seem to have picked up something called blekko, I've been able to remove it by uninstalling it along with following the steps in the sticky. I just can't shake the feeling that there's still something there, nothing suspicious appeared during the anitvirus scans.

    anyways I've attached the DDS and attach files.

    If anyone could take a look and let me know that would be great,

    Thanks!
    DDS.txt


    Attach.txt


Comments

  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    there's a little bit left, easy to remove though. did MBAM find anything ?


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


    also don't attach the logs, its easier for me if you post them here instead.


  • Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭Gru


    MBAM didnt find anything but Super anti spyware removed

    "PUP.CNETInstaller
    C:\USERS\Myname\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET_AGE2XPATCH_EXE.EXE"

    amongst some other tracking cookies.

    Thanks for taking a look!!


    OTL logfile created on: 7/3/2012 6:45:18 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\James\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.91 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 45.77% Memory free
    5.82 Gb Paging File | 3.58 Gb Available in Paging File | 61.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 377.72 Gb Free Space | 83.75% Space Free | Partition Type: NTFS

    Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/03 17:05:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
    PRC - [2012/06/20 17:03:45 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/24 20:59:15 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/09/06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- c:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- c:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- c:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    PRC - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    PRC - [2010/11/17 18:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/11/17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2010/11/06 05:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/06 05:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/11/03 18:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2010/11/03 18:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2010/11/03 17:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2010/11/03 17:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    PRC - [2010/10/06 03:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/10/06 03:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/08/20 00:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/07/08 03:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/20 17:03:41 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/20 17:03:36 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/20 17:03:36 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/20 17:03:35 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/20 17:03:35 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/16 03:40:50 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
    MOD - [2012/06/16 03:37:08 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/06/16 03:36:54 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/16 03:36:47 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/06/16 03:36:42 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/05/14 03:29:05 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/05/14 03:27:39 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
    MOD - [2012/05/13 10:50:50 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/05/13 10:50:29 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/13 10:49:35 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/13 10:49:27 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/13 10:49:23 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/13 10:49:22 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/13 10:49:15 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/08/18 16:05:54 | 002,751,808 | ---- | M] () -- c:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/06/29 08:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    MOD - [2011/06/27 19:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    MOD - [2011/06/27 19:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
    MOD - [2011/06/24 23:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
    MOD - [2011/06/24 23:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
    MOD - [2010/11/25 04:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
    MOD - [2010/11/17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2010/03/22 15:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
    MOD - [2010/03/16 20:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
    MOD - [2010/03/16 20:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
    MOD - [2010/03/16 20:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
    MOD - [2010/03/11 19:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
    MOD - [2010/03/11 19:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
    MOD - [2010/03/05 15:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
    MOD - [2010/03/05 15:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
    MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2011/01/25 10:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/12/17 20:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2010/12/17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/12/17 20:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2010/09/23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/06/20 17:03:45 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- c:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/11/25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
    SRV - [2010/11/25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
    SRV - [2010/11/06 05:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/11/03 18:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2010/11/03 18:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2010/11/03 17:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2010/10/06 03:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/10/06 03:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 19:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/13 09:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
