Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus that blocks my internet connection [Closed]

Started by bod88 , Feb 22 2014 06:51 AM

Please log in to reply

#1
bod88

Posted 22 February 2014 - 06:51 AM

Member

Member
15 posts

hi,

for some reason my laptop won't allow me to connect to the internet, it displays the yellow caution sign and say limited access/no network access once connected and doesn't allow me to access the internet. have searched the internet and am unable to solve the problem, any ideas about how to remove the infection?

thanks in advance

Edited by bod88, 24 February 2014 - 05:55 AM.

#2
bod88

Posted 24 February 2014 - 05:56 AM

Member

Topic Starter
Member
15 posts

apologies, forgot this.

OTL logfile created on: 24/02/2014 11:41:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = Y:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.98 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.73% Memory free
5.96 Gb Paging File | 3.77 Gb Available in Paging File | 63.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.23 Gb Total Space | 4.30 Gb Free Space | 14.21% Space Free | Partition Type: NTFS
Drive D: | 267.75 Gb Total Space | 215.07 Gb Free Space | 80.32% Space Free | Partition Type: NTFS
Drive I: | 968.04 Mb Total Space | 595.43 Mb Free Space | 61.51% Space Free | Partition Type: FAT32
Drive Y: | 123.75 Mb Total Space | 34.43 Mb Free Space | 27.82% Space Free | Partition Type: FAT

Computer Name: G002065 | User Name: bryan.o'donovan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 11:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- Y:\OTL.exe
PRC - [2014/02/01 23:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe
PRC - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 15:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe
PRC - [2012/11/21 04:00:00 | 000,641,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\RemCtrl\CmRcService.exe
PRC - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
PRC - [2012/08/17 16:55:38 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/08/17 16:48:46 | 000,120,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
PRC - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/08/17 16:48:16 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/07/27 21:23:07 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () -- D:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 15:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/06 07:39:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 14:24:56 | 000,299,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2011/01/26 17:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/17 17:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2008/11/13 16:24:36 | 000,166,912 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIServiceMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2014/02/10 12:30:06 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\eeb7790c92c2f90ab0d7655ef50d8f1d\SCNotification.ni.exe
MOD - [2014/02/10 12:30:05 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\82b6b6c116e3220c6e8a2925d77fcc36\SCClient.Data.ni.dll
MOD - [2014/02/10 12:30:05 | 000,445,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\4c0b662833a88626dea579f09b126ed8\SCClient.Common.ni.dll
MOD - [2014/02/01 23:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 23:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 23:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 23:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 23:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
MOD - [2012/08/08 11:31:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
MOD - [2012/08/08 11:30:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/08/08 11:29:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/08/08 11:29:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll
MOD - [2012/08/08 11:29:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2012/08/08 11:18:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/08/08 11:18:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/08/08 11:18:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/08/08 11:17:56 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/08/08 11:17:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/08/08 11:17:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/08/08 11:17:36 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/08/08 11:17:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/08/08 11:17:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/08/08 11:17:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/08/08 11:17:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/08/08 11:17:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/07/16 08:44:41 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/07/16 08:43:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\66df2eefe4c9863dce8aa401bb67eaf6\System.Runtime.Remoting.ni.dll
MOD - [2012/07/16 08:43:18 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a3431124b8ded91068710226c0a00d4\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/16 08:43:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/07/15 12:07:51 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll
MOD - [2012/07/15 12:07:41 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll
MOD - [2012/07/15 12:07:38 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
MOD - [2012/07/15 12:07:35 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/07/15 12:07:34 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
MOD - [2012/07/15 12:07:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/07/15 12:07:31 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll
MOD - [2012/07/15 12:07:29 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
MOD - [2012/07/15 12:07:28 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/07/15 12:07:23 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/08/19 09:31:18 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/08/19 09:31:18 | 000,076,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/02/11 15:26:34 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011/02/11 15:26:34 | 000,024,576 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
MOD - [2011/02/06 12:34:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008/10/26 04:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/27 14:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/04/18 19:22:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe -- (EE WAFER Modem Device Helper)
SRV - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/11/21 04:00:00 | 000,275,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/01/06 09:56:33 | 000,099,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/10/13 16:11:55 | 000,552,472 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service)
SRV - [2011/05/05 14:12:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- D:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/13 05:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/11/26 11:51:22 | 010,382,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwsn00.sys -- (NETwNs32)
DRV - [2013/10/25 02:32:08 | 000,139,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2013/04/15 20:56:20 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 15:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/21 22:53:36 | 000,020,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PrepDrv.sys -- (prepdrvr)
DRV - [2012/06/21 13:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 13:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/04/16 09:21:55 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2012/01/06 10:06:33 | 000,044,024 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/01/06 10:06:29 | 000,086,520 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/01/06 09:56:23 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/01/06 09:56:20 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/01/06 09:56:10 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/08/17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/06/02 09:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/06 08:21:38 | 007,569,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/02/06 07:01:26 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/26 15:00:56 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/01/26 15:00:56 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/13 16:55:42 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/12/28 11:25:50 | 000,143,960 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/12/21 16:57:50 | 007,269,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/12/10 21:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/12/10 21:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/12/02 16:02:56 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/17 01:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/01/26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/12/08 03:54:44 | 009,948,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/12 04:14:30 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/05 16:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/28 16:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 13:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/28 13:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/17 18:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Programs\Office15\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/09 09:43:27 | 000,000,000 | ---D | M]

[2013/04/04 08:50:41 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions
[2013/04/04 08:50:42 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions\staged

