pum.hijack. startmenu

[plugandplay]

Hi,

I was infected by pum.hijack. startmenu but removed it through your free scan & removal tool; however, I have problems starting up and they have gradually got worse. Sometimes, it can take hours to boot up, as though it is stuck in a loop - for example: I can hear the CD drive keep trying to start but constantly 'clicking'.

Please advise on what I should do next; I know this appears to be a recurring theme on your forums but not sure if each incident is a unique case for resolution, depending on how it is affected?

I have a HP 6735s laptop, running Windows XP, I had it downgraded from Vista when I bought it.

Cheers.

[D-FRED-BROWN]

Hello plugandplay and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[plugandplay]

Hi DFB,

Thanks for your prompt reply; I will begin the process first thing tomorrow & reply with the relevant info as each step is completed.

[D-FRED-BROWN]

Sounds good.

[plugandplay]

Hi,

I have run TDSSKiller.exe and it found 1 threat, as below:

~~~~~~~~~~~~~~~~

Locked File

Service: safeboot

Suspicious object, medium risk

~~~~~~~~~~~~~~~~~~~~~~

The Cure option was not available, so chose Skip, as instructed.

Log below:

~~~~~~~~~~~~~~~~~~~

12:30:10.0203 11700 TDSS rootkit removing tool 2.8.16.0 Mar 21 2013 15:53:02

12:30:10.0218 11700 ============================================================

12:30:10.0218 11700 Current date / time: 2013/05/26 12:30:10.0218

12:30:10.0218 11700 SystemInfo:

12:30:10.0218 11700

12:30:10.0218 11700 OS Version: 5.1.2600 ServicePack: 3.0

12:30:10.0218 11700 Product type: Workstation

12:30:10.0218 11700 ComputerName: LAPTOP

12:30:10.0218 11700 UserName: Paul

12:30:10.0218 11700 Windows directory: C:\WINDOWS

12:30:10.0218 11700 System windows directory: C:\WINDOWS

12:30:10.0218 11700 Processor architecture: Intel x86

12:30:10.0218 11700 Number of processors: 2

12:30:10.0218 11700 Page size: 0x1000

12:30:10.0218 11700 Boot type: Normal boot

12:30:10.0218 11700 ============================================================

12:30:13.0437 11700 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

12:30:13.0531 11700 ============================================================

12:30:13.0531 11700 \Device\Harddisk0\DR0:

12:30:13.0531 11700 MBR partitions:

12:30:13.0531 11700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12812EFE

12:30:13.0531 11700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x12816DFE, BlocksNum 0x201CC3

12:30:13.0531 11700 ============================================================

12:30:13.0562 11700 C: <-> \Device\Harddisk0\DR0\Partition1

12:30:13.0578 11700 D: <-> \Device\Harddisk0\DR0\Partition2

12:30:13.0578 11700 ============================================================

12:30:13.0578 11700 Initialize success

12:30:13.0578 11700 ============================================================

12:30:21.0609 12192 ============================================================

12:30:21.0609 12192 Scan started

12:30:21.0609 12192 Mode: Manual;

12:30:21.0609 12192 ============================================================

12:30:22.0625 12192 ================ Scan system memory ========================

12:30:22.0625 12192 System memory - ok

12:30:22.0625 12192 ================ Scan services =============================

12:30:22.0781 12192 Abiosdsk - ok

12:30:22.0796 12192 abp480n5 - ok

12:30:22.0828 12192 [ A0BAABB7D3549460E3F8C5AD6F778683 ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys

12:30:22.0875 12192 Accelerometer - ok

12:30:22.0953 12192 [ 2E20D1A28D6B7759B0431AE6BFAE788F ] accoca c:\Program Files\ActivIdentity\ActivClient\accoca.exe

12:30:23.0562 12192 accoca - ok

12:30:23.0609 12192 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:30:23.0671 12192 ACPI - ok

12:30:23.0718 12192 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

12:30:23.0734 12192 ACPIEC - ok

12:30:23.0781 12192 [ FF60DB2ACA88543C025EACBA25CEE5C1 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

12:30:23.0828 12192 ADIHdAudAddService - ok

12:30:23.0890 12192 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:30:24.0046 12192 AdobeFlashPlayerUpdateSvc - ok

12:30:24.0062 12192 adpu160m - ok

12:30:24.0078 12192 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys

12:30:24.0140 12192 AEAudio - ok

12:30:24.0171 12192 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

12:30:24.0234 12192 aec - ok

12:30:24.0281 12192 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

12:30:24.0281 12192 AFD - ok

12:30:24.0328 12192 [ 8ED60797908FD394EEE0D6949F493224 ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe

12:30:24.0375 12192 AgereModemAudio - ok

12:30:24.0437 12192 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys

12:30:24.0562 12192 AgereSoftModem - ok

12:30:24.0578 12192 Aha154x - ok

12:30:24.0609 12192 [ 15DA079FF09BE5FA6602041EE286DE80 ] ahcix86 C:\WINDOWS\system32\DRIVERS\ahcix86.sys

12:30:24.0609 12192 ahcix86 - ok

12:30:24.0625 12192 aic78u2 - ok

12:30:24.0625 12192 aic78xx - ok

12:30:24.0687 12192 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

12:30:24.0718 12192 Alerter - ok

12:30:24.0750 12192 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

12:30:24.0781 12192 ALG - ok

12:30:24.0796 12192 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys

12:30:24.0812 12192 AliIde - ok

12:30:24.0843 12192 [ C26488BFB5278B3D357F99D3BBC790C9 ] Amddfltr C:\WINDOWS\system32\DRIVERS\Amddfltr.sys

12:30:24.0875 12192 Amddfltr - ok

12:30:24.0906 12192 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

12:30:24.0937 12192 AmdPPM - ok

12:30:24.0953 12192 amsint - ok

12:30:24.0984 12192 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

12:30:25.0046 12192 AppMgmt - ok

12:30:25.0062 12192 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

12:30:25.0109 12192 Arp1394 - ok

12:30:25.0125 12192 asc - ok

12:30:25.0125 12192 asc3350p - ok

12:30:25.0140 12192 asc3550 - ok

12:30:25.0218 12192 [ C348A8DF7B6E5326B41AC20327F972FD ] ASChannel c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll

12:30:25.0281 12192 ASChannel - ok

12:30:25.0421 12192 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

12:30:25.0453 12192 aspnet_state - ok

12:30:25.0453 12192 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:30:25.0484 12192 AsyncMac - ok

12:30:25.0515 12192 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

12:30:25.0593 12192 atapi - ok

12:30:25.0593 12192 Atdisk - ok

12:30:25.0656 12192 [ 3BE397289C3F0773829598E7C093C362 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

12:30:26.0015 12192 Ati HotKey Poller - ok

12:30:26.0140 12192 [ BC1030FA3B251B3915D6076018586F92 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

12:30:26.0718 12192 ati2mtag - ok

12:30:26.0781 12192 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:30:26.0828 12192 Atmarpc - ok

12:30:26.0875 12192 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

12:30:26.0921 12192 AudioSrv - ok

12:30:26.0968 12192 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

12:30:26.0984 12192 audstub - ok

12:30:27.0078 12192 [ 9208C78BD9283F79A30252AD954C77A2 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

12:30:27.0093 12192 BCM43XX - ok

12:30:27.0109 12192 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

12:30:27.0156 12192 Beep - ok

12:30:27.0203 12192 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

12:30:27.0250 12192 BITS - ok

12:30:27.0296 12192 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

12:30:27.0296 12192 Browser - ok

12:30:27.0343 12192 [ 5BCF6090B825DEF29065BDBD59691DBE ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys

12:30:27.0359 12192 btaudio - ok

12:30:27.0406 12192 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys

12:30:27.0437 12192 BTDriver - ok

12:30:27.0500 12192 [ EF5E0DE0A7CA2977A9255F36F4D915AB ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys

12:30:27.0562 12192 BTKRNL - ok

12:30:27.0625 12192 [ 565C79C4C00AF8D1C7500146B0B09562 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

12:30:27.0718 12192 btwdins - ok

12:30:27.0750 12192 [ 80F61DE965C116051614AC2F04222FF7 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys

12:30:27.0750 12192 BTWDNDIS - ok

12:30:27.0765 12192 [ 053DC5BE74621B63BB48C2B86BAFC7B0 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

12:30:27.0765 12192 BTWUSB - ok

12:30:27.0812 12192 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

12:30:27.0843 12192 cbidf2k - ok

12:30:27.0875 12192 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

12:30:27.0906 12192 CCDECODE - ok

12:30:27.0906 12192 cd20xrnt - ok

12:30:27.0937 12192 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

12:30:27.0984 12192 Cdaudio - ok

12:30:28.0046 12192 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

12:30:28.0093 12192 Cdfs - ok

12:30:28.0109 12192 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:30:28.0171 12192 Cdrom - ok

12:30:28.0171 12192 Changer - ok

12:30:28.0234 12192 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

12:30:28.0265 12192 CiSvc - ok

12:30:28.0281 12192 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

12:30:28.0328 12192 ClipSrv - ok

12:30:28.0375 12192 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:30:28.0421 12192 clr_optimization_v2.0.50727_32 - ok

12:30:28.0500 12192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:30:28.0546 12192 clr_optimization_v4.0.30319_32 - ok

12:30:28.0562 12192 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

12:30:28.0578 12192 CmBatt - ok

12:30:28.0593 12192 CmdIde - ok

12:30:28.0687 12192 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

12:30:28.0796 12192 Com4QLBEx - ok

12:30:28.0828 12192 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

12:30:28.0859 12192 Compbatt - ok

12:30:28.0859 12192 COMSysApp - ok

12:30:28.0890 12192 Cpqarray - ok

12:30:28.0937 12192 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

12:30:28.0968 12192 CryptSvc - ok

12:30:28.0984 12192 dac2w2k - ok

12:30:28.0984 12192 dac960nt - ok

12:30:29.0046 12192 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

12:30:29.0046 12192 DcomLaunch - ok

12:30:29.0218 12192 [ D17845A5385BFCB838CDC532AF5E3E47 ] DevoloNetworkService C:\Program Files\devolo\dlan\devolonetsvc.exe

12:30:30.0234 12192 DevoloNetworkService - ok

12:30:30.0281 12192 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

12:30:30.0312 12192 Dhcp - ok

12:30:30.0328 12192 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

12:30:30.0375 12192 Disk - ok

12:30:30.0390 12192 dmadmin - ok