    DRV:64bit: - [2011/03/26 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/25 10:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/12/21 15:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/12/10 22:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 22:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/12/01 11:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/07 00:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/11/04 11:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2010/11/04 09:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2010/10/30 01:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/10/20 00:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/08/12 16:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/03/19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\James\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 159.134.0.1 159.134.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B72A857C-6593-42BE-A340-5522B4F4357C}: DhcpNameServer = 159.134.0.1 159.134.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7B7D52C-3606-4457-B647-37D161FEF7D7}: DhcpNameServer = 172.31.140.69 172.30.140.69
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9AC7171-76DE-48B7-A442-BC05FB8A2C0B}: DhcpNameServer = 159.134.0.1 159.134.0.2
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/03 17:05:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
    [2012/07/02 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/02 17:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/02 17:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/02 17:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/02 17:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
    [2012/07/02 17:04:10 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
    [2012/07/02 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/02 17:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/02 17:03:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/07/02 17:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/02 00:01:51 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/07/01 23:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2012/07/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\blekkotb_031
    [2012/07/01 17:45:44 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/07/01 17:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
    [2012/06/27 17:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    [2012/06/27 17:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2012/06/27 17:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft FrontPage
    [2012/06/27 17:22:05 | 000,000,000 | ---D | C] -- C:\windows\Msagent
    [2012/06/27 17:20:45 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Microsoft Web Folders
    [2012/06/26 18:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
    [2012/06/26 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
    [2012/06/26 18:58:46 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\windows\SysNative\hpf3l101.dll
    [2012/06/26 18:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2012/06/26 18:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/06/26 18:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/06/26 18:57:35 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\windows\SysNative\hpzids40.dll
    [2012/06/26 18:57:34 | 001,408,000 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\hpost_p04b.dll
    [2012/06/26 18:57:34 | 001,175,552 | ---- | C] (Hewlett-Packard) -- C:\windows\SysNative\hposwia_p04b.dll
    [2012/06/26 18:57:33 | 000,521,216 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\hposc_p04a.dll
    [2012/06/21 21:59:32 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\LolClient
    [2012/06/21 18:53:39 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
    [2012/06/21 18:53:39 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
    [2012/06/21 18:53:39 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
    [2012/06/21 18:53:26 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
    [2012/06/21 18:53:26 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
    [2012/06/21 18:53:25 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
    [2012/06/21 18:53:06 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
    [2012/06/21 18:53:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
    [2012/06/20 19:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/20 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/20 19:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/20 19:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/06/16 03:01:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2012/06/16 03:01:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2012/06/16 03:01:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2012/06/16 03:01:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2012/06/16 03:01:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2012/06/16 03:01:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2012/06/16 03:01:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2012/06/16 03:01:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2012/06/16 03:01:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2012/06/16 03:01:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2012/06/16 03:01:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2012/06/16 03:01:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2012/06/16 03:01:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2012/06/14 17:48:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
    [2012/06/14 17:48:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
    [2012/06/14 17:48:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
    [2012/06/14 17:48:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2012/06/14 17:48:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2012/06/14 17:48:09 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2012/06/14 17:48:05 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
    [2012/06/14 17:47:41 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2012/06/14 17:47:41 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
    [2012/06/07 22:47:35 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\LolClient2
    [2012/06/07 21:15:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
    [2012/06/07 21:15:20 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
    [2012/06/07 21:15:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
    [2012/06/07 21:15:20 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
    [2012/06/07 21:15:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
    [2012/06/07 21:10:07 | 000,000,000 | ---D | C] -- C:\Riot Games
    [2012/06/07 21:10:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
    [2012/06/07 19:57:13 | 000,000,000 | ---D | C] -- C:\Users\James\Desktop\League of Legends
    [2012/06/07 19:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks

    ========== Files - Modified Within 30 Days ==========

    [2012/07/03 18:49:00 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
    [2012/07/03 18:43:31 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/03 18:43:31 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/03 18:41:56 | 000,783,224 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/07/03 18:41:56 | 000,667,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/07/03 18:41:56 | 000,126,706 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/07/03 18:35:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/07/03 18:35:20 | 2342,916,096 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/03 17:05:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
    [2012/07/03 17:05:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3285552823-1408342573-1431721640-1001UA.job
    [2012/07/03 00:05:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3285552823-1408342573-1431721640-1001Core.job
    [2012/07/02 19:23:00 | 000,002,965 | ---- | M] () -- C:\Users\James\Desktop\Attach.zip
    [2012/07/02 19:11:52 | 000,007,597 | ---- | M] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
    [2012/07/02 17:30:19 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/01 23:48:55 | 000,001,256 | ---- | M] () -- C:\Users\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/07/01 17:35:30 | 000,349,512 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/06/27 17:24:39 | 000,000,376 | ---- | M] () -- C:\windows\ODBC.INI
    [2012/06/27 17:24:13 | 000,001,996 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2012/06/26 19:01:47 | 000,172,035 | ---- | M] () -- C:\windows\hpoins47.dat
    [2012/06/25 21:09:09 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/06/20 19:17:13 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/10 21:46:06 | 000,002,130 | ---- | M] () -- C:\Users\James\.recently-used.xbel
    [2012/06/07 21:15:21 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/02 19:23:00 | 000,002,965 | ---- | C] () -- C:\Users\James\Desktop\Attach.zip
    [2012/07/02 17:30:19 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/02 00:00:39 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3285552823-1408342573-1431721640-1001UA.job
    [2012/07/02 00:00:38 | 000,000,856 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3285552823-1408342573-1431721640-1001Core.job
    [2012/06/27 17:24:39 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2012/06/27 17:24:13 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
    [2012/06/27 17:24:13 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
    [2012/06/27 17:24:13 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
    [2012/06/27 17:24:13 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
    [2012/06/27 17:24:13 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
    [2012/06/27 17:24:13 | 000,002,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
    [2012/06/27 17:24:13 | 000,001,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2012/06/26 22:00:04 | 000,007,597 | ---- | C] () -- C:\Users\James\AppData\Local\Resmon.ResmonCfg
    [2012/06/26 18:57:50 | 000,172,035 | ---- | C] () -- C:\windows\hpoins47.dat
    [2012/06/26 18:57:50 | 000,000,601 | ---- | C] () -- C:\windows\hpomdl47.dat
    [2012/06/20 19:17:13 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/10 21:46:06 | 000,002,130 | ---- | C] () -- C:\Users\James\.recently-used.xbel
    [2012/06/07 21:15:21 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2011/10/23 20:43:36 | 000,000,600 | ---- | C] () -- C:\Users\James\AppData\Local\PUTTY.RND
    [2011/06/25 10:13:21 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/06/25 10:13:21 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/06/25 10:13:20 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2011/06/25 10:12:40 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
    [2011/06/25 10:12:36 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
    [2011/06/25 10:12:36 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
    [2011/06/25 10:12:36 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
    [2011/06/25 10:12:36 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
    [2011/06/25 10:12:36 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
    [2011/06/25 10:12:36 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
    [2011/06/25 10:12:36 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
    [2011/06/25 07:55:11 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
    [2011/06/25 07:49:39 | 000,789,070 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/06/25 07:46:38 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

    < End of report >


    OTL Extras logfile created on: 7/3/2012 6:45:18 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\James\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.91 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 45.77% Memory free
    5.82 Gb Paging File | 3.58 Gb Available in Paging File | 61.51% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 377.72 Gb Free Space | 83.75% Space Free | Partition Type: NTFS