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/15 20:40:02 | 000,001,805 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programs\Office15\URLREDIR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EE WAFER ModemListener] C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Track-It! Workstation Manager Service Monitor] C:\Windows\TIREMOTE\TIServiceMonitor.exe (Numara Software, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "F:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} http://www.cartesian...X/CpcViewAX.cab (CPC View ax Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.theclancygroup.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB16AD76-A0F2-4AA3-8BD8-0E0B6883553E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office15\MSOSB.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07ac1be2-ed26-11e2-82ed-001e101ffa9e}\Shell - "" = AutoRun
O33 - MountPoints2\{07ac1be2-ed26-11e2-82ed-001e101ffa9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{07ac1bf9-ed26-11e2-82ed-001e101ffa9e}\Shell - "" = AutoRun
O33 - MountPoints2\{07ac1bf9-ed26-11e2-82ed-001e101ffa9e}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{115d1674-ab2b-11e2-8f52-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{115d1674-ab2b-11e2-8f52-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1404d019-949b-11e3-a0c2-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{1404d019-949b-11e3-a0c2-cc52af894394}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{14e23a59-1790-11e2-93e0-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a59-1790-11e2-93e0-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23a70-1790-11e2-93e0-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a70-1790-11e2-93e0-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23a9a-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a9a-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23aa9-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23aa9-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23c7e-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23c7e-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2042b448-7dcf-11e2-a24f-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{2042b448-7dcf-11e2-a24f-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2042b536-7dcf-11e2-a24f-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{2042b536-7dcf-11e2-a24f-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3732bf16-385d-11e1-9992-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{3732bf16-385d-11e1-9992-cc52af894394}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{3aba2a35-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2a35-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2a49-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2a49-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3aba2b73-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b73-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2b90-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b90-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2b9c-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b9c-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c45-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c45-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c53-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c53-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c6b-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c6b-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46c53b9f-406d-11e2-8de4-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{46c53b9f-406d-11e2-8de4-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46c53bbc-406d-11e2-8de4-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{46c53bbc-406d-11e2-8de4-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a623fcf-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a623fcf-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624030-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624030-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624097-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624097-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a6240f9-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a6240f9-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a62410e-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a62410e-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4a624151-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624151-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624173-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624173-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{4a6242fd-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a6242fd-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{552a8e04-2684-11e3-a533-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{552a8e04-2684-11e3-a533-2c41380a89bb}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7938713c-4cf8-11e1-84ac-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{7938713c-4cf8-11e1-84ac-cc52af894394}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{e62fe206-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe206-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe213-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe213-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe2f6-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe2f6-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe367-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe367-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce659-406e-11e2-a9de-a088b42d4938}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce659-406e-11e2-a9de-a088b42d4938}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce665-406e-11e2-a9de-a088b42d4938}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce665-406e-11e2-a9de-a088b42d4938}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce687-406e-11e2-a9de-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce687-406e-11e2-a9de-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ef26b5a0-2ce6-11e3-aecd-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ef26b5a0-2ce6-11e3-aecd-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fef2476a-4067-11e2-ae5c-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{fef2476a-4067-11e2-ae5c-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 12:27:56 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/02/19 13:15:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014/02/19 13:15:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2014/02/19 13:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/18 17:31:17 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Local\Avg2013
[2014/02/18 17:30:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/17 19:39:30 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\InstallShield
[2014/02/10 16:43:00 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\Documents\DO1005 - Twin Tracking - Permanent Way
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2014/02/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2014/02/07 15:01:56 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Adobe
[2014/02/03 08:34:23 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup
[2014/01/28 12:52:06 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Local\Adobe

========== Files - Modified Within 30 Days ==========

[2014/02/24 11:39:04 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/24 11:38:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 11:35:46 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 11:35:46 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 11:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/23 21:18:54 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/20 17:39:26 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2014/02/20 17:35:44 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/02/20 17:35:40 | 2402,045,952 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/20 14:02:40 | 000,669,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/20 14:02:40 | 000,126,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 12:49:40 | 001,457,880 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:34 | 000,004,690 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/13 09:53:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Audit 13.job
[2014/02/13 07:06:48 | 000,000,175 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Proposals & Tenders.url
[2014/02/13 07:06:48 | 000,000,166 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Business Support.url
[2014/02/13 07:06:45 | 000,045,223 | RHS- | M] () -- D:\ProgramData\ntuser.pol
[2014/02/10 12:29:31 | 000,000,704 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h

========== Files Created - No Company Name ==========

[2014/02/18 17:16:24 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/18 12:49:37 | 001,457,880 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:41 | 000,004,690 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/10 12:29:29 | 000,000,704 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2014/02/10 12:29:01 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2013/04/18 19:22:31 | 000,000,147 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/12 16:47:05 | 000,000,024 | ---- | C] () -- C:\Windows\WINTAB32.INI
[2013/04/12 16:32:09 | 000,000,249 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/12/30 16:14:34 | 000,018,944 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 09:38:35 | 000,000,302 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/01/06 19:22:53 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012/01/06 10:48:08 | 000,045,223 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2012/01/06 10:19:02 | 000,000,065 | -H-- | C] () -- D:\ProgramData\TrackitAudit.id
[2012/01/06 09:54:48 | 000,006,330 | RHS- | C] () -- D:\Profiles\Bryan.O'Donovan\ntuser.pol

========== ZeroAccess Check ==========

[2013/03/25 19:02:04 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7\@
[2013/03/25 19:02:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7\L
[2013/04/05 07:27:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7\U
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/18 19:37:57 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Autodesk
[2013/09/12 11:15:37 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Bentley
[2013/04/15 20:58:44 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\DAEMON Tools Lite
[2012/12/07 15:57:07 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\GEO-SLOPE
[2011/05/09 10:25:15 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Neoteris
[2012/12/07 12:53:45 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Tatara Systems
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Telefónica
[2012/01/27 14:08:12 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Temp
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TGCMLog
[2013/04/04 20:46:26 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> D:\ProgramData\TEMP:BEC0D766

< End of report >

#3
Machiavelli

Posted 28 February 2014 - 11:02 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Welcome to GeeksToGo, bod88

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.

I will come back with further instructions later.

#4
Machiavelli

Posted 28 February 2014 - 12:09 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey bod88,
Hope everything is well.

===== > Step 1: Backdoor Warning < =====

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:

Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.

I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:

Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

===== > Step 2: OTL Fix < =====

Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:OTL
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Programs\Office15\NPSPWRAP.DLL File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programs\Office15\URLREDIR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] "F:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = 
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.theclancygroup.co.uk
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office15\MSOSB.DLL File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07ac1be2-ed26-11e2-82ed-001e101ffa9e}\Shell - "" = AutoRun
O33 - MountPoints2\{07ac1be2-ed26-11e2-82ed-001e101ffa9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{07ac1bf9-ed26-11e2-82ed-001e101ffa9e}\Shell - "" = AutoRun
O33 - MountPoints2\{07ac1bf9-ed26-11e2-82ed-001e101ffa9e}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{115d1674-ab2b-11e2-8f52-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{115d1674-ab2b-11e2-8f52-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1404d019-949b-11e3-a0c2-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{1404d019-949b-11e3-a0c2-cc52af894394}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{14e23a59-1790-11e2-93e0-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a59-1790-11e2-93e0-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23a70-1790-11e2-93e0-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a70-1790-11e2-93e0-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23a9a-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a9a-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23aa9-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23aa9-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23c7e-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23c7e-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2042b448-7dcf-11e2-a24f-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{2042b448-7dcf-11e2-a24f-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2042b536-7dcf-11e2-a24f-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{2042b536-7dcf-11e2-a24f-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3732bf16-385d-11e1-9992-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{3732bf16-385d-11e1-9992-cc52af894394}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{3aba2a35-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2a35-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2a49-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2a49-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3aba2b73-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b73-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2b90-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b90-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2b9c-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b9c-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c45-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c45-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c53-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c53-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c6b-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c6b-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46c53b9f-406d-11e2-8de4-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{46c53b9f-406d-11e2-8de4-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46c53bbc-406d-11e2-8de4-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{46c53bbc-406d-11e2-8de4-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a623fcf-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a623fcf-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624030-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624030-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624097-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624097-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a6240f9-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a6240f9-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a62410e-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a62410e-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4a624151-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624151-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624173-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624173-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{4a6242fd-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a6242fd-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{552a8e04-2684-11e3-a533-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{552a8e04-2684-11e3-a533-2c41380a89bb}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7938713c-4cf8-11e1-84ac-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{7938713c-4cf8-11e1-84ac-cc52af894394}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{e62fe206-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe206-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe213-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe213-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe2f6-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe2f6-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe367-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe367-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce659-406e-11e2-a9de-a088b42d4938}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce659-406e-11e2-a9de-a088b42d4938}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce665-406e-11e2-a9de-a088b42d4938}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce665-406e-11e2-a9de-a088b42d4938}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce687-406e-11e2-a9de-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce687-406e-11e2-a9de-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ef26b5a0-2ce6-11e3-aecd-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ef26b5a0-2ce6-11e3-aecd-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fef2476a-4067-11e2-ae5c-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{fef2476a-4067-11e2-ae5c-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
[2014/02/13 09:53:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Audit 13.job
@Alternate Data Stream - 134 bytes -> D:\ProgramData\TEMP:BEC0D766

:Files
C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7

:Commands
[RESETHOSTS]
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

===== > Step 3: Adwarecleaner Scan < =====

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
Click Scan and let the scan run.
When it finishes, click on Log and post the Logfile into your next reply

Note: The log can also be found in here: C:\AdwCleaner\

#5
bod88

Posted 01 March 2014 - 04:50 AM

Member

Topic Starter
Member
15 posts

hi,

thanks for your response. I would like to clean the PC if possible. I have copy and pasted the two logs below as requested

OTL LOG

OTL logfile created on: 01/03/2014 10:26:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = Y:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.98 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 61.04% Memory free
5.96 Gb Paging File | 4.61 Gb Available in Paging File | 77.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.23 Gb Total Space | 4.31 Gb Free Space | 14.25% Space Free | Partition Type: NTFS
Drive D: | 267.75 Gb Total Space | 217.78 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive I: | 968.04 Mb Total Space | 594.37 Mb Free Space | 61.40% Space Free | Partition Type: FAT32
Drive Y: | 123.75 Mb Total Space | 27.26 Mb Free Space | 22.02% Space Free | Partition Type: FAT

Computer Name: G002065 | User Name: bryan.o'donovan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 11:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- Y:\OTL.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe
PRC - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 15:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
PRC - [2012/08/17 16:55:38 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/08/17 16:48:46 | 000,120,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
PRC - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/08/17 16:48:16 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/07/27 21:23:07 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () -- D:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 15:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/06 12:27:30 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011/02/06 07:39:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 14:24:56 | 000,299,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2011/01/26 17:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2011/01/17 09:41:52 | 000,112,152 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
PRC - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/17 17:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2008/11/13 16:24:36 | 000,166,912 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIServiceMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
MOD - [2012/08/08 11:30:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/08/08 11:29:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/08/08 11:29:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll
MOD - [2012/08/08 11:18:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/08/08 11:17:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/08/08 11:17:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/08/08 11:17:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/08/08 11:17:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/08/08 11:17:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/08/08 11:17:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/19 09:31:18 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/08/19 09:31:18 | 000,076,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/04/18 19:22:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe -- (EE WAFER Modem Device Helper)
SRV - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/11/21 04:00:00 | 000,275,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/01/06 09:56:33 | 000,099,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/10/13 16:11:55 | 000,552,472 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service)
SRV - [2011/05/05 14:12:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- D:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/13 05:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/11/26 11:51:22 | 010,382,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwsn00.sys -- (NETwNs32)
DRV - [2013/10/25 02:32:08 | 000,139,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2013/04/15 20:56:20 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 15:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/21 22:53:36 | 000,020,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PrepDrv.sys -- (prepdrvr)
DRV - [2012/06/21 13:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 13:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/04/16 09:21:55 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2012/01/06 10:06:33 | 000,044,024 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/01/06 10:06:29 | 000,086,520 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/01/06 09:56:23 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/01/06 09:56:20 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/01/06 09:56:10 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/08/17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/06/02 09:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/06 08:21:38 | 007,569,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/02/06 07:01:26 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/26 15:00:56 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/01/26 15:00:56 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/13 16:55:42 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/12/28 11:25:50 | 000,143,960 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/12/21 16:57:50 | 007,269,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/12/10 21:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/12/10 21:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/12/02 16:02:56 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/17 01:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/01/26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/12/08 03:54:44 | 009,948,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/12 04:14:30 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/05 16:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/28 16:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 13:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/28 13:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/17 18:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/09 09:43:27 | 000,000,000 | ---D | M]

[2013/04/04 08:50:41 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions
[2013/04/04 08:50:42 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions\staged

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/03/01 10:22:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [EE WAFER ModemListener] C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Track-It! Workstation Manager Service Monitor] C:\Windows\TIREMOTE\TIServiceMonitor.exe (Numara Software, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} http://www.cartesian...X/CpcViewAX.cab (CPC View ax Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.theclancygroup.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB16AD76-A0F2-4AA3-8BD8-0E0B6883553E}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/01 10:28:01 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/02/19 13:15:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014/02/19 13:15:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2014/02/19 13:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/18 17:31:17 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Local\Avg2013
[2014/02/18 17:30:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/17 19:39:30 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\InstallShield
[2014/02/10 16:43:00 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\Documents\DO1005 - Twin Tracking - Permanent Way
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2014/02/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2014/02/07 15:01:56 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Adobe
[2014/02/03 08:34:23 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup

========== Files - Modified Within 30 Days ==========

[2014/03/01 10:27:21 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2014/03/01 10:25:43 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/01 10:24:59 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/03/01 10:24:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/01 10:24:52 | 2402,045,952 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/01 10:24:18 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 10:24:18 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 10:22:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/03/01 10:18:57 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/26 12:28:54 | 000,018,432 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/24 11:39:04 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/20 14:02:40 | 000,669,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/20 14:02:40 | 000,126,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 12:49:40 | 001,457,880 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:34 | 000,004,690 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/13 07:06:48 | 000,000,175 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Proposals & Tenders.url
[2014/02/13 07:06:48 | 000,000,166 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Business Support.url
[2014/02/13 07:06:45 | 000,045,223 | RHS- | M] () -- D:\ProgramData\ntuser.pol
[2014/02/10 12:29:31 | 000,000,704 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h

========== Files Created - No Company Name ==========

[2014/02/18 17:16:24 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/18 12:49:37 | 001,457,880 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:41 | 000,004,690 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/10 12:29:29 | 000,000,704 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2014/02/10 12:29:01 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2013/04/18 19:22:31 | 000,000,147 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/12 16:47:05 | 000,000,024 | ---- | C] () -- C:\Windows\WINTAB32.INI
[2013/04/12 16:32:09 | 000,000,249 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/12/30 16:14:34 | 000,018,432 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 09:38:35 | 000,000,302 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/01/06 19:22:53 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012/01/06 10:48:08 | 000,045,223 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2012/01/06 10:19:02 | 000,000,065 | -H-- | C] () -- D:\ProgramData\TrackitAudit.id
[2012/01/06 09:54:48 | 000,006,330 | RHS- | C] () -- D:\Profiles\Bryan.O'Donovan\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/18 19:37:57 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Autodesk
[2013/09/12 11:15:37 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Bentley
[2013/04/15 20:58:44 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\DAEMON Tools Lite
[2012/12/07 15:57:07 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\GEO-SLOPE
[2011/05/09 10:25:15 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Neoteris
[2012/12/07 12:53:45 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Tatara Systems
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Telefónica
[2012/01/27 14:08:12 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Temp
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TGCMLog
[2013/04/04 20:46:26 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

Adwarecleaner log

# AdwCleaner v3.020 - Report created 01/03/2014 at 10:33:16
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : bryan.o'donovan - G002065
# Running from : Y:\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Mozilla\Firefox\Profiles\590tipyt.default\prefs.js ]

-\\ Google Chrome v32.0.1700.107

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2141 octets] - [01/03/2014 10:33:16]

########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [2201 octets] ##########

#6
Machiavelli

Posted 01 March 2014 - 05:55 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey,
hope you have a great weekend.

===== > Step 1: OTL Fix < =====

Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:Reg
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
""="%%SystemRoot%%\\system32\\shell32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" ="%%systemroot%%\\system32\\wbem\\fastprox.dll"

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

===== > Step 2: Adwarecleaner Fix < =====

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
Click Scan and let the scan run.
When it finishes, click Clean, following the on screen prompts
After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

===== > Step 3: JRT < =====

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

===== > Step 4: Farbar Service Scanner < =====

Please download Farbar Service Scanner and run it on the computer with the issue ((if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator).

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Are you able to connect again?

#7
bod88

Posted 03 March 2014 - 03:15 AM

Member

Topic Starter
Member
15 posts

Still no internet connection I'm afraid. Have posted the logs below!

OTL Fix

OTL logfile created on: 03/03/2014 08:35:05 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = Y:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.98 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 60.14% Memory free
5.96 Gb Paging File | 4.49 Gb Available in Paging File | 75.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.23 Gb Total Space | 4.33 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
Drive D: | 267.75 Gb Total Space | 217.78 Gb Free Space | 81.34% Space Free | Partition Type: NTFS
Drive Y: | 123.75 Mb Total Space | 37.79 Mb Free Space | 30.54% Space Free | Partition Type: FAT

Computer Name: G002065 | User Name: bryan.o'donovan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/24 11:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- Y:\OTL.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe
PRC - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 15:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe
PRC - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\RemCtrl\CmRcService.exe
PRC - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
PRC - [2012/08/17 16:55:38 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/08/17 16:48:46 | 000,120,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
PRC - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/08/17 16:48:16 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/07/27 21:23:07 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () -- D:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 15:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/06 12:27:30 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011/02/06 07:39:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 14:24:56 | 000,299,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2011/01/26 17:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 09:41:52 | 000,112,152 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
PRC - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/17 17:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2008/11/13 16:24:36 | 000,166,912 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIServiceMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
MOD - [2012/08/08 11:30:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/08/08 11:29:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/08/08 11:29:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll
MOD - [2012/08/08 11:29:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2012/08/08 11:18:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/08/08 11:18:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/08/08 11:17:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/08/08 11:17:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/08/08 11:17:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/08/08 11:17:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/08/08 11:17:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/08/08 11:17:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/08/08 11:17:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/19 09:31:18 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/08/19 09:31:18 | 000,076,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/04/18 19:22:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe -- (EE WAFER Modem Device Helper)
SRV - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/11/21 04:00:00 | 000,275,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/01/06 09:56:33 | 000,099,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/10/13 16:11:55 | 000,552,472 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service)
SRV - [2011/05/05 14:12:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- D:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/13 05:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/11/26 11:51:22 | 010,382,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwsn00.sys -- (NETwNs32)
DRV - [2013/10/25 02:32:08 | 000,139,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2013/04/15 20:56:20 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 15:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/21 22:53:36 | 000,020,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PrepDrv.sys -- (prepdrvr)
DRV - [2012/06/21 13:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 13:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/04/16 09:21:55 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2012/01/06 10:06:33 | 000,044,024 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/01/06 10:06:29 | 000,086,520 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/01/06 09:56:23 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/01/06 09:56:20 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/01/06 09:56:10 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/08/17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/06/02 09:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/06 08:21:38 | 007,569,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/02/06 07:01:26 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/26 15:00:56 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/01/26 15:00:56 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/13 16:55:42 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/12/28 11:25:50 | 000,143,960 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/12/21 16:57:50 | 007,269,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/12/10 21:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/12/10 21:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/12/02 16:02:56 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/17 01:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/01/26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/12/08 03:54:44 | 009,948,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/12 04:14:30 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/05 16:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/28 16:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 13:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/28 13:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/17 18:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/09 09:43:27 | 000,000,000 | ---D | M]

[2013/04/04 08:50:41 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions
[2013/04/04 08:50:42 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions\staged

