JoThoma

Marius I ran the Windows Error Checking utility, the Winlogin 5/12/2013 from Event Viewer is copied below: Event Type: Information Event Source: Winlogon Event Category: None Event ID: 1001 Date: 05/12/2013 Time: 17:42:50 User: N/A Computer: YOUR-ABF4F98234 Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 2011 unused index entries from index $SII of file 0x9. Cleaning up 2011 unused index entries from index $SDH of file 0x9. Cleaning up 2011 unused security descriptors. CHKDSK is verifying Usn Journal... Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Windows has made corrections to the file system. 309098632 KB total disk space. 35646372 KB in 146282 files. 66196 KB in 17233 indexes. 0 KB in bad sectors. 511404 KB in use by the system. 65536 KB occupied by the log file. 272874660 KB available on disk. 4096 bytes in each allocation unit. 77274658 total allocation units on disk. 68218665 allocation units available on disk. Internal Info: f0 ef 04 00 c7 7e 02 00 e6 fc 03 00 00 00 00 00 .....~.......... c5 4d 00 00 03 00 00 00 93 0f 00 00 00 00 00 00 .M.............. 66 33 a7 05 00 00 00 00 cc 87 8f 5d 00 00 00 00 f3.........].... 78 8a 4a 12 00 00 00 00 40 ee b4 a5 03 00 00 00 x.J.....@....... ea f3 25 27 0c 00 00 00 e4 ed 44 4c 10 00 00 00 ..%'......DL.... 99 9e 36 00 00 00 00 00 48 3e 07 00 6a 3b 02 00 ..6.....H>..j;.. 00 00 00 00 00 90 ae 7f 08 00 00 00 51 43 00 00 ............QC.. Windows has finished checking your disk. Please wait while your computer restarts. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. When you have looked over the above, I will run the CCleaner, although curiously AVG 'Fix Slow Computer' msg popped up when the Win Error Checking finished. I have not done anything yet. Will wait to try CCleaner on your reply. Thanks

Marius I have followed your instructions to open sfc /scannow. A Windows msg came up 'Windows File Protection: Please wait while Windows verifies that all protected Windows Files are intact & in their original versions'. Next msg says Insert original Windows XP disk. System then says there is a conflict with your disk When I tried to come out Windows msg says choose normal startup mode & undo the changes you made using sys conf utility. I've returned it to normal startup mode, did a restart. Sorry, but I can't seem to get any further. Your further advice please. Thanks

Marius Thanks for this. I have received a msg from MS support saying that I should be aware when running sfc /scannow I may need a genuine bootable XP installation CD that is the same Service Pack as my installed Service Pack, (I have SP3). I don't have this installation disk. MS Support also suggest that If I don't have one, sfc /scannow is going to complain - a lot & will not help with my slow startup time anyway. I have used AVG's 'Fix Performance' tool some months ago. This produces a log of Registry errors, Junk Files, Fragmentation & Broken Shortcuts. Of course, the Free AVG Ver will only fix what you pay for. Will this produce what is needed for you or is this nieve of me?

Marius I've updated & removed/uninstalled as requested, however I tried to download the delfix tool, but my browser would not allow download, saying it is an unsafe website. I will follow the recommendations you give on protection. My system is still very slow at startup, it takes up to 30 mins to activate/open anything. The mouse does not allow me to click on anything on my desktop for almost 30 mins. For example, when the mouse hovers over the taskbar the egg timer displays, but when it points to any icons on the desktop the arrow displays, but nothing can be opened or clicked on for up to 30 mins. This was happening before the PUM was detected and is still occurring . Have any advice on this please? Thanks

Marius AdwCleaner produced two log files. AdwCleaner[s0] & [R0]. I've copied [s0] only as they both appear to be identical, see below: SecurityCheck, Link 1 produced the log file checkup.txt, see below. Link 2 took me to the 'bleeping computers' website with displaying information about Security Check. Thanks # AdwCleaner v3.013 - Report created 28/11/2013 at 10:02:38 # Updated 24/11/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Default - YOUR-ABF4F98234 # Running from : C:\Documents and Settings\Default\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\Winamp Toolbar Folder Deleted : C:\Documents and Settings\Default\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Default\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\WinampToolbarData Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F} [!] Folder Deleted : C:\Documents and Settings\Default\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof File Deleted : C:\Program Files\Mozilla Firefox\.autoreg File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml File Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\AVG Secure Search\vprot.exe] Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Winamp Toolbar Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\Software\Winamp Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v3.6.13 (en-GB) [ File : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\prefs.js ] Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\10.0.0.7"); Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); -\\ Google Chrome v31.0.1650.57 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Default\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [15303 octets] - [28/11/2013 10:01:12] AdwCleaner[s0].txt - [15577 octets] - [28/11/2013 10:02:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [15638 octets] ########## ====================================================================== Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG 2014 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 6 Update 19 Java 7 Update 5 Java 2 Runtime Environment, SE v1.4.2 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader XI Mozilla Firefox (3.6.13) Firefox out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 3% ````````````````````End of Log``````````````````````

Marius I ran the ESET online scan as advised. It took a couple of hours. The outcome, NO THREATS FOUND. Is this the end of the process? If so, what if anything should I be doing to try to prevent this happening in the future? I have Free AVG 2014 installed. AVG didn't stop this getting through & nothing showed on the AVG scan I ran at the time it. Hence, I ran a scan on MBAM, which then found the PUM.HiJack.Start Menu. Your advice would be welcome. Thanks once again.

Marius I have followed the steps you advised. Below is the MBAM log, then the Combofix.txt (combinded CFScript.txt) I removed 2 Objects found in the scan: Trojan.P2P.WORM PUP.Optical.OpenCandy Please advise if any further steps in this process? Thanks again. ========================================== Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.26.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Default :: YOUR-ABF4F98234 [administrator] 26/11/2013 18:14:53 mbam-log-2013-11-26 (18-14-53).txt Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 409853 Time elapsed: 2 hour(s), 1 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\20111710_105239_Backup Oct 2011\C\DOCUME~1\Default\LOCALS~1\APPLIC~1\Temp\{41BBC~1.nco (Trojan.P2P.Worm) -> Quarantined and deleted successfully. C:\Documents and Settings\Default\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-uk.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end) =============================================== ComboFix 13-11-23.02 - Default 26/11/2013 17:58:22.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1406.773 [GMT 0:00] Running from: c:\documents and settings\Default\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Default\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8.tmp c:\program files\Winamp Toolbar c:\program files\Winamp Toolbar\install.log c:\program files\Winamp Toolbar\uninstall.exe c:\program files\Winamp Toolbar\winamptb.dll c:\program files\Winamp Toolbar\winamptbServer.exe c:\program files\Winamp Toolbar\winamptbServerPS.dll c:\program files\Winamp Toolbar\xprt6.dll . . ((((((((((((((((((((((((( Files Created from 2013-10-26 to 2013-11-26 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-10 15:13 . 2012-11-09 14:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-10-13 07:25 . 2004-09-06 16:33 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-13 07:25 . 2004-09-06 16:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-13 07:25 . 2004-09-06 16:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-13 07:24 . 2004-09-06 16:32 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-13 06:57 . 2004-09-06 16:32 385024 ----a-w- c:\windows\system32\html.iec 2013-10-12 15:56 . 2004-09-06 16:33 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2004-09-06 16:32 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-09 12:24 . 2011-06-15 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 10:59 . 2004-09-06 16:32 603136 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 01:14 . 2009-04-14 17:55 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-09-10 22:18 . 2013-09-10 22:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 09:39 . 