    Computer Name: JAMES-PC | User Name: James | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{041173F6-29E1-49AA-A2B7-738B29D02A55}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{0C1D648C-D93D-4E9D-805C-B2DD6407B457}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1029FD2C-2435-4720-BAF1-DD2E826A933C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{1BC4529A-D317-4A27-9570-53A282FA634D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2C5D52B8-1203-444A-ABD3-44E49276ACD7}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2E90005F-8FF8-4EFF-9EBC-6D5C4E5DBF83}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2FADCC28-0859-4459-9452-19CDCB14EF54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
    "{3B389CD1-3C45-427D-B3C4-19509D84AC8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3B582BA3-AEFF-40F5-8A5D-655DF6D38665}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{42002E2D-795C-46B4-9472-146669A73A35}" = lport=139 | protocol=6 | dir=in | app=system |
    "{43E7A760-53CC-43AA-9BD1-103E853607FB}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{463BEEF2-877E-48BA-88F7-9D21AC74E209}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{4EBD3A6D-0C6E-4D58-8A08-1C8C22F7CEDA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{62166EAB-7F92-4E19-9528-AC8050A69957}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{73D89165-C3F1-4DFF-BF93-1BA3FAAB5B8C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{74C7B665-966D-46C0-AB04-8F8299F76A50}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7FB53CC9-D0AE-443A-96DF-B5AD0F83F95A}" = rport=137 | protocol=17 | dir=out | app=system |
    "{82223139-5334-4C2A-945E-47E7CFCE6E56}" = rport=445 | protocol=6 | dir=out | app=system |
    "{849C7275-89EE-48C1-8F8F-78FE3C53BBF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{933B7770-552F-40E2-A384-DEFB8DF49E0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AD1661B6-7CF5-48CC-ADA8-54B915B06564}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B6329DA0-ACB3-4B78-A1F5-E9472FAD45C6}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B7B6F921-FCF4-4013-8BF9-2884359D0ACB}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B920578D-6FD2-4727-A3D1-433DB5FEEAFE}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C114C44D-3881-4177-AFD7-9126A8BDED5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E2BB1E92-D5FD-4918-9725-F03F5C8BA3DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{FF5130EF-0F4C-4807-8CBD-FE6CBA4F8320}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0850EE9E-DC6E-4A68-8C3D-DB37AE369A92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{11A4EFD4-AC1D-48A6-9D87-80D74CE38B91}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{12A13784-2572-489A-83D3-AA9D9DC4A053}" = dir=in | app=c:\users\james\appdata\local\temp\7zs1816\setup\hpznui40.exe |
    "{147B44CA-73D7-4EFF-AF33-EFC209E92F62}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{2005E64C-E5FA-4DB9-9C1A-36F5A569436C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2588EFD0-0C96-4BE7-841E-8F35F9E2FF3B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{290CAD0D-330F-4019-9776-278A236C0A93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{290F6E0C-D080-46DB-B6E0-ED2B1CE02806}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2A7A546B-A27E-4BFA-A880-4FF194574C08}" = protocol=17 | dir=in | app=c:\program files (x86)\st


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL copy and paste this into the box at the bottom



    :OTL
    [2012/07/01 23:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2012/07/01 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Local\blekkotb_031

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [ClearallRESTOREPOINTs]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click Run fix, tell me how its running now


  • Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭Gru


    Seems a little livelier now,

    here's the log.


    All processes killed
    ========== OTL ==========
    C:\ProgramData\blekko toolbars folder moved successfully.
    C:\Users\James\AppData\Local\blekkotb_031\data folder moved successfully.
    C:\Users\James\AppData\Local\blekkotb_031 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: James
    ->Temp folder emptied: 2937933 bytes
    ->Temporary Internet Files folder emptied: 1506373 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 101333655 bytes
    ->Flash cache emptied: 948 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 60161 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 101.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: James
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: James
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\James\Desktop\cmd.bat deleted successfully.
    C:\Users\James\Desktop\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.53.1 log created on 07032012_191752

    Files\Folders moved on Reboot...
    C:\Users\James\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\James\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    Re-open OTL, click the CleanUp! button. Then you're all done !


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭Gru


    Thanks very much, I really appreciate your help with this. You sir are a legend!!! :D

    You've saved me a lot of hassle!!

    Thanks again!


  • Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭Gru


    Hello again,

    I've been greeted by this damned thing again, I've not downloaded or installed anything lately and it's has shown up again as a new tab when I open chrome (I've uninstalled it again). The only thing I can think of that's similar is that my daughter plays games on Nick jr's website and she had started doing this around the time the Blekko previously appeared but I hadn't attributed any blame at the time.

    Anyways I've been through the steps in the sticky again and here are the DDS and attach logs.