O1 HOSTS File: ([2014/03/01 10:22:34 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [EE WAFER ModemListener] C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Track-It! Workstation Manager Service Monitor] C:\Windows\TIREMOTE\TIServiceMonitor.exe (Numara Software, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} http://www.cartesian...X/CpcViewAX.cab (CPC View ax Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.theclancygroup.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB16AD76-A0F2-4AA3-8BD8-0E0B6883553E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93CA7A8-0402-4638-81E6-2BBAD68B534A}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 08:36:17 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/02/19 13:15:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014/02/19 13:15:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2014/02/19 13:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/18 17:31:17 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Local\Avg2013
[2014/02/18 17:30:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/17 19:39:30 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\InstallShield
[2014/02/10 16:43:00 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\Documents\DO1005 - Twin Tracking - Permanent Way
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2014/02/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2014/02/07 15:01:56 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Adobe
[2014/02/03 08:34:23 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup

========== Files - Modified Within 30 Days ==========

[2014/03/03 08:35:10 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2014/03/03 08:34:33 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 08:32:41 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/03/03 08:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/03 08:32:35 | 2402,045,952 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/03 08:32:07 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 08:32:07 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 07:58:19 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/01 10:22:34 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/02/26 12:28:54 | 000,018,432 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/24 11:39:04 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/20 14:02:40 | 000,669,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/20 14:02:40 | 000,126,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 12:49:40 | 001,457,880 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:34 | 000,004,690 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/13 07:06:48 | 000,000,175 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Proposals & Tenders.url
[2014/02/13 07:06:48 | 000,000,166 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Business Support.url
[2014/02/13 07:06:45 | 000,045,223 | RHS- | M] () -- D:\ProgramData\ntuser.pol
[2014/02/10 12:29:31 | 000,000,704 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h

========== Files Created - No Company Name ==========

[2014/02/18 17:16:24 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/18 12:49:37 | 001,457,880 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:41 | 000,004,690 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/10 12:29:29 | 000,000,704 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2014/02/10 12:29:01 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2013/04/18 19:22:31 | 000,000,147 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/12 16:47:05 | 000,000,024 | ---- | C] () -- C:\Windows\WINTAB32.INI
[2013/04/12 16:32:09 | 000,000,249 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/12/30 16:14:34 | 000,018,432 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 09:38:35 | 000,000,302 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/01/06 19:22:53 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012/01/06 10:48:08 | 000,045,223 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2012/01/06 10:19:02 | 000,000,065 | -H-- | C] () -- D:\ProgramData\TrackitAudit.id
[2012/01/06 09:54:48 | 000,006,330 | RHS- | C] () -- D:\Profiles\Bryan.O'Donovan\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = %%SystemRoot%%\system32\shell32.dll

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %%systemroot%%\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/18 19:37:57 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Autodesk
[2013/09/12 11:15:37 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Bentley
[2013/04/15 20:58:44 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\DAEMON Tools Lite
[2012/12/07 15:57:07 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\GEO-SLOPE
[2011/05/09 10:25:15 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Neoteris
[2012/12/07 12:53:45 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Tatara Systems
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Telefónica
[2012/01/27 14:08:12 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Temp
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TGCMLog
[2013/04/04 20:46:26 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

ADWARECLEANER FIX

# AdwCleaner v3.020 - Report created 03/03/2014 at 09:08:30
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : bryan.o'donovan - G002065
# Running from : Y:\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

-\\ Mozilla Firefox v

-\\ Google Chrome v32.0.1700.107

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2281 octets] - [01/03/2014 10:33:16]
AdwCleaner[R1].txt - [1419 octets] - [03/03/2014 09:06:43]
AdwCleaner[S0].txt - [1958 octets] - [01/03/2014 10:40:54]
AdwCleaner[S1].txt - [932 octets] - [03/03/2014 09:08:30]

########## EOF - D:\AdwCleaner\AdwCleaner[S1].txt - [991 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x86
Ran by bryan.o'donovan on 03/03/2014 at 8:42:17.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1078081533-2111687655-1417001333-90046\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03/03/2014 at 8:43:44.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Farbar Service Scanner

Farbar Service Scanner Version: 25-02-2014
Ran by bryan.o'donovan (administrator) on 03-03-2014 at 08:44:36
Running from "Y:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#8
Machiavelli

Posted 03 March 2014 - 08:05 AM

GeekU Moderator

GeekU Moderator
4,722 posts

===== > Step 1: OTL Fix < =====

Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
[2014/02/26 12:28:54 | 000,018,432 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:reg
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = "%SystemRoot%\system32\shell32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = "%systemroot%\system32\wbem\fastprox.dll"

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, run OTL and click Quick Scan.
Copy and paste the contents of the log that it produces into your next post.

===== > Step 2: ESET Service Repair < =====

Please download ESET Services Repair Tool from here and save it to your Desktop;
Right click and choose Run as administrator
If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed
Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart

===== > Step 3: Farbar Service Scanner < =====

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

===== > Step 4: MiniToolBox < =====

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#9
bod88

Posted 03 March 2014 - 09:02 AM

Member

Topic Starter
Member
15 posts

hi. please see logs below. thanks for all your help (so far)

OTL FIX

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32\\"" | "%SystemRoot%\system32\shell32.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32\\"" | "%systemroot%\system32\wbem\fastprox.dll" /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
Y:\cmd.bat deleted successfully.
Y:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Bryan.O'Donovan
->Temp folder emptied: 2225123 bytes
->Temporary Internet Files folder emptied: 58419 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 0 bytes

User: Clancy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default - Copy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: general
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: helpdesk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7786682 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03032014_141958

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\Buf5169.tmp not found!
File\Folder C:\Windows\temp\JET3C92.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

FSS

Farbar Service Scanner Version: 25-02-2014
Ran by bryan.o'donovan (administrator) on 03-03-2014 at 14:46:48
Running from "Y:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

MiniToolBox

MiniToolBox by Farbar Version: 23-01-2014
Ran by bryan.o'donovan (administrator) on 03-03-2014 at 14:56:12
Running from "Y:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)
Intel® 82579LM Gigabit Network Connection = Local Area Connection (Hardware not present)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : G002065
Primary Dns Suffix . . . . . . . : internal.theclancygroup.co.uk
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.theclancygroup.co.uk