2010-09-07 03:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 01:31 . 2004-09-06 16:33 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-29 00:56 . 2011-07-16 15:44 26240 ----a-w- c:\windows\system32\drivers\usbser.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-11-10 15:13 3353624 ----a-w- c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "CHotkey"="zHotkey.exe" [2004-05-17 543232] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 344064] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-11-10 2420248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-23 295512] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent] 2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Scansoft\\PaperPort\\PPScanMg.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\AVG Secure Search\\vprot.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.3.1.7.bt.1.3\\ma\\bin\\node.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 22:18 97008] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 14:25 37664] R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [15/08/2013 08:40 330960] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 22:18 148688] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 22:18 222416] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152] R2 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [02/10/2013 22:30 321024] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 22:18 1435928] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056] R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [10/11/2013 15:14 1734680] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-15 11:31 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:24] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18] . 2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56] . 2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04] . 2013-10-21 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09] . 2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07] . 2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07] . . ------- Supplementary Scan ------- . mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: microsoft.com\office Trusted Zone: motive.com\pbttbc.bt TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe . . . ************************************************************************** ComboFix 13-11-23.02 - Default 26/11/2013 17:58:22.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1406.773 [GMT 0:00] Running from: c:\documents and settings\Default\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Default\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8.tmp c:\program files\Winamp Toolbar c:\program files\Winamp Toolbar\install.log c:\program files\Winamp Toolbar\uninstall.exe c:\program files\Winamp Toolbar\winamptb.dll c:\program files\Winamp Toolbar\winamptbServer.exe c:\program files\Winamp Toolbar\winamptbServerPS.dll c:\program files\Winamp Toolbar\xprt6.dll . . ((((((((((((((((((((((((( Files Created from 2013-10-26 to 2013-11-26 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-10 15:13 . 2012-11-09 14:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-10-13 07:25 . 2004-09-06 16:33 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-13 07:25 . 2004-09-06 16:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-13 07:25 . 2004-09-06 16:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-13 07:24 . 2004-09-06 16:32 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-13 06:57 . 2004-09-06 16:32 385024 ----a-w- c:\windows\system32\html.iec 2013-10-12 15:56 . 2004-09-06 16:33 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2004-09-06 16:32 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-09 12:24 . 2011-06-15 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 10:59 . 2004-09-06 16:32 603136 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 01:14 . 2009-04-14 17:55 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-09-10 22:18 . 2013-09-10 22:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 09:39 . 2010-09-07 03:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 01:31 . 2004-09-06 16:33 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-29 00:56 . 2011-07-16 15:44 26240 ----a-w- c:\windows\system32\drivers\usbser.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-11-10 15:13 3353624 ----a-w- c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "CHotkey"="zHotkey.exe" [2004-05-17 543232] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 344064] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-11-10 2420248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-23 295512] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent] 2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Scansoft\\PaperPort\\PPScanMg.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\AVG Secure Search\\vprot.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.3.1.7.bt.1.3\\ma\\bin\\node.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 22:18 97008] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 14:25 37664] R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [15/08/2013 08:40 330960] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 22:18 148688] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 22:18 222416] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152] R2 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [02/10/2013 22:30 321024] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 22:18 1435928] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056] R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [10/11/2013 15:14 1734680] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-15 11:31 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:24] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18] . 2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56] . 2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04] . 2013-10-21 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09] . 2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07] . 2013-11-26 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07] . . ------- Supplementary Scan ------- . mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: microsoft.com\office Trusted Zone: motive.com\pbttbc.bt TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file) AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-26 18:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1056) c:\windows\system32\Ati2evxx.dll . Completion time: 2013-11-26 18:09:34 ComboFix-quarantined-files.txt 2013-11-26 18:09 ComboFix2.txt 2013-11-25 16:36 . Pre-Run: 269,819,981,824 bytes free Post-Run: 269,824,253,952 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut . - - End Of File - - 1E9555C28B73D42D71D4CE0F948DC913 B20939CD98B7710036274839082AE757

Marius Success at the 2nd attempt with Combofix.exe. The file generated is copied below: Your next step/advice is welcomed. Thanks ComboFix 13-11-23.02 - Default 25/11/2013 16:08:58.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1406.751 [GMT 0:00] Running from: c:\documents and settings\Default\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\SPL59.tmp c:\documents and settings\Default User\WINDOWS c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc10.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc105.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc108.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc11.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc12.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc120.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc122.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc13.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc135.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc14.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc15.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc16.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc165.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc16A.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc17.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc18.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc19.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1A.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1B.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1C.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1D.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1D4.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1E.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1E0.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc1F.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc22.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc22F.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc23C.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc28A.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc28E.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc2B0.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc2C.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc383.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc48.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc4A.