    Thanks in advance for any help/advice you can give.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by James at 22:03:34 on 2012-07-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2979.1201 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\Explorer.EXE
    C:\windows\system32\Dwm.exe
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\program files (x86)\dell datasafe local backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\program files (x86)\dell datasafe local backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    c:\program files (x86)\dell datasafe local backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\windows\system32\DllHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 159.134.0.1 159.134.0.2
    TCP: Interfaces\{B72A857C-6593-42BE-A340-5522B4F4357C} : DhcpNameServer = 159.134.0.1 159.134.0.2
    TCP: Interfaces\{C7B7D52C-3606-4457-B647-37D161FEF7D7} : DhcpNameServer = 172.31.140.69 172.30.140.69
    TCP: Interfaces\{E9AC7171-76DE-48B7-A442-BC05FB8A2C0B} : DhcpNameServer = 159.134.0.1 159.134.0.2
    TCP: Interfaces\{E9AC7171-76DE-48B7-A442-BC05FB8A2C0B}\45865602F416B63702D416279726F627F6577686022596467656 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{E9AC7171-76DE-48B7-A442-BC05FB8A2C0B}\465637D6F6E646 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{E9AC7171-76DE-48B7-A442-BC05FB8A2C0B}\56962736F6D6735353230213734323 : DhcpNameServer = 192.168.1.254
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-25 89600]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-25 13336]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-25 1692480]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-25 2655768]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\system32\DRIVERS\netaapl64.sys --> C:\windows\system32\DRIVERS\netaapl64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-14 18:47:29 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{032EBBC5-B4C8-4739-A397-77DBD1D1534A}\mpengine.dll
    2012-07-12 07:59:32 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-07-11 16:04:05 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-09 02:01:10 294912 ----a-w- C:\windows\System32\browserchoice.exe
    2012-07-04 19:08:24 476936 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
    2012-07-04 18:08:38 927800
    w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{791B88F3-856F-4F24-B2B9-53F9409657DA}\gapaengine.dll
    2012-07-02 16:30:49
    d
    w- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-02 16:30:12
    d
    w- C:\ProgramData\SUPERAntiSpyware.com
    2012-07-02 16:30:12
    d
    w- C:\Program Files\SUPERAntiSpyware
    2012-07-02 16:30:00
    d
    w- C:\ProgramData\SUPERSetup
    2012-07-02 16:04:10
    d
    w- C:\Users\James\AppData\Roaming\Malwarebytes
    2012-07-02 16:03:57
    d
    w- C:\ProgramData\Malwarebytes
    2012-07-02 16:03:56 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-07-02 16:03:56
    d
    w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-01 16:28:20
    d
    w- C:\Program Files (x86)\Microsoft Games
    2012-06-27 16:22:05
    d
    w- C:\windows\Msagent
    2012-06-26 18:01:10 254464 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfpp101.dll
    2012-06-26 17:59:20
    d
    w- C:\Program Files (x86)\Common Files\HP
    2012-06-26 17:59:18
    d
    w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2012-06-26 17:58:46 138752 ----a-w- C:\windows\System32\hpf3l101.dll
    2012-06-26 17:58:42
    d
    w- C:\Program Files (x86)\HP
    2012-06-26 17:58:12
    d
    w- C:\Program Files\HP
    2012-06-26 17:57:35 643200 ----a-w- C:\windows\System32\hpzids40.dll
    2012-06-26 17:57:34 1408000 ----a-w- C:\windows\System32\hpost_p04b.dll
    2012-06-26 17:57:34 1175552 ----a-w- C:\windows\System32\hposwia_p04b.dll
    2012-06-26 17:57:33 521216 ----a-w- C:\windows\System32\hposc_p04a.dll
    2012-06-21 20:59:32
    d
    w- C:\Users\James\AppData\Roaming\LolClient
    2012-06-21 17:53:39 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-21 17:53:26 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-21 17:53:06 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-21 17:53:06 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-06-20 18:16:37
    d
    w- C:\Program Files\iPod
    2012-06-20 18:16:36
    d
    w- C:\Program Files\iTunes
    2012-06-20 18:16:36
    d
    w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2012-07-04 19:08:17 472840 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 22:04:39.05 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 24/09/2011 14:18:50
    System Uptime: 14/07/2012 21:54:29 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 034W60
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 376.964 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart B110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart B110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP101: 03/07/2012 19:18:29 - OTL Restore Point - 7/3/2012 7:18:29 PM
    RP102: 04/07/2012 19:07:42 - Windows Update
    RP103: 04/07/2012 20:07:09 - Installed Java(TM) 6 Update 33
    RP104: 08/07/2012 11:59:34 - Windows Update
    RP105: 09/07/2012 03:00:46 - Windows Update
    RP106: 12/07/2012 08:52:33 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.3) MUI
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    Bing Bar
    Bing Rewards Client Installer
    Cisco Network Magic
    Company of Heroes
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Product Registration
    Dell Stage
    Dell Stage Remote
    Dell VideoStage
    Dell Webcam Central
    DirectX 9 Runtime
    eBay
    FileZilla Client 3.5.3
    GIMP 2.6.11
    IDT Audio
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Wireless Display
    Java Auto Updater
    Java(TM) 6 Update 33
    Junk Mail filter update
    League of Legends
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Office 2000 SR-1 Premium
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mulimedia Logic
    Network Magic
    Notepad++
    PhotoShowExpress
    PS_AIO_07_B110_SW_Min
    Pure Networks Platform
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    Renesas Electronics USB 3.0 Host Controller Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Toolbars
    Skype™ 4.2
    SkyPlayer for Windows Media Center
    Sonic CinePlayer Decoder Pack
    Steam
    Toolbox
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/07/2012 09:31:40, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    12/07/2012 08:52:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    12/07/2012 08:52:11, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    12/07/2012 08:52:11, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    09/07/2012 18:32:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1211.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    09/07/2012 18:32:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1211.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    .
    ==== End Of File ===========================