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6205
Physical Address. . . . . . . . . : A0-88-B4-2D-49-38
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::eddf:37b6:9b70:f3ba%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 03 March 2014 14:43:58
Lease Expires . . . . . . . . . . : 04 March 2014 09:12:25
Default Gateway . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 446728372
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-67-DB-26-2C-41-38-0A-89-BB
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : CC-52-AF-89-43-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{072CB463-3E6B-4374-8601-2A4326801A03}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.internal.theclancygroup.co.uk:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{85A4E338-CE07-43EB-8284-C8AD53845FBB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F24664C5-D4B1-4EC3-B4C4-2F4F2CFB4130}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
23...a0 88 b4 2d 49 38 ......Intel® Centrino® Advanced-N 6205
13...cc 52 af 89 43 94 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
11...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.12 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.12 281
192.168.0.12 255.255.255.255 On-link 192.168.0.12 281
192.168.0.255 255.255.255.255 On-link 192.168.0.12 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.12 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.12 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
23 281 fe80::/64 On-link
23 281 fe80::eddf:37b6:9b70:f3ba/128
On-link
1 306 ff00::/8 On-link
23 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 02 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 03 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 04 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 05 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 06 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 07 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 08 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 09 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 10 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 11 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 12 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 13 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 14 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll [115760] (Neoteris)
Catalog9 27 D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll [45592] (Sophos Limited)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 60 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 61 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 62 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 63 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/03/2014 02:54:34 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: DNS lookup failure trying to resolve the following addresses: CZC9080001-.%%3

Error: (03/03/2014 02:37:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 02:37:20 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (03/03/2014 02:35:05 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (03/03/2014 02:21:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/03/2014 02:21:20 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (03/03/2014 02:18:30 PM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

Error: (03/03/2014 02:11:09 PM) (Source: Validity USDK) (User: )
Description: SSL alert by host: Description is: 47.

Error: (03/03/2014 09:27:39 AM) (Source: Validity USDK) (User: )
Description: SSL alert by host: Description is: 47.

Error: (03/03/2014 09:17:05 AM) (Source: Sophos Message Router) (User: NT AUTHORITY)
Description: DNS lookup failure trying to resolve the following addresses: CZC9080001-.%%3

System errors:
=============
Error: (03/03/2014 02:56:58 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/03/2014 02:56:58 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/03/2014 02:47:44 PM) (Source: Service Control Manager) (User: )
Description: The Sophos Message Router service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/03/2014 02:39:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{05D1D5D8-18D1-4B83-85ED-A0F99D53C885}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/03/2014 02:39:24 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (03/03/2014 02:38:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/03/2014 02:37:58 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/03/2014 02:37:39 PM) (Source: Microsoft-Windows-GroupPolicy) (User: CLANCYGROUP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/03/2014 02:37:17 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (03/03/2014 02:37:12 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (12/17/2013 02:27:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 450571 seconds with 18060 seconds of active time. This session ended with a crash.

Error: (10/11/2013 09:30:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 355880 seconds with 30420 seconds of active time. This session ended with a crash.

Error: (08/14/2013 05:30:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 43547 seconds with 60 seconds of active time. This session ended with a crash.

Error: (08/05/2013 06:58:46 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1787939 seconds with 50880 seconds of active time. This session ended with a crash.

Error: (07/29/2013 06:18:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 324419 seconds with 8640 seconds of active time. This session ended with a crash.

Error: (07/18/2013 01:47:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 279029 seconds with 21060 seconds of active time. This session ended with a crash.

Error: (04/24/2013 01:51:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 71491 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (04/16/2013 06:25:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/06/2012 01:01:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8763 seconds with 2820 seconds of active time. This session ended with a crash.