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc4D.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc6AB.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc8C.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mcc9.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccA.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccB.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccC.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccC3.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccD.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccE.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccF.tmp c:\documents and settings\Default\Local Settings\Temporary Internet Files\mccF2.tmp c:\documents and settings\Default\WINDOWS c:\windows\system32\Cache c:\windows\system32\Cache\13bfc6c31ca8ee14.fb c:\windows\system32\Cache\1cd130473540b606.fb c:\windows\system32\Cache\1f58ffd8b6ecc189.fb c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\39b43daf419f0a76.fb c:\windows\system32\Cache\44997ba583cdb3c5.fb c:\windows\system32\Cache\488df906248df106.fb c:\windows\system32\Cache\574f3ab1740544e8.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\5b3c49e167d58868.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\69bd6078e1fb160e.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\7733d29b99a4e90a.fb c:\windows\system32\Cache\7a153972fd867d5f.fb c:\windows\system32\Cache\83fbc17ab7f93099.fb c:\windows\system32\Cache\8687a1e08f64fd60.fb c:\windows\system32\Cache\92f339cc60e04125.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\97ab9d814e9422da.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\acb254613d2169f3.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\af4876a6c5473e6f.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\cf0b80cc05960985.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\e6e9f1d0a5e60e06.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\FlashPlayerApp.exe c:\windows\system32\SET7B.tmp c:\windows\system32\SET80.tmp D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_PCCMSERVICE -------\Service_pcCMService . . ((((((((((((((((((((((((( Files Created from 2013-10-25 to 2013-11-25 ))))))))))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-10 15:13 . 2012-11-09 14:25 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-10-13 07:25 . 2004-09-06 16:33 920064 ----a-w- c:\windows\system32\wininet.dll 2013-10-13 07:25 . 2004-09-06 16:33 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-10-13 07:25 . 2004-09-06 16:32 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-10-13 07:24 . 2004-09-06 16:32 18944 ----a-w- c:\windows\system32\corpol.dll 2013-10-13 06:57 . 2004-09-06 16:32 385024 ----a-w- c:\windows\system32\html.iec 2013-10-12 15:56 . 2004-09-06 16:33 278528 ----a-w- c:\windows\system32\oakley.dll 2013-10-09 13:12 . 2004-09-06 16:32 287744 ----a-w- c:\windows\system32\gdi32.dll 2013-10-09 12:24 . 2011-06-15 16:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-07 10:59 . 2004-09-06 16:32 603136 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 01:14 . 2009-04-14 17:55 7168 ----a-w- c:\windows\system32\xpsp4res.dll 2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys 2013-09-10 22:18 . 2013-09-10 22:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-09-10 21:11 . 2011-12-23 12:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys 2013-09-08 21:12 . 2010-09-07 03:48 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2013-09-02 09:39 . 2010-09-07 03:48 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2013-09-02 09:28 . 2012-04-19 03:50 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys 2013-09-02 09:28 . 2011-12-23 12:32 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys 2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys 2013-08-29 01:31 . 2004-09-06 16:33 1878656 ----a-w- c:\windows\system32\win32k.sys 2013-08-29 00:56 . 2011-07-16 15:44 26240 ----a-w- c:\windows\system32\drivers\usbser.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2012-03-19 1937736] . [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2013-11-10 15:13 3353624 ----a-w- c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll" [2013-11-10 3353624] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "CHotkey"="zHotkey.exe" [2004-05-17 543232] "ShowWnd"="ShowWnd.exe" [2003-09-19 36864] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 344064] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768] "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-11 1505144] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-11-10 2420248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-23 295512] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent] 2012-02-28 14:53 190768 ----a-w- c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-17 10:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RegisterDropHandler"=c:\progra~1\TEXTBR~1.0\Bin\REGIST~1.EXE "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\muzapp.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Scansoft\\PaperPort\\PPScanMg.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\AVG Secure Search\\vprot.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\MA\\8.3.1.7.bt.1.3\\ma\\bin\\node.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 145720] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 27448] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [10/09/2013 22:18 97008] R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 209208] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 22840] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 176952] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 193848] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/11/2012 14:25 37664] R1 RapportCerberus_56758;RapportCerberus_56758;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [15/08/2013 08:40 330960] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [10/09/2013 22:18 148688] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/09/2013 22:18 222416] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152] R2 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe [02/10/2013 22:30 321024] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/09/2013 22:18 1435928] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [16/04/2013 02:07 39056] R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [10/11/2013 15:14 1734680] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16/09/2013 11:29 3273088] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/09/2013 10:34 171680] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-11-15 11:31 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 12:24] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18] . 2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-24 20:18] . 2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 11:56] . 2010-08-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-11 17:04] . 2013-10-21 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16 02:09] . 2013-11-25 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07] . 2013-11-25 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-706994516-3426036256-1752556398-1007.job - c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16 02:07] . . ------- Supplementary Scan ------- . mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html uInternet Settings,ProxyOverride = 127.0.0.1 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: microsoft.com\office Trusted Zone: motive.com\pbttbc.bt TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Default\Application Data\Mozilla\Firefox\Profiles\3ynhiq9z.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension FF - Ext: AVG Security Toolbar: avg@toolbar - c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.5.0.2 FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-25 16:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1136) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3720) c:\windows\system32\WININET.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe c:\windows\zHotkey.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe . ************************************************************************** . Completion time: 2013-11-25 16:36:34 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-25 16:36 . Pre-Run: 269,130,055,680 bytes free Post-Run: 269,973,852,160 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut . - - End Of File - - DD490A468E312BC2B4991900DAAADB7A B20939CD98B7710036274839082AE757

I Marius I downloaded Combofix.exe. I could see no sign of MS Recovery Console on my sys after Combofix was installed. I tried to save it to my desktop as advised, but it disappeared before it asked me to scan for malware. All I did was Agree to the Licence. I can see in the Prefetch folder in Windows that it must have installed: Combofix[1].exe-0EDE2FD8.pf I cannot see it has generated any .txt files as yet. I noticed as at 24/11/2013 on C:\Windows there are three recent log files WIADEBUG.log WIASERVC.log & WindowsUpdate.log Are these relevent? Sorry, I can't see ComboFix.txt anywhere on C:\