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    lets run a deeper scan to be safe


    download and run combofix


    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    post the log it gives.

    The only thing I can think of that's similar is that my daughter plays games on Nick jr's website and she had started doing this around the time the Blekko previously appeared but I hadn't attributed any blame at the time.
    This is probably causing it, I'd ask your daughter if she installed anything when using the Nick Jr website.


  • Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭Gru


    I'll ask her, but I think I might cut the site out altogether in case there's anything fishy going on.

    anyways, heres the combofix log.

    ComboFix 12-07-14.01 - James 14/07/2012 22:40:22.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.353.1033.18.2979.1620 [GMT 1:00]
    Running from: c:\users\James\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PYQFW01W\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
    c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
    c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
    c:\programdata\Roaming
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-14 21:46 . 2012-07-14 21:46
    d
    w- c:\users\Default\AppData\Local\temp
    2012-07-14 21:29 . 2012-07-14 21:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{032EBBC5-B4C8-4739-A397-77DBD1D1534A}\offreg.dll
    2012-07-14 18:47 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{032EBBC5-B4C8-4739-A397-77DBD1D1534A}\mpengine.dll
    2012-07-12 07:59 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 16:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-09 02:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
    2012-07-04 19:08 . 2012-07-04 19:08 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-07-04 19:08 . 2012-07-04 19:08
    d
    w- c:\program files (x86)\Java
    2012-07-04 18:08 . 2012-02-10 17:44 927800
    w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{791B88F3-856F-4F24-B2B9-53F9409657DA}\gapaengine.dll
    2012-07-02 16:30 . 2012-07-02 16:30
    d
    w- c:\users\James\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-02 16:30 . 2012-07-02 16:30
    d
    w- c:\program files\SUPERAntiSpyware
    2012-07-02 16:30 . 2012-07-02 16:30
    d
    w- c:\programdata\SUPERAntiSpyware.com
    2012-07-02 16:30 . 2012-07-02 16:30
    d
    w- c:\programdata\SUPERSetup
    2012-07-02 16:04 . 2012-07-02 16:04
    d
    w- c:\users\James\AppData\Roaming\Malwarebytes
    2012-07-02 16:03 . 2012-07-02 16:03
    d
    w- c:\programdata\Malwarebytes
    2012-07-02 16:03 . 2012-07-14 20:02
    d
    w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-02 16:03 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-01 16:28 . 2012-07-01 16:28
    d
    w- c:\program files (x86)\Microsoft Games
    2012-06-27 16:22 . 2012-06-27 16:22
    d
    w- c:\program files (x86)\Microsoft FrontPage
    2012-06-27 16:22 . 2012-06-27 16:22
    d
    w- c:\windows\Msagent
    2012-06-27 16:20 . 2012-06-27 16:20
    d
    w- c:\users\James\AppData\Roaming\Microsoft Web Folders
    2012-06-26 18:01 . 2009-10-21 14:38 254464 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
    2012-06-26 17:59 . 2012-06-26 17:59
    d
    w- c:\program files (x86)\Common Files\HP
    2012-06-26 17:59 . 2012-06-26 17:59
    d
    w- c:\program files (x86)\Common Files\Hewlett-Packard
    2012-06-26 17:58 . 2009-10-21 14:39 138752 ----a-w- c:\windows\system32\hpf3l101.dll
    2012-06-26 17:58 . 2012-06-26 17:58
    d
    w- c:\program files (x86)\HP
    2012-06-26 17:58 . 2012-06-26 17:58
    d
    w- c:\program files\HP
    2012-06-26 17:57 . 2012-06-26 17:57
    d
    w- c:\programdata\HP
    2012-06-26 17:57 . 2009-10-22 14:55 643200 ----a-w- c:\windows\system32\hpzids40.dll
    2012-06-26 17:57 . 2009-09-11 07:44 1408000 ----a-w- c:\windows\system32\hpost_p04b.dll
    2012-06-26 17:57 . 2009-09-11 07:44 1175552 ----a-w- c:\windows\system32\hposwia_p04b.dll
    2012-06-26 17:57 . 2009-09-11 07:44 521216 ----a-w- c:\windows\system32\hposc_p04a.dll
    2012-06-21 20:59 . 2012-06-21 20:59
    d
    w- c:\users\James\AppData\Roaming\LolClient