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Alcor Micro Smart Card Reader Driver (Version: 1.7.16.0)
ATI Catalyst Install Manager (Version: 3.0.812.0)
AutoCAD LT 2013 - English (Version: 19.0.55.0)
AutoCAD LT 2013 Language Pack - English (Version: 19.0.55.0)
Autodesk Content Service (Version: 3.0.84.0)
Autodesk Content Service Language Pack (Version: 3.0.84.0)
Autodesk Material Library 2013 (Version: 3.0.13)
Autodesk Material Library Base Resolution Image Library 2013 (Version: 3.0.13)
Autodesk Sync (Version: 3.5.24.0)
AVG 2013 (Version: 13.0.3705)
Bentley DGN IFilter (Version: 1.0.1.11)
Bentley DGN Preview Handler (Version: 8.11.8004)
Bentley DGN Thumbnail Provider (Version: 8.11.7.410)
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2012 (Version: 8.11.9.292)
Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2014 (Version: 08.11.09.459)
Bentley View V8i (SELECTseries 3) 08.11.09.459 (Version: 08.11.09.459)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0206.1335.24298)
Catalyst Control Center InstallProxy (Version: 2011.0206.1335.24298)
Catalyst Control Center Localization All (Version: 2011.0206.1335.24298)
Catalyst Control Center Profiles Mobile (Version: 2011.0206.1335.24298)
CCC Help Chinese Standard (Version: 2011.0206.1334.24298)
CCC Help Chinese Traditional (Version: 2011.0206.1334.24298)
CCC Help Czech (Version: 2011.0206.1334.24298)
CCC Help Danish (Version: 2011.0206.1334.24298)
CCC Help Dutch (Version: 2011.0206.1334.24298)
CCC Help English (Version: 2011.0206.1334.24298)
CCC Help Finnish (Version: 2011.0206.1334.24298)
CCC Help French (Version: 2011.0206.1334.24298)
CCC Help German (Version: 2011.0206.1334.24298)
CCC Help Greek (Version: 2011.0206.1334.24298)
CCC Help Hungarian (Version: 2011.0206.1334.24298)
CCC Help Italian (Version: 2011.0206.1334.24298)
CCC Help Japanese (Version: 2011.0206.1334.24298)
CCC Help Korean (Version: 2011.0206.1334.24298)
CCC Help Norwegian (Version: 2011.0206.1334.24298)
CCC Help Polish (Version: 2011.0206.1334.24298)
CCC Help Portuguese (Version: 2011.0206.1334.24298)
CCC Help Russian (Version: 2011.0206.1334.24298)
CCC Help Spanish (Version: 2011.0206.1334.24298)
CCC Help Swedish (Version: 2011.0206.1334.24298)
CCC Help Thai (Version: 2011.0206.1334.24298)
CCC Help Turkish (Version: 2011.0206.1334.24298)
ccc-core-static (Version: 2011.0206.1335.24298)
ccc-utility (Version: 2011.0206.1335.24298)
Configuration Manager Client (Version: 5.00.7804.1000)
CPC Lite pi 6.5.9 (Version: 6.5.9)
CPC View ax 6.5.9 (Version: 6.5.9)
CutePDF Writer 2.8
DAEMON Tools Lite (Version: 4.46.1.0327)
DHTML Editing Component (Version: 6.02.0002)
DirectX 9 Runtime (Version: 1.00.0000)
DWG TrueView 2012 (Version: 18.2.51.0)
Google Chrome (Version: 32.0.1700.107)
Google Toolbar for Firefox (Version: 7.1.20101113)
Google Update Helper (Version: 1.3.22.3)
HDR Preview (Version: 1.0.0.2)
Host Checker (Version: 4.1.1.7335)
HP 3D DriveGuard (Version: 4.1.4.1)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 3050A J611 series Basic Device Software (Version: 23.0.504.0)
HP Deskjet 3050A J611 series Help (Version: 140.0.2.2)
HP HotKey Support (Version: 4.0.10.1)
HP Integrated Module with Bluetooth wireless technology (Version: 6.2.1.500)
HP Officejet 7500 E910 Basic Device Software (Version: 22.50.231.0)
HP Officejet 7500 E910 Help (Version: 140.0.93.93)
HP Quick Launch Buttons (Version: 6.50.12.1)
HP Webcam Driver (Version: 5.8.50009.1)
I.E. Favourites (Version: 1.0.0)
IDT Audio (Version: 1.0.6257.0)
i-model ODBC Driver for Windows 7 (Version: 01.00.00020)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections Drivers (Version: 15.4)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.2.0.0284)
Intel® Rapid Storage Technology (Version: 10.1.2.1004)
Java™ 6 Update 26 (Version: 6.0.260)
LSI HDA Modem (Version: 2.2.100)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Standard 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Policy Platform (Version: 1.2.3602.0)
Microsoft Project MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Project Professional 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MicroStation V8i (SELECTseries 3) 08.11.09.292 (Version: 08.11.09.292)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Numara Track-It! 8 Agent (Version: 8.0)
NVIDIA Drivers (Version: 1.10)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
PMB (Version: 5.2.00.03250)
PreReq (Version: 6.2.2.60)
QLBCASL (Version: 6.40.17.2)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
RICOH Media Driver (Version: 2.13.00.05)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.8.0)
Roxio Creator Business (Version: 10.3)
Roxio Creator Business v10 (Version: 3.8.0)
Roxio Creator Copy (Version: 3.8.0)
Roxio Creator Data (Version: 3.8.0)
Roxio Creator Tools (Version: 3.8.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.3.349)
Samsung Drive Manager (Version: 1.0.148)
Secure Application Manager (Version: 4.1.1.7335)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sophos Anti-Virus (Version: 9.7.7)
Sophos AutoUpdate (Version: 2.5.30)
Sophos Client Firewall (Version: 2.7.0)
Sophos Remote Management System (Version: 3.3.0)
Spybot - Search & Destroy (Version: 2.2.25)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Validity Fingerprint Sensor Driver (Version: 4.3.117.0)
Visual Basic for Applications ® Core - English (Version: 6.5.10.32)
Visual Basic for Applications ® Core (Version: 6.5.10.32)
Visualization Content (Version: 8.11.9.292)
VLC media player 2.0.1 (Version: 2.0.1)
Web Connection
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
WinZip 12.0 (Version: 12.0.8252)
Yahoo! Detect

========================= Devices: ================================

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: Sophos Client Firewall NDIS packet filter
Description: Sophos Client Firewall NDIS packet filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: scfndis

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: Microsoft ACPI-Compliant Embedded Controller
Description: Microsoft ACPI-Compliant Embedded Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: Bluetooth L2CAP Interface
Description: Bluetooth L2CAP Interface
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwl2cap

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService

Name: Bluetooth AV Source
Description: Bluetooth AV Source
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 4 - 1C16
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Microsoft ACPI-Compliant Control Method Battery
Description: Microsoft ACPI-Compliant Control Method Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: Intel® Centrino® Advanced-N 6205
Description: Intel® Centrino® Advanced-N 6205
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs32

Name: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Description: Windows Socket 2.0 Non-IFS Service Provider Support Environment
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ws2ifsl

Name: SKMScan
Description: SKMScan
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SKMScan

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: ACPI Lid
Description: ACPI Lid
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: IPBusEnum Root Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: HP Mobile Data Protection Sensor
Description: HP Mobile Data Protection Sensor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: Accelerometer

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: ACPI Sleep Button
Description: ACPI Sleep Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: mdf16
Description: mdf16
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mdf16

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Broadcom
Service: btwrchid

Name: Trusted Platform Module 1.2
Description: Trusted Platform Module 1.2
Class Guid: {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
Manufacturer: (Standard)
Service: TPM

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 8 - 1C1E
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 8 - 1C1E
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi

Name: Xeon E3-1200/2nd Generation Intel® Core™ Processor Family PCI Express Root Port - 0101
Description: Xeon E3-1200/2nd Generation Intel® Core™ Processor Family PCI Express Root Port - 0101
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG

Name: LSI HDA Modem
Description: LSI HDA Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: LSI
Service: Modem

Name: Intel® 82802 Firmware Hub Device
Description: Intel® 82802 Firmware Hub Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Microsoft AC Adapter
Description: Microsoft AC Adapter
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: CmBatt

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn

Name: Direct Application Launch Button
Description: Direct Application Launch Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Parvdm
Description: Parvdm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Parvdm

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: Renesas Electronics USB 3.0 Root Hub
Description: Renesas Electronics USB 3.0 Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Renesas Electronics
Service: nusb3hub

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: hp DVD RW AD-7711H
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: cpudrv
Description: cpudrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cpudrv

Name: Bluetooth AV Remote Control Target
Description: Bluetooth AV Remote Control Target
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service:

Name: Synaptics PS/2 Port Compatible TouchPad
Description: Synaptics PS/2 Port Compatible TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: Validity Sensor
Description: Validity Sensor (VFS471)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Validity Sensors, Inc.
Service: WinUSB

Name: HP HD Webcam [Fixed]
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo

Name: Offline Files Driver
Description: Offline Files Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CSC

Name: Radeon HD 6470M
Description: Radeon HD 6470M
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap

Name: 2nd Generation Intel® Core™ Processor Family DRAM Controller - 0104
Description: 2nd Generation Intel® Core™ Processor Family DRAM Controller - 0104
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Disk Virtual Machine Bus Acceleration Filter Driver
Description: Disk Virtual Machine Bus Acceleration Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: storflt

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: Intel® Core™ i7-2620M CPU @ 2.70GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor

Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: SMS Process Event Driver
Description: SMS Process Event Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: prepdrvr