Marius, thanks for your response. I have done as you suggested and TDSSKiller generated a report which I tried to send to you. I have also copied it here. Nothing malicious came up in the rootkit scan. Please advise what is the next step in the clean up process? 10:27:12.0078 0x0278 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50 10:27:57.0062 0x0278 ============================================================ 10:27:57.0062 0x0278 Current date / time: 2013/11/22 10:27:57.0062 10:27:57.0062 0x0278 SystemInfo: 10:27:57.0062 0x0278 10:27:57.0062 0x0278 OS Version: 5.1.2600 ServicePack: 3.0 10:27:57.0062 0x0278 Product type: Workstation 10:27:57.0062 0x0278 ComputerName: YOUR-ABF4F98234 10:27:57.0062 0x0278 UserName: Default 10:27:57.0062 0x0278 Windows directory: C:\WINDOWS 10:27:57.0062 0x0278 System windows directory: C:\WINDOWS 10:27:57.0062 0x0278 Processor architecture: Intel x86 10:27:57.0062 0x0278 Number of processors: 1 10:27:57.0062 0x0278 Page size: 0x1000 10:27:57.0062 0x0278 Boot type: Normal boot 10:27:57.0062 0x0278 ============================================================ 10:27:59.0593 0x0278 KLMD registered as C:\WINDOWS\system32\drivers\42813963.sys 10:28:00.0218 0x0278 System UUID: {FB96FAA6-1841-2438-8BD1-9B66054690E3} 10:28:02.0750 0x0278 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:28:02.0796 0x0278 Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 10:28:02.0875 0x0278 ============================================================ 10:28:02.0875 0x0278 \Device\Harddisk0\DR0: 10:28:02.0875 0x0278 MBR partitions: 10:28:02.0875 0x0278 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x69E5B0, BlocksNum 0x24D8F111 10:28:02.0875 0x0278 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x69E571 10:28:02.0875 0x0278 \Device\Harddisk1\DR1: 10:28:02.0875 0x0278 Invalid mbr signature 10:28:02.0875 0x0278 ============================================================ 10:28:02.0906 0x0278 C: <-> \Device\Harddisk0\DR0\Partition1 10:28:02.0906 0x0278 D: <-> \Device\Harddisk0\DR0\Partition2 10:28:02.0906 0x0278 ============================================================ 10:28:02.0906 0x0278 Initialize success 10:28:02.0906 0x0278 ============================================================ 10:28:04.0468 0x0d94 ============================================================ 10:28:04.0468 0x0d94 Scan started 10:28:04.0468 0x0d94 Mode: Manual; 10:28:04.0468 0x0d94 ============================================================ 10:28:04.0468 0x0d94 KSN ping started 10:28:07.0015 0x0d94 KSN ping finished: true 10:28:07.0656 0x0d94 ================ Scan system memory ======================== 10:28:07.0656 0x0d94 System memory - ok 10:28:07.0656 0x0d94 ================ Scan services ============================= 10:28:07.0812 0x0d94 Abiosdsk - ok 10:28:07.0828 0x0d94 [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 10:28:07.0828 0x0d94 abp480n5 - ok 10:28:07.0937 0x0d94 [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:28:07.0937 0x0d94 ACPI - ok 10:28:07.0968 0x0d94 [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 10:28:07.0968 0x0d94 ACPIEC - ok 10:28:08.0062 0x0d94 [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 10:28:08.0062 0x0d94 AdobeFlashPlayerUpdateSvc - ok 10:28:08.0078 0x0d94 [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys 10:28:08.0093 0x0d94 adpu160m - ok 10:28:08.0109 0x0d94 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys 10:28:08.0109 0x0d94 aec - ok 10:28:08.0156 0x0d94 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys 10:28:08.0171 0x0d94 AFD - ok 10:28:08.0203 0x0d94 [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys 10:28:08.0203 0x0d94 agp440 - ok 10:28:08.0218 0x0d94 [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 10:28:08.0218 0x0d94 agpCPQ - ok 10:28:08.0234 0x0d94 [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys 10:28:08.0234 0x0d94 Aha154x - ok 10:28:08.0250 0x0d94 [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys 10:28:08.0250 0x0d94 aic78u2 - ok 10:28:08.0281 0x0d94 [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys 10:28:08.0281 0x0d94 aic78xx - ok 10:28:08.0437 0x0d94 [ 933933288DF5ED26D1928215C97D05C7, 2CC5AAD5ABDAD463E4F355616D8D0FF3C93428B25FC1DE605FC7EF4172B27F11 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS 10:28:08.0546 0x0d94 ALCXWDM - ok 10:28:08.0578 0x0d94 [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 10:28:08.0578 0x0d94 Alerter - ok 10:28:08.0609 0x0d94 [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG C:\WINDOWS\System32\alg.exe 10:28:08.0609 0x0d94 ALG - ok 10:28:08.0625 0x0d94 [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys 10:28:08.0625 0x0d94 AliIde - ok 10:28:08.0640 0x0d94 [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys 10:28:08.0640 0x0d94 alim1541 - ok 10:28:08.0656 0x0d94 [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys 10:28:08.0656 0x0d94 amdagp - ok 10:28:08.0671 0x0d94 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys 10:28:08.0671 0x0d94 amsint - ok 10:28:08.0671 0x0d94 AppMgmt - ok 10:28:08.0718 0x0d94 [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:28:08.0718 0x0d94 Arp1394 - ok 10:28:08.0734 0x0d94 [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys 10:28:08.0734 0x0d94 asc - ok 10:28:08.0750 0x0d94 [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys 10:28:08.0750 0x0d94 asc3350p - ok 10:28:08.0765 0x0d94 [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys 10:28:08.0765 0x0d94 asc3550 - ok 10:28:08.0890 0x0d94 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 10:28:08.0906 0x0d94 aspnet_state - ok 10:28:08.0921 0x0d94 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:28:08.0921 0x0d94 AsyncMac - ok 10:28:08.0937 0x0d94 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 10:28:08.0937 0x0d94 atapi - ok 10:28:08.0953 0x0d94 Atdisk - ok 10:28:09.0015 0x0d94 [ 09266AE04746D652680120BE8BE76F53, 5E1A640E03809AF0C49691B95BB597A19E805370053903E1E3B19B026E710E82 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe 10:28:09.0031 0x0d94 Ati HotKey Poller - ok 10:28:09.0125 0x0d94 [ DCD26B36CE305B718E2F1C56C19DF668, 11D5EECEFC8855C43CEF5111FC032318D66BE06926FA72EDE30FCBD94A3C16E7 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 10:28:09.0171 0x0d94 ati2mtag - ok 10:28:09.0218 0x0d94 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:28:09.0218 0x0d94 Atmarpc - ok 10:28:09.0250 0x0d94 [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 10:28:09.0250 0x0d94 AudioSrv - ok 10:28:09.0281 0x0d94 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 10:28:09.0281 0x0d94 audstub - ok 10:28:09.0296 0x0d94 [ 8A7DC10E81E73994AF8D8FB4E921BA20, C9905638CC3CACAE77E907DAE061EC3D2A8AACC412004E905D0CD2BEA418EC91 ] Avgdiskx C:\WINDOWS\system32\DRIVERS\avgdiskx.sys 10:28:09.0312 0x0d94 Avgdiskx - ok 10:28:09.0578 0x0d94 [ 332AEB8F6F9595C8886A7AA7A62322DC, CC2F2856257D10B72558660161732EB5FB5D8CCD8AC78EFED8263895A2529CC9 ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe 10:28:09.0765 0x0d94 AVGIDSAgent - ok 10:28:09.0828 0x0d94 [ E2D441E3F58C04DD91286F38916CE102, C03F50CE5BDFCBC2B0DB062D6517ADE99DFF8EB65859CF6122DC95D3167E7C7E ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys 10:28:09.0843 0x0d94 AVGIDSDriver - ok 10:28:09.0875 0x0d94 [ 7E7E946C5620BD398BFCFA41E435545B, 0B2F496367F36BE20AD075DF0054E8DE083E690179F9C5C9ECF9B3677069D6CF ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys 10:28:09.0875 0x0d94 AVGIDSHX - ok 10:28:09.0921 0x0d94 [ C3828E5C49924969799ED8B1E123A267, 26713E308FC9BBDF28BD4E47234002D6928AAA234F73B2248BB2466EBA41747E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys 10:28:09.0921 0x0d94 AVGIDSShim - ok 10:28:09.0937 0x0d94 [ A997D4A7361F4870A4F13BA5BF36F388, 1DF529F4207081E154BC377154A02FD641C20EF8BDB913C232465519AAC48827 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 10:28:09.0937 0x0d94 Avgldx86 - ok 10:28:09.0968 0x0d94 [ 62C926243D7875BDE097904E4DE4FFAD, 32730FEB5133F51A62DEDB9528EDE5A8F9A3C8121753D09699C5EEB930E4E217 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys 10:28:09.0968 0x0d94 Avglogx - ok 10:28:10.0015 0x0d94 [ 02C25C2974F728391E33A2E45A23FFA4, B36A9601BF855ABAC4855023913A8D977567AD15EDCC3FFAB3028A9B6FE5D2CA ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 10:28:10.0015 0x0d94 Avgmfx86 - ok 10:28:10.0031 0x0d94 [ 9745AD34365318593909EDDEDAE66B9A, 16374BF9789053AA0124CB8437E1192442F44E46D14435BF80A049CD0D47F16A ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 10:28:10.0031 0x0d94 Avgrkx86 - ok 10:28:10.0062 0x0d94 [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys 10:28:10.0078 0x0d94 Avgtdix - ok 10:28:10.0125 0x0d94 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys 10:28:10.0125 0x0d94 avgtp - ok 10:28:10.0156 0x0d94 [ 07646F5F37F18F1F978CE3B0378EF1C9, 0BC440C3E8E617FA5D70D28413F091678E9FD4CF9F87CB8ED686609A0291D95B ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe 10:28:10.0171 0x0d94 avgwd - ok 10:28:10.0187 0x0d94 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys 10:28:10.0187 0x0d94 Beep - ok 10:28:10.0250 0x0d94 [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS C:\WINDOWS\system32\qmgr.dll 10:28:10.0281 0x0d94 BITS - ok 10:28:10.0328 0x0d94 [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser C:\WINDOWS\System32\browser.dll 10:28:10.0328 0x0d94 Browser - ok 10:28:10.0406 0x0d94 [ C1A0F4A39DEDE01EF42045F84F1738A0, 