    2012-06-21 17:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 17:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 17:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 17:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 17:53 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 17:53 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 17:53 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 17:53 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 17:53 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-20 18:16 . 2012-06-20 18:16
    d
    w- c:\program files\iPod
    2012-06-20 18:16 . 2012-06-20 18:17
    d
    w- c:\program files\iTunes
    2012-06-20 18:16 . 2012-06-20 18:17
    d
    w- c:\program files (x86)\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 18:42 . 2011-09-24 14:30 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-07-04 19:08 . 2012-03-25 07:53 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-04 11:06 . 2012-06-14 16:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 16:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 16:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-14 16:48 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-14 16:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-14 16:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-14 16:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-14 16:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-14 16:47 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-14 16:47 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-14 16:47 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 16:47 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-14 16:47 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-14 16:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-24 1242448]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=&quot;"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @=&quot;Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-03 983104]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\sftservice.EXE [2011-08-18 1692480]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-07-14 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    .
    X64 Entries
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
    "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-27 2022976]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.ie/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 159.134.0.1 159.134.0.2
    .
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @=&quot;FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @=&quot;Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @=&quot;0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @=&quot;ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @=&quot;{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @=&quot;1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @=&quot;ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @=&quot;Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @=&quot;FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @=&quot;c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @=&quot;{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @=&quot;1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @=&quot;FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @=&quot;IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @=&quot;{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @=&quot;{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-14 22:49:44
    ComboFix-quarantined-files.txt 2012-07-14 21:49
    .
    Pre-Run: 404,550,627,328 bytes free
    Post-Run: 404,060,676,096 bytes free
    .
    - - End Of File - - A857278C89DC2E3A383B28FBE409B458


  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    looks fine


    if there are any traces of blekko that you can see when using the PC, then download OTL and click the Quick Scan button and post the log here

    also update MBAM, run a quick scan, and post that log here too.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,156 ✭✭✭Gru


    Thanks again ASJ112,

    I'll keep an eye out and post those logs should anything unusual pop up.

    Thanks very much!!


Advertisement