Name: Generic Flash Disk USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: TOSHIBA MK3261GSYN
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Description: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Intel® 82579LM Gigabit Network Connection
Description: Intel® 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Bluetooth Remote Control
Description: Bluetooth Remote Control
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Broadcom Corp.
Service: btwavdt

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: TDTCP
Description: TDTCP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TDTCP

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard with HP QLB
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: i8042prt

Name: Intel® Core™ i7-2620M CPU @ 2.70GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Description: Intel® 6 Series/C200 Series Chipset Family USB Enhanced Host Controller - 1C2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: Intel® Mobile Express Chipset SATA AHCI Controller
Description: Intel® Mobile Express Chipset SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor

Name: Renesas Electronics USB 3.0 Host Controller
Description: Renesas Electronics USB 3.0 Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Renesas Electronics
Service: nusb3xhc

Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Keyboard Filter
Description: Keyboard Filter
Class Guid: {FC80E0C0-C54E-4ccd-8D7A-CDF5ACB65F2E}
Manufacturer:
Service:

Name: Remote Desktop Services Security Filter Driver
Description: Remote Desktop Services Security Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tssecsrv

Name: Terminal Server Device Redirector Driver
Description: Terminal Server Device Redirector Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPDR

Name: Microsoft ISATAP Adapter #6
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Description: HP Integrated Module with Bluetooth 2.1 Wireless Technology
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: LECA UK
Description: Flash Disk
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: Microsoft Bluetooth Enumerator
Description: Microsoft Bluetooth Enumerator
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthEnum

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® 6 Series/C200 Series Management Engine Interface - 1C3A
Description: Intel® 6 Series/C200 Series Management Engine Interface - 1C3A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: mvd23
Description: mvd23
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mvd23

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus

Name: ACPI x86-based PC
Description: ACPI x86-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 1 - 1C10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Extended IO Bus
Description: Extended IO Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol

Name: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
Description: Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter
Class Guid: {dad27e18-2598-4484-98b0-5dba8e007f6a}
Manufacturer: Intel Corporation
Service: AMPPAL

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Intel® Core™ i7-2620M CPU @ 2.70GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: RDP Winstation Driver
Description: RDP Winstation Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPWD

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Intel® Active Management Technology - SOL (COM3)
Description: Intel® Active Management Technology - SOL
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Serial

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: DTSOFT Virtual CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 2 - 1C12
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy

Name: DAEMON Tools Virtual Bus
Description: DAEMON Tools Virtual Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: DT Soft Ltd
Service: dtsoftbus01

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Composite Battery
Description: Microsoft Composite Battery
Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a}
Manufacturer: Microsoft
Service: Compbatt

Name: Bluetooth Hands-free Audio
Description: Bluetooth Hands-free Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: btwaudio

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vwififlt

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot

Name: Intel® QM67 Express Chipset Family LPC Interface Controller - 1C4F
Description: Intel® QM67 Express Chipset Family LPC Interface Controller - 1C4F
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: Intel® Core™ i7-2620M CPU @ 2.70GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: SCF Kernel Driver
Description: SCF Kernel Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: scfdriver

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Description: Intel® 6 Series/C200 Series Chipset Family PCI Express Root Port 3 - 1C14
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: amdkmdag
Description: amdkmdag
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdkmdag

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3054.36 MB
Available physical RAM: 1669.98 MB
Total Pagefile: 6107 MB
Available Pagefile: 4320.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.96 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:30.23 GB) (Free:4.28 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:267.75 GB) (Free:217.77 GB) NTFS
5 Drive y: (LECA UK) (Removable) (Total:0.12 GB) (Free:0.03 GB) FAT

========================= Users: ========================================

User accounts for \\G002065

Administrator Guest SophosSAUG0020650

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#10
Machiavelli

Posted 03 March 2014 - 09:31 AM

GeekU Moderator

GeekU Moderator
4,722 posts

===== > Step 1: Fixing Services < =====

Download wscsvc.reg from here and download iphlpsvc.reg from here and SharedAccess.reg from here to your Desktop.
Locate wscsvc.reg on your Desktop and double-click on it to merge it with your registry
Answer Yes when prompted about merging with the registry

Do the same for iphlpsvc.reg and SharedAccess.reg.

===== > Step 2: Farbar Service Scanner < =====

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Tell me if the Internet works again after you finished with the instructions. Fingers crossed.

#11
bod88

Posted 04 March 2014 - 02:56 PM

Member

Topic Starter
Member
15 posts

still no internet! very strange

here is the log from FSS

Farbar Service Scanner Version: 25-02-2014
Ran by bryan.o'donovan (administrator) on 04-03-2014 at 19:03:33
Running from "Y:\"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#12
Machiavelli

Posted 04 March 2014 - 02:59 PM

GeekU Moderator

GeekU Moderator
4,722 posts

OK, now the services are fixed, the next thing we have to fix is your internet. I will be back with further instructions later.

#13
Machiavelli

Posted 05 March 2014 - 03:58 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey!

Please download Windows Repair from here
Right click on the Installer and select Run as Administrator - then install the program
Right click on the Windows Repair All-in-one icon and select Run as Administrator
You will see a screen like that below:

Please move to the tab called Step3: Optional. The picture below shows how the screen should look like:

Please click on Do It and wait until it is finished.
Please move to the tab Step 4 and under Registry Backup please click BackUp - this will do a Registry BackUp of your computer. Please let it also create a System Restore point by clicking on the Create Button under the System Restore Section
Then move to the tab Start Repairs - you will see a screen like below:

Please click on Start - this will open a new screen.
Select the following items and tick restart system when finished. (Check the same items like in the picture below)

Then click Start and the scan/fix will begin
The PC will reboot - if not please reboot it manually

Does the Internet work now?

#14
bod88

Posted 06 March 2014 - 07:32 AM

Member

Topic Starter
Member
15 posts

hi,

still no connection, sorry for how long this is taking! any other logs you require?

regards

bod88

#15
Machiavelli

Posted 06 March 2014 - 07:44 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey

After the MiniToolBox Log you are connected via WLAN.

Intel® Centrino® Advanced-N 6205 = Wireless Network Connection (Connected)

Are you able to connect via a (DSL) cable and test if the network works there? If it works there we know then that there is something wrong with WLAN. This could be caused by a damaged driver/service/file etc. We are working then with different tools to fix the issue.

Please answer this question. After you have answered we must make sure that this issue isn't caused by Malware so my plan is to scan with MBAM and ESET before fixing the Internet issue. The question above is just to identify the exact problem.