525FF79E6C417AA80C9AF779D85D864DF9E393BCABA054552499539249A13403 ] BT Help Wizard C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe 10:28:10.0421 0x0d94 BT Help Wizard - ok 10:28:10.0437 0x0d94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 10:28:10.0453 0x0d94 cbidf - ok 10:28:10.0453 0x0d94 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 10:28:10.0453 0x0d94 cbidf2k - ok 10:28:10.0468 0x0d94 [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 10:28:10.0468 0x0d94 cd20xrnt - ok 10:28:10.0484 0x0d94 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 10:28:10.0484 0x0d94 Cdaudio - ok 10:28:10.0515 0x0d94 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 10:28:10.0515 0x0d94 Cdfs - ok 10:28:10.0562 0x0d94 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:28:10.0562 0x0d94 Cdrom - ok 10:28:10.0578 0x0d94 Changer - ok 10:28:10.0593 0x0d94 [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc C:\WINDOWS\system32\cisvc.exe 10:28:10.0593 0x0d94 CiSvc - ok 10:28:10.0640 0x0d94 [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 10:28:10.0640 0x0d94 ClipSrv - ok 10:28:10.0687 0x0d94 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:28:10.0687 0x0d94 clr_optimization_v2.0.50727_32 - ok 10:28:10.0796 0x0d94 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:28:10.0812 0x0d94 clr_optimization_v4.0.30319_32 - ok 10:28:10.0812 0x0d94 [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys 10:28:10.0812 0x0d94 CmdIde - ok 10:28:10.0828 0x0d94 COMSysApp - ok 10:28:10.0843 0x0d94 [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys 10:28:10.0843 0x0d94 Cpqarray - ok 10:28:10.0875 0x0d94 [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 10:28:10.0875 0x0d94 CryptSvc - ok 10:28:10.0890 0x0d94 [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 10:28:10.0890 0x0d94 dac2w2k - ok 10:28:10.0906 0x0d94 [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys 10:28:10.0906 0x0d94 dac960nt - ok 10:28:10.0937 0x0d94 [ BB005CB49D0638039703AC4F67FE0A05, 1BDF034CCAF02FB88614485BBECB2C115646F8F892B6B722B8AAFBCE72E6F113 ] DC21x4 C:\WINDOWS\system32\DRIVERS\dc21x4.sys 10:28:10.0953 0x0d94 DC21x4 - ok 10:28:11.0000 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 10:28:11.0015 0x0d94 DcomLaunch - ok 10:28:11.0078 0x0d94 [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 10:28:11.0078 0x0d94 Dhcp - ok 10:28:11.0093 0x0d94 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 10:28:11.0093 0x0d94 Disk - ok 10:28:11.0109 0x0d94 dmadmin - ok 10:28:11.0187 0x0d94 [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 10:28:11.0218 0x0d94 dmboot - ok 10:28:11.0234 0x0d94 [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio C:\WINDOWS\system32\drivers\dmio.sys 10:28:11.0250 0x0d94 dmio - ok 10:28:11.0265 0x0d94 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys 10:28:11.0265 0x0d94 dmload - ok 10:28:11.0296 0x0d94 [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver C:\WINDOWS\System32\dmserver.dll 10:28:11.0296 0x0d94 dmserver - ok 10:28:11.0343 0x0d94 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 10:28:11.0343 0x0d94 DMusic - ok 10:28:11.0390 0x0d94 [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 10:28:11.0390 0x0d94 Dnscache - ok 10:28:11.0453 0x0d94 [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 10:28:11.0453 0x0d94 Dot3svc - ok 10:28:11.0468 0x0d94 [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys 10:28:11.0468 0x0d94 dpti2o - ok 10:28:11.0531 0x0d94 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 10:28:11.0531 0x0d94 drmkaud - ok 10:28:11.0593 0x0d94 [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost C:\WINDOWS\System32\eapsvc.dll 10:28:11.0593 0x0d94 EapHost - ok 10:28:11.0625 0x0d94 [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc C:\WINDOWS\System32\ersvc.dll 10:28:11.0625 0x0d94 ERSvc - ok 10:28:11.0656 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog C:\WINDOWS\system32\services.exe 10:28:11.0656 0x0d94 Eventlog - ok 10:28:11.0734 0x0d94 [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem C:\WINDOWS\system32\es.dll 10:28:11.0734 0x0d94 EventSystem - ok 10:28:11.0750 0x0d94 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 10:28:11.0765 0x0d94 Fastfat - ok 10:28:11.0828 0x0d94 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 10:28:11.0828 0x0d94 FastUserSwitchingCompatibility - ok 10:28:11.0875 0x0d94 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 10:28:11.0875 0x0d94 Fdc - ok 10:28:11.0890 0x0d94 [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips C:\WINDOWS\system32\drivers\Fips.sys 10:28:11.0890 0x0d94 Fips - ok 10:28:11.0921 0x0d94 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 10:28:11.0921 0x0d94 Flpydisk - ok 10:28:11.0968 0x0d94 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 10:28:11.0968 0x0d94 FltMgr - ok 10:28:12.0062 0x0d94 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 10:28:12.0062 0x0d94 FontCache3.0.0.0 - ok 10:28:12.0109 0x0d94 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:28:12.0109 0x0d94 Fs_Rec - ok 10:28:12.0156 0x0d94 [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:28:12.0156 0x0d94 Ftdisk - ok 10:28:12.0203 0x0d94 [ 4AC51459805264AFFD5F6FDFB9D9235F, E97CB835B85F74FC0814D5E27739E0AABC888EAC3921FDD2AD0473F83BCFF5D9 ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 10:28:12.0203 0x0d94 GEARAspiWDM - ok 10:28:12.0265 0x0d94 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:28:12.0265 0x0d94 Gpc - ok 10:28:12.0359 0x0d94 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 10:28:12.0359 0x0d94 gupdate - ok 10:28:12.0390 0x0d94 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 10:28:12.0390 0x0d94 gupdatem - ok 10:28:12.0484 0x0d94 [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 10:28:12.0484 0x0d94 helpsvc - ok 10:28:12.0531 0x0d94 [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ C:\WINDOWS\System32\hidserv.dll 10:28:12.0531 0x0d94 HidServ - ok 10:28:12.0593 0x0d94 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 10:28:12.0593 0x0d94 HidUsb - ok 10:28:12.0656 0x0d94 [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 10:28:12.0656 0x0d94 hkmsvc - ok 10:28:12.0671 0x0d94 [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys 10:28:12.0671 0x0d94 hpn - ok 10:28:12.0718 0x0d94 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 10:28:12.0734 0x0d94 HTTP - ok 10:28:12.0765 0x0d94 [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 10:28:12.0765 0x0d94 HTTPFilter - ok 10:28:12.0796 0x0d94 [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys 10:28:12.0796 0x0d94 i2omgmt - ok 10:28:12.0812 0x0d94 [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys 10:28:12.0812 0x0d94 i2omp - ok 10:28:12.0843 0x0d94 [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:28:12.0843 0x0d94 i8042prt - ok 10:28:12.0937 0x0d94 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 10:28:12.0953 0x0d94 IDriverT - ok 10:28:13.0046 0x0d94 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:28:13.0093 0x0d94 idsvc - ok 10:28:13.0109 0x0d94 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 10:28:13.0109 0x0d94 Imapi - ok 10:28:13.0156 0x0d94 [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService C:\WINDOWS\system32\imapi.exe 10:28:13.0171 0x0d94 ImapiService - ok 10:28:13.0218 0x0d94 [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys 10:28:13.0218 0x0d94 ini910u - ok 10:28:13.0234 0x0d94 [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 10:28:13.0234 0x0d94 IntelIde - ok 10:28:13.0281 0x0d94 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 10:28:13.0281 0x0d94 Ip6Fw - ok 10:28:13.0296 0x0d94 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:28:13.0296 0x0d94 IpFilterDriver - ok 10:28:13.0312 0x0d94 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:28:13.0312 0x0d94 IpInIp - ok 10:28:13.0359 0x0d94 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:28:13.0359 0x0d94 IpNat - ok 10:28:13.0437 0x0d94 [ B960FA3B5A10588DC00BBECB662A9397, 2CD1D055F403971FF202D4AE5A02E91EEFCED203A5CA4252A8F34BC4BD86FB32 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 10:28:13.0453 0x0d94 iPod Service - ok 10:28:13.0500 0x0d94 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:28:13.0515 0x0d94 IPSec - ok 10:28:13.0531 0x0d94 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 10:28:13.0531 0x0d94 IRENUM - ok 10:28:13.0546 0x0d94 [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:28:13.0546 0x0d94 isapnp - ok 10:28:13.0609 0x0d94 [ C2C1660DDCC9BD67EB98D6D5F91C107F, 42061FF740DD549513117857CF504AE227944AF4C14143273B4C8CBFBB7A6E27 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 10:28:13.0609 0x0d94 JavaQuickStarterService - ok 10:28:13.0656 0x0d94 [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:28:13.0656 0x0d94 Kbdclass - ok 10:28:13.0703 0x0d94 [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:28:13.0703 0x0d94 kbdhid - ok 10:28:13.0765 0x0d94 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 10:28:13.0781 0x0d94 kmixer - ok 10:28:13.0812 0x0d94 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 10:28:13.0812 0x0d94 KSecDD - ok 10:28:13.0859 0x0d94 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 10:28:13.0859 0x0d94 lanmanserver - ok 10:28:13.0921 0x0d94 [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 10:28:13.0937 0x0d94 lanmanworkstation - ok 10:28:13.0937 0x0d94 lbrtfdc - ok 10:28:14.0000 0x0d94 [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 10:28:14.0015 0x0d94 LmHosts - ok 10:28:14.0046 0x0d94 [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger C:\WINDOWS\System32\msgsvc.dll 10:28:14.0046 0x0d94 Messenger - ok 10:28:14.0062 0x0d94 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 10:28:14.0062 0x0d94 mnmdd - ok 10:28:14.0109 0x0d94 [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 10:28:14.0109 0x0d94 mnmsrvc - ok 10:28:14.0156 0x0d94 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem C:\WINDOWS\system32\drivers\Modem.sys 10:28:14.0156 0x0d94 Modem - ok 10:28:14.0203 0x0d94 [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys 10:28:14.0203 0x0d94 MODEMCSA - ok 10:28:14.0218 0x0d94 [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:28:14.0218 0x0d94 Mouclass - ok 10:28:14.0250 0x0d94 [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 10:28:14.0250 0x0d94 mouhid - ok 10:28:14.0281 0x0d94 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 10:28:14.0281 0x0d94 MountMgr - ok 10:28:14.0312 0x0d94 [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys 10:28:14.0312 0x0d94 mraid35x - ok 10:28:14.0375 0x0d94 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 10:28:14.0375 0x0d94 MREMP50 - ok 10:28:14.0390 0x0d94 MREMP50a64 - ok 10:28:14.0406 0x0d94 MREMPR5 - ok 10:28:14.0406 0x0d94 MRENDIS5 - ok 10:28:14.0421 0x0d94 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 10:28:14.0421 0x0d94 MRESP50 - ok 10:28:14.0437 0x0d94 MRESP50a64 - ok 10:28:14.0468 0x0d94 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:28:14.0484 0x0d94 MRxDAV - ok 10:28:14.0546 0x0d94 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:28:14.0578 0x0d94 MRxSmb - ok 10:28:14.0593 0x0d94 [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC C:\WINDOWS\system32\msdtc.exe 10:28:14.0593 0x0d94 MSDTC - ok 10:28:14.0609 0x0d94 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 10:28:14.0609 0x0d94 Msfs - ok 10:28:14.0625 0x0d94 MSIServer - ok 10:28:14.0640 0x0d94 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:28:14.0640 0x0d94 MSKSSRV - ok 10:28:14.0671 0x0d94 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:28:14.0671 0x0d94 MSPCLOCK - ok 10:28:14.0687 0x0d94 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 10:28:14.0687 0x0d94 MSPQM - ok 10:28:14.0734 0x0d94 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:28:14.0734 0x0d94 mssmbios - ok 10:28:14.0781 0x0d94 [ 1216D4313E1860DA4BC449AE3CA2DEC5, 12C53E9A3F8956457DF5D1B9940B1B7370E9A61C4AF1C37DAE1FC6CE7FB0159B ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys 10:28:14.0796 0x0d94 Mtlmnt5 - ok 10:28:14.0875 0x0d94 [ 130992C33BC9161B17211793DAFC95BE, DDEA0EF00741F93BB0B9306CA589C1930FF1121215E5F2360EF83112F2B29213 ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys 10:28:14.0937 0x0d94 Mtlstrm - ok 10:28:14.0968 0x0d94 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 10:28:14.0968 0x0d94 Mup - ok 10:28:15.0046 0x0d94 [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent C:\WINDOWS\System32\qagentrt.dll 10:28:15.0062 0x0d94 napagent - ok 10:28:15.0078 0x0d94 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 10:28:15.0093 0x0d94 NDIS - ok 10:28:15.0140 0x0d94 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:28:15.0140 0x0d94 NdisTapi - ok 10:28:15.0156 0x0d94 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:28:15.0156 0x0d94 Ndisuio - ok 10:28:15.0171 0x0d94 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:28:15.0171 0x0d94 NdisWan - ok 10:28:15.0203 0x0d94 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 10:28:15.0218 0x0d94 NDProxy - ok 10:28:15.0218 0x0d94 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 10:28:15.0218 0x0d94 NetBIOS - ok 10:28:15.0265 0x0d94 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 10:28:15.0281 0x0d94 NetBT - ok 10:28:15.0328 0x0d94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE C:\WINDOWS\system32\netdde.exe 10:28:15.0343 0x0d94 NetDDE - ok 10:28:15.0343 0x0d94 [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 10:28:15.0359 0x0d94 NetDDEdsdm - ok 10:28:15.0406 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon C:\WINDOWS\system32\lsass.exe 10:28:15.0406 0x0d94 Netlogon - ok 10:28:15.0453 0x0d94 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman C:\WINDOWS\System32\netman.dll 10:28:15.0468 0x0d94 Netman - ok 10:28:15.0531 0x0d94 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:28:15.0546 0x0d94 NetTcpPortSharing - ok 10:28:15.0578 0x0d94 [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:28:15.0578 0x0d94 NIC1394 - ok 10:28:15.0625 0x0d94 [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla C:\WINDOWS\System32\mswsock.dll 10:28:15.0640 0x0d94 Nla - ok 10:28:15.0671 0x0d94 [ F6C40E0A565EE3CE5AEEB325E10054F2, 30C8BA41B1C235ECB2C7F29CD76C8F41B8D705BE7DD44F66666C28275EA56BAC ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys 10:28:15.0671 0x0d94 nmwcd - ok 10:28:15.0687 0x0d94 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B, 879BE61C4256C9B855AA269C241A0D24E9ECE3CA0F3AFFB2E11D9340C0428D31 ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys 10:28:15.0687 0x0d94 nmwcdc - ok 10:28:15.0734 0x0d94 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 10:28:15.0734 0x0d94 Npfs - ok 10:28:15.0796 0x0d94 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 10:28:15.0828 0x0d94 Ntfs - ok 10:28:15.0843 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 10:28:15.0843 0x0d94 NtLmSsp - ok 10:28:15.0906 0x0d94 [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 10:28:15.0921 0x0d94 NtmsSvc - ok 10:28:15.0968 0x0d94 [ 1B073810EE2270CAC9E532D1BCD826CF, 63B69C24A21651914AB2A29C096B3819C7342E385C06B29CB3D4D2C0EDE74BEB ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys 10:28:15.0984 0x0d94 NtMtlFax - ok 10:28:16.0015 0x0d94 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys 10:28:16.0015 0x0d94 Null - ok 10:28:16.0125 0x0d94 [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:28:16.0203 0x0d94 nv - ok 10:28:16.0234 0x0d94 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:28:16.0234 0x0d94 NwlnkFlt - ok 10:28:16.0250 0x0d94 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:28:16.0250 0x0d94 NwlnkFwd - ok 10:28:16.0265 0x0d94 [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:28:16.0265 0x0d94 ohci1394 - ok 10:28:16.0343 0x0d94 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:28:16.0343 0x0d94 ose - ok 10:28:16.0375 0x0d94 [ C90018BAFDC7098619A4A95B046B30F3, 1826E46F237AD65BA189B83803A46A6C2B29089C1BA146106ADD9F2B04D4A89D ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys 10:28:16.0375 0x0d94 P3 - ok 10:28:16.0390 0x0d94 [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 10:28:16.0406 0x0d94 Parport - ok 10:28:16.0406 0x0d94 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 10:28:16.0406 0x0d94 PartMgr - ok 10:28:16.0437 0x0d94 [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 10:28:16.0437 0x0d94 ParVdm - ok 10:28:16.0500 0x0d94 [ ACFF877F5C17B9360919919F10DD6072, C85CAC263038DBCAF86E5709378D92FDD122A33025DA2FDE4016409D2BF758B0 ] pcCMService C:\Program Files\Common Files\Motive\pcCMService.exe 10:28:16.0546 0x0d94 pcCMService - ok 10:28:16.0593 0x0d94 [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 10:28:16.0593 0x0d94 pccsmcfd - ok 10:28:16.0609 0x0d94 [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 10:28:16.0609 0x0d94 PCI - ok 10:28:16.0625 0x0d94 PCIDump - ok 10:28:16.0640 0x0d94 [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 10:28:16.0640 0x0d94 PCIIde - ok 10:28:16.0671 0x0d94 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 10:28:16.0671 0x0d94 Pcmcia - ok 10:28:16.0687 0x0d94 PDCOMP - ok 10:28:16.0687 0x0d94 PDFRAME - ok 10:28:16.0703 0x0d94 PDRELI - ok 10:28:16.0703 0x0d94 PDRFRAME - ok 10:28:16.0734 0x0d94 [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys 10:28:16.0734 0x0d94 perc2 - ok 10:28:16.0750 0x0d94 [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys 10:28:16.0750 0x0d94 perc2hib - ok 10:28:16.0796 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay C:\WINDOWS\system32\services.exe 10:28:16.0796 0x0d94 PlugPlay - ok 10:28:16.0843 0x0d94 [ 7E6EE233B06A921F44E98720990F1F75, 935F015543FD136B006D345071C8332C78CB0C7427E2F3C3E822E8C8BA407D59 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys 10:28:16.0843 0x0d94 Point32 - ok 10:28:16.0859 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 10:28:16.0859 0x0d94 PolicyAgent - ok 10:28:16.0906 0x0d94 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:28:16.0906 0x0d94 PptpMiniport - ok 10:28:16.0968 0x0d94 [ 33D7285F12D934268A34206DFC4AD1B3, 2BC473E85BFB428602FC7091690DEC9CCE1E00C0904C24BC756FC145660F2387 ] PrismXL C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS 10:28:16.0984 0x0d94 PrismXL - ok 10:28:17.0000 0x0d94 [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 10:28:17.0000 0x0d94 Processor - ok 10:28:17.0015 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 10:28:17.0015 0x0d94 ProtectedStorage - ok 10:28:17.0031 0x0d94 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 10:28:17.0031 0x0d94 PSched - ok 10:28:17.0046 0x0d94 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:28:17.0046 0x0d94 Ptilink - ok 10:28:17.0078 0x0d94 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 10:28:17.0078 0x0d94 PxHelp20 - ok 10:28:17.0093 0x0d94 [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys 10:28:17.0093 0x0d94 ql1080 - ok 10:28:17.0109 0x0d94 [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 10:28:17.0109 0x0d94 Ql10wnt - ok 10:28:17.0125 0x0d94 [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys 10:28:17.0125 0x0d94 ql12160 - ok 10:28:17.0156 0x0d94 [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys 10:28:17.0156 0x0d94 ql1240 - ok 10:28:17.0187 0x0d94 [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys 10:28:17.0203 0x0d94 ql1280 - ok 10:28:17.0312 0x0d94 [ B5909D985716A9CD8B75C12D6581426D, C8FF9936C77A840A9E3AB5D7393C4F142BA7DD3B542228B2A0DB85B732A4BFFB ] RapportCerberus_56758 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys 10:28:17.0343 0x0d94 RapportCerberus_56758 - ok 10:28:17.0437 0x0d94 [ A0F0C41EE3F367CF71B9A50388E77CFA, 7B08B0A725C26EFE4351707704775474B41FD2BC59F0BAC36ADFA0CC2D336C4A ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 10:28:17.0453 0x0d94 RapportEI - ok 10:28:17.0468 0x0d94 [ 7E2C84E45379406B74117D86C40048DA, A359953A2C1E7C5DEEF8E8D5082425C04064661B5D37ADAE6A3FD5CCDC4D3E5C ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys 10:28:17.0468 0x0d94 RapportKELL - ok 10:28:17.0546 0x0d94 [ 96759B4647AC26E2FA9F8D256700B5DC, 6E8C0B42D2F0D0AAF4F3013AE25357D23EF796AEDA8DCD71C19113165168C1EF ] RapportMgmtService C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 10:28:17.0640 0x0d94 RapportMgmtService - ok 10:28:17.0687 0x0d94 [ 21FD14972C7E0DE6966463F823F97881, F5C863E711B54B0EDD26E907495A793077D980AA16F824AB9B4B74060C544ACF ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 10:28:17.0687 0x0d94 RapportPG - ok 10:28:17.0703 0x0d94 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:28:17.0703 0x0d94 RasAcd - ok 10:28:17.0750 0x0d94 [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto C:\WINDOWS\System32\rasauto.dll 10:28:17.0750 0x0d94 RasAuto - ok 10:28:17.0781 0x0d94 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:28:17.0796 0x0d94 Rasl2tp - ok 10:28:17.0843 0x0d94 [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan C:\WINDOWS\System32\rasmans.dll 10:28:17.0859 0x0d94 RasMan - ok 10:28:17.0875 0x0d94 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:28:17.0875 0x0d94 RasPppoe - ok 10:28:17.0890 0x0d94 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 10:28:17.0890 0x0d94 Raspti - ok 10:28:17.0906 0x0d94 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:28:17.0921 0x0d94 Rdbss - ok 10:28:17.0937 0x0d94 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:28:17.0937 0x0d94 RDPCDD - ok 10:28:17.0968 0x0d94 [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:28:18.0000 0x0d94 rdpdr - ok 10:28:18.0031 0x0d94 [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 10:28:18.0031 0x0d94 RDPWD - ok 10:28:18.0078 0x0d94 [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 10:28:18.0093 0x0d94 RDSessMgr - ok 10:28:18.0187 0x0d94 [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe 10:28:18.0187 0x0d94 RealNetworks Downloader Resolver Service - ok 10:28:18.0218 0x0d94 [ 822BF566B72CAE7CA1D93B69BD706075, ADCB5EE2DEF78C5DC73E29F495121D872E653A4FEBED5302E2269FD7890E1A77 ] RecAgent C:\WINDOWS\system32\DRIVERS\RecAgent.sys 10:28:18.0218 0x0d94 RecAgent - ok 10:28:18.0234 0x0d94 [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 10:28:18.0234 0x0d94 redbook - ok 10:28:18.0296 0x0d94 [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 10:28:18.0296 0x0d94 RemoteAccess - ok 10:28:18.0312 0x0d94 [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator C:\WINDOWS\system32\locator.exe 10:28:18.0328 0x0d94 RpcLocator - ok 10:28:18.0359 0x0d94 [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs C:\WINDOWS\system32\rpcss.dll 10:28:18.0375 0x0d94 RpcSs - ok 10:28:18.0406 0x0d94 [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP C:\WINDOWS\system32\rsvp.exe 10:28:18.0406 0x0d94 RSVP - ok 10:28:18.0437 0x0d94 [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 10:28:18.0437 0x0d94 rtl8139 - ok 10:28:18.0453 0x0d94 [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs C:\WINDOWS\system32\lsass.exe 10:28:18.0453 0x0d94 SamSs - ok 10:28:18.0468 0x0d94 [ B244960E5A1DB8E9D5D17086DE37C1E4, E0E2984DEA1BD4C321C0491C431CD3C05673A67DCD385843559A06FE2146C876 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys 10:28:18.0468 0x0d94 sbp2port - ok 10:28:18.0484 0x0d94 [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 10:28:18.0500 0x0d94 SCardSvr - ok 10:28:18.0562 0x0d94 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule C:\WINDOWS\system32\schedsvc.dll 10:28:18.0578 0x0d94 Schedule - ok 10:28:18.0625 0x0d94 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:28:18.0625 0x0d94 Secdrv - ok 10:28:18.0671 0x0d94 [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon C:\WINDOWS\System32\seclogon.dll 10:28:18.0671 0x0d94 seclogon - ok 10:28:18.0718 0x0d94 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS C:\WINDOWS\system32\sens.dll 10:28:18.0718 0x0d94 SENS - ok 10:28:18.0765 0x0d94 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 10:28:18.0765 0x0d94 Serenum - ok 10:28:18.0812 0x0d94 [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 10:28:18.0812 0x0d94 Serial - ok 10:28:18.0921 0x0d94 [ F31E9531AF225CA25350D5E87E999B31, 69BA311E15C9E819AFD8150344498B549B0C47B332EF26346A24B89B6E7C3A44 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 10:28:18.0953 0x0d94 ServiceLayer - ok 10:28:19.0000 0x0d94 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 10:28:19.0000 0x0d94 Sfloppy - ok 10:28:19.0062 0x0d94 [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 10:28:19.0078 0x0d94 SharedAccess - ok 10:28:19.0109 0x0d94 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 10:28:19.0109 0x0d94 ShellHWDetection - ok 10:28:19.0125 0x0d94 Simbad - ok 10:28:19.0171 0x0d94 [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys 10:28:19.0171 0x0d94 sisagp - ok 10:28:19.0421 0x0d94 [ 73E3B5D1F1EB5FDC51A5C3437EEE3348, AE4059D62AF5AC6F6174EE39CEA5B4DFBD7B91DDAD7D6BC4E38173221EAAE7AC ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe 10:28:19.0562 0x0d94 Skype C2C Service - ok 10:28:19.0656 0x0d94 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 10:28:19.0671 0x0d94 SkypeUpdate - ok 10:28:19.0750 0x0d94 [ 6F09397BEB4CC95A2466E8780F2D4587, A141DB7667C649985996CEC00059671DA3B2A2A8E2BD89257866B4F6064CBF1E ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys 10:28:19.0781 0x0d94 Slntamr - ok 10:28:19.0812 0x0d94 [ DAA2B185B94D955FD8EBBF163418B7A7, F1329CB0431ED45FF1486B4CC31D582A9B1C9D1C001D03AC000E97AC50167B0A ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys 10:28:19.0812 0x0d94 SlNtHal - ok 10:28:19.0828 0x0d94 SLService - ok 10:28:19.0828 0x0d94 [ 97D37E0AF55256BF7307805654DFD472, B299E8A56DB3AF0847348A6938BF2327BE92DE8C480F19FEAD3862DF356516F8 ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys 10:28:19.0843 0x0d94 SlWdmSup - ok 10:28:19.0859 0x0d94 [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys 10:28:19.0875 0x0d94 Sparrow - ok 10:28:19.0890 0x0d94 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys 10:28:19.0890 0x0d94 splitter - ok 10:28:19.0953 0x0d94 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe 10:28:19.0953 0x0d94 Spooler - ok 10:28:19.0968 0x0d94 [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 10:28:19.0968 0x0d94 sr - ok 10:28:20.0031 0x0d94 [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice C:\WINDOWS\system32\srsvc.dll 10:28:20.0062 0x0d94 srservice - ok 10:28:20.0125 0x0d94 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 10:28:20.0156 0x0d94 Srv - ok 10:28:20.0187 0x0d94 [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 10:28:20.0187 0x0d94 SSDPSRV - ok 10:28:20.0234 0x0d94 [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc C:\WINDOWS\system32\wiaservc.dll 10:28:20.0265 0x0d94 stisvc - ok 10:28:20.0312 0x0d94 [ 86CA1A5C15A5A98D5533945FB1120B05, FFAA8F42D88A69B6893343A61DE5F34AAA04400BF9EAC7A2A6469D001FD9C0DC ] SunkFilt C:\WINDOWS\System32\Drivers\sunkfilt.sys 10:28:20.0328 0x0d94 SunkFilt - ok 10:28:20.0328 0x0d94 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 10:28:20.0343 0x0d94 swenum - ok 10:28:20.0359 0x0d94 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 10:28:20.0359 0x0d94 swmidi - ok 10:28:20.0375 0x0d94 SwPrv - ok 10:28:20.0390 0x0d94 [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys 10:28:20.0390 0x0d94 symc810 - ok 10:28:20.0406 0x0d94 [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys 10:28:20.0406 0x0d94 symc8xx - ok 10:28:20.0406 0x0d94 [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys 10:28:20.0421 0x0d94 sym_hi - ok 10:28:20.0421 0x0d94 [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys 10:28:20.0437 0x0d94 sym_u3 - ok 10:28:20.0453 0x0d94 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 10:28:20.0453 0x0d94 sysaudio - ok 10:28:20.0484 0x0d94 [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 10:28:20.0484 0x0d94 SysmonLog - ok 10:28:20.0546 0x0d94 [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 10:28:20.0562 0x0d94 TapiSrv - ok 10:28:20.0625 0x0d94 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:28:20.0671 0x0d94 Tcpip - ok 10:28:20.0703 0x0d94 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 10:28:20.0703 0x0d94 TDPIPE - ok 10:28:20.0718 0x0d94 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 10:28:20.0718 0x0d94 TDTCP - ok 10:28:20.0750 0x0d94 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 10:28:20.0750 0x0d94 TermDD - ok 10:28:20.0812 0x0d94 [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService C:\WINDOWS\System32\termsrv.dll 10:28:20.0828 0x0d94 TermService - ok 10:28:20.0875 0x0d94 [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes C:\WINDOWS\System32\shsvcs.dll 10:28:20.0875 0x0d94 Themes - ok 10:28:20.0921 0x0d94 [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys 10:28:20.0921 0x0d94 TosIde - ok 10:28:20.0953 0x0d94 [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks C:\WINDOWS\system32\trkwks.dll 10:28:20.0953 0x0d94 TrkWks - ok 10:28:21.0000 0x0d94 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 10:28:21.0000 0x0d94 Udfs - ok 10:28:21.0046 0x0d94 [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys 10:28:21.0046 0x0d94 ultra - ok 10:28:21.0125 0x0d94 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 10:28:21.0140 0x0d94 Update - ok 10:28:21.0187 0x0d94 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost C:\WINDOWS\System32\upnphost.dll 10:28:21.0218 0x0d94 upnphost - ok 10:28:21.0250 0x0d94 [ 47F5F9D837D80FFD5882A14DB9DA0A67, 3B32E69B77E21CF98ED6E97B231B9633BE39D74328152EDFA7656FB16E3FF93A ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 10:28:21.0250 0x0d94 upperdev - ok 10:28:21.0265 0x0d94 [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS C:\WINDOWS\System32\ups.exe 10:28:21.0265 0x0d94 UPS - ok 10:28:21.0312 0x0d94 [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 10:28:21.0312 0x0d94 usbccgp - ok 10:28:21.0328 0x0d94 [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:28:21.0328 0x0d94 usbehci - ok 10:28:21.0359 0x0d94 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:28:21.0359 0x0d94 usbhub - ok 10:28:21.0406 0x0d94 [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:28:21.0406 0x0d94 usbohci - ok 10:28:21.0437 0x0d94 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 10:28:21.0437 0x0d94 usbprint - ok 10:28:21.0468 0x0d94 [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 10:28:21.0468 0x0d94 usbscan - ok 10:28:21.0500 0x0d94 [ 84C44D720655A8AA475E57A9E764D675, 2D450199338A217FBD951317812A74223E8B477974C7634667E8896316C3FEA0 ] usbser C:\WINDOWS\system32\drivers\usbser.sys 10:28:21.0500 0x0d94 usbser - ok 10:28:21.0531 0x0d94 [ E44F0D17BE0908B58DCC99CCB99C6C32, 6C5E62A688CD3A299FBE2C8CD87F2A860340CDE4616348D83C6FB3DDB561E6C9 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 10:28:21.0531 0x0d94 UsbserFilt - ok 10:28:21.0531 0x0d94 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:28:21.0546 0x0d94 USBSTOR - ok 10:28:21.0562 0x0d94 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:28:21.0562 0x0d94 usbuhci - ok 10:28:21.0593 0x0d94 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 10:28:21.0593 0x0d94 VgaSave - ok 10:28:21.0625 0x0d94 [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys 10:28:21.0625 0x0d94 viaagp - ok 10:28:21.0640 0x0d94 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys 10:28:21.0640 0x0d94 ViaIde - ok 10:28:21.0656 0x0d94 [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 10:28:21.0656 0x0d94 VolSnap - ok 10:28:21.0687 0x0d94 [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS C:\WINDOWS\System32\vssvc.exe 10:28:21.0703 0x0d94 VSS - ok 10:28:21.0875 0x0d94 [ D6BFF86F1946B0E473BAE244FB1BB07F, 999FAD22E6238DA418F1D489CC5FB5815EA879156AD5FF7280C664468B443B8F ] vToolbarUpdater17.1.2 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe 10:28:21.0953 0x0d94 vToolbarUpdater17.1.2 - ok 10:28:22.0000 0x0d94 [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time C:\WINDOWS\system32\w32time.dll 10:28:22.0015 0x0d94 W32Time - ok 10:28:22.0031 0x0d94 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:28:22.0046 0x0d94 Wanarp - ok 10:28:22.0046 0x0d94 wanatw - ok 10:28:22.0109 0x0d94 [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys 10:28:22.0156 0x0d94 Wdf01000 - ok 10:28:22.0156 0x0d94 WDICA - ok 10:28:22.0187 0x0d94 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 10:28:22.0203 0x0d94 wdmaud - ok 10:28:22.0203 0x0d94 [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient C:\WINDOWS\System32\webclnt.dll 10:28:22.0218 0x0d94 WebClient - ok 10:28:22.0296 0x0d94 [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 10:28:22.0296 0x0d94 winmgmt - ok 10:28:22.0343 0x0d94 [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 10:28:22.0343 0x0d94 WmdmPmSN - ok 10:28:22.0375 0x0d94 [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 10:28:22.0375 0x0d94 WmiApSrv - ok 10:28:22.0484 0x0d94 [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 10:28:22.0515 0x0d94 WMPNetworkSvc - ok 10:28:22.0562 0x0d94 [ C60DC16D4E406810FAD54B98DC92D5EC, 43E7DF323BBD7C889CAD078176E239319A40EE4BEBC7BD753012B94CF5E48551 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 10:28:22.0562 0x0d94 WpdUsb - ok 10:28:22.0656 0x0d94 [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 10:28:22.0718 0x0d94 WPFFontCache_v0400 - ok 10:28:22.0781 0x0d94 [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc C:\WINDOWS\system32\wscsvc.dll 10:28:22.0781 0x0d94 wscsvc - ok 10:28:22.0796 0x0d94 WSearch - ok 10:28:22.0828 0x0d94 [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv C:\WINDOWS\system32\wuauserv.dll 10:28:22.0828 0x0d94 wuauserv - ok 10:28:22.0890 0x0d94 [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:28:22.0937 0x0d94 WudfPf - ok 10:28:22.0968 0x0d94 [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:28:22.0984 0x0d94 WudfRd - ok 10:28:23.0015 0x0d94 [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 10:28:23.0015 0x0d94 WudfSvc - ok 10:28:23.0078 0x0d94 [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 10:28:23.0109 0x0d94 WZCSVC - ok 10:28:23.0140 0x0d94 [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov C:\WINDOWS\System32\xmlprov.dll 10:28:23.0156 0x0d94 xmlprov - ok 10:28:23.0171 0x0d94 ================ Scan global =============================== 10:28:23.0203 0x0d94 [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll 10:28:23.0265 0x0d94 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll 10:28:23.0359 0x0d94 [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll 10:28:23.0390 0x0d94 [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe 10:28:23.0390 0x0d94 [ Global ] - ok 10:28:23.0390 0x0d94 ================ Scan MBR ================================== 10:28:23.0421 0x0d94 [ B20939CD98B7710036274839082AE757 ] \Device\Harddisk0\DR0 10:28:23.0609 0x0d94 \Device\Harddisk0\DR0 - ok 10:28:23.0609 0x0d94 [ 6856AA672EB3A2A11A48911FF64A9C05 ] \Device\Harddisk1\DR1 10:28:23.0656 0x0d94 \Device\Harddisk1\DR1 - ok 10:28:23.0656 0x0d94 ================ Scan VBR ================================== 10:28:23.0656 0x0d94 [ 61EF4A9559B612754C8F6B25BBF8CEF9 ] \Device\Harddisk0\DR0\Partition1 10:28:23.0671 0x0d94 \Device\Harddisk0\DR0\Partition1 - ok 10:28:23.0671 0x0d94 [ DE6E875276C74825CB7D7AF5750E8460 ] \Device\Harddisk0\DR0\Partition2 10:28:23.0671 0x0d94 \Device\Harddisk0\DR0\Partition2 - ok 10:28:23.0671 0x0d94 Waiting for KSN requests completion. In queue: 254 10:28:24.0671 0x0d94 Waiting for KSN requests completion. In queue: 254 10:28:25.0671 0x0d94 Waiting for KSN requests completion. In queue: 254 10:28:26.0703 0x0d94 AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated 10:28:26.0703 0x0d94 Win FW state via NFM: enabled 10:28:29.0125 0x0d94 ============================================================ 10:28:29.0125 0x0d94 Scan finished 10:28:29.0125 0x0d94 ============================================================ 10:28:29.0125 0x0a40 Detected object count: 0 10:28:29.0125 0x0a40 Actual detected object count: 0

I received a msg from Malwarebytes.org today. "Being that you are possibly infected. Feel free to follow the instructions below to receive free one on one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware." As requested, I followed Option 1 & completed the scan DDS.txt & Attach.txt. Files are copied as attachments.. My system is Windows XP 32 bit. The PUM infection came up as a result of a quick scan by Malwarebytes Anti Malware on Wed 20 Nov. The report showed the following: PUM.HiJack.Start Menu. HKCU\Software\Microsoft\Windows\Current Version\Explorer\AdvancedStart_ShowSearch At startup my pc is very slow, takes almost 20 to 30 mins before I can activate anything with the mouse. When the mouse hovers over the task bar only, the egg timer displays and I can't actively do anything to shut it down. When using IE8 I get kicked off, the pc shutsdown and restarts itself. This happened once yesterday. I have had conflicting reports on how to deal with this, please does anyone have a definitive way to get my pc back to speed. dds.txt attach.txt