12:30:30.0453 12192 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

12:30:30.0515 12192 dmboot - ok

12:30:30.0531 12192 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

12:30:30.0578 12192 dmio - ok

12:30:30.0593 12192 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

12:30:30.0609 12192 dmload - ok

12:30:30.0656 12192 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

12:30:30.0687 12192 dmserver - ok

12:30:30.0703 12192 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

12:30:30.0734 12192 DMusic - ok

12:30:30.0781 12192 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

12:30:30.0781 12192 Dnscache - ok

12:30:30.0812 12192 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

12:30:30.0859 12192 Dot3svc - ok

12:30:30.0859 12192 dpti2o - ok

12:30:30.0890 12192 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

12:30:30.0906 12192 drmkaud - ok

12:30:30.0921 12192 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

12:30:31.0015 12192 EapHost - ok

12:30:31.0015 12192 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

12:30:31.0046 12192 ERSvc - ok

12:30:31.0109 12192 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

12:30:31.0109 12192 Eventlog - ok

12:30:31.0156 12192 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

12:30:31.0171 12192 EventSystem - ok

12:30:31.0218 12192 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

12:30:31.0250 12192 Fastfat - ok

12:30:31.0296 12192 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

12:30:31.0296 12192 FastUserSwitchingCompatibility - ok

12:30:31.0312 12192 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

12:30:31.0343 12192 Fdc - ok

12:30:31.0390 12192 [ 5C329E2AB8DD62310213CBFAC0178539 ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

12:30:31.0468 12192 FilterService - ok

12:30:31.0500 12192 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

12:30:31.0531 12192 Fips - ok

12:30:31.0531 12192 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:30:31.0562 12192 Flpydisk - ok

12:30:31.0593 12192 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

12:30:31.0625 12192 FltMgr - ok

12:30:31.0687 12192 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

12:30:31.0718 12192 FontCache3.0.0.0 - ok

12:30:31.0750 12192 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:30:31.0781 12192 Fs_Rec - ok

12:30:31.0796 12192 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:30:31.0828 12192 Ftdisk - ok

12:30:31.0890 12192 [ 5EE6360A45C7EAD9B18FC77F98203269 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

12:30:31.0984 12192 Garmin Core Update Service - ok

12:30:32.0046 12192 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll

12:30:32.0281 12192 getPlusHelper - ok

12:30:32.0312 12192 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:30:32.0359 12192 Gpc - ok

12:30:32.0421 12192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

12:30:32.0421 12192 gupdate - ok

12:30:32.0421 12192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

12:30:32.0421 12192 gupdatem - ok

12:30:32.0484 12192 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

12:30:32.0609 12192 gusvc - ok

12:30:32.0656 12192 [ 407E41DDB2BFECE109132AEC296E0D98 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

12:30:32.0687 12192 HBtnKey - ok

12:30:32.0734 12192 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

12:30:32.0781 12192 HDAudBus - ok

12:30:32.0812 12192 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

12:30:32.0843 12192 helpsvc - ok

12:30:32.0843 12192 HidServ - ok

12:30:32.0890 12192 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:30:32.0906 12192 HidUsb - ok

12:30:32.0953 12192 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

12:30:33.0046 12192 hkmsvc - ok

12:30:33.0078 12192 [ 88BCB3D9EAD6B693D7D36316C434757A ] HP ProtectTools Service c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

12:30:33.0125 12192 HP ProtectTools Service - ok

12:30:33.0156 12192 [ 9F620E11B80B74F4DAB50A81A5DF357F ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys

12:30:33.0187 12192 hpdskflt - ok

12:30:33.0250 12192 [ 0A799AFFFCFD5F73FEFFD96AABDAD4AD ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

12:30:33.0390 12192 HpFkCryptService - ok

12:30:33.0390 12192 hpn - ok

12:30:33.0437 12192 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys

12:30:33.0484 12192 HpqKbFiltr - ok

12:30:33.0531 12192 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

12:30:33.0531 12192 hpqwmiex - ok

12:30:33.0578 12192 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

12:30:33.0625 12192 HPZid412 - ok

12:30:33.0640 12192 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

12:30:33.0656 12192 HPZipr12 - ok

12:30:33.0687 12192 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

12:30:33.0718 12192 HPZius12 - ok

12:30:33.0781 12192 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

12:30:33.0781 12192 HTTP - ok

12:30:33.0812 12192 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

12:30:33.0843 12192 HTTPFilter - ok

12:30:33.0843 12192 i2omgmt - ok

12:30:33.0859 12192 i2omp - ok

12:30:33.0890 12192 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:30:33.0921 12192 i8042prt - ok

12:30:34.0015 12192 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

12:30:34.0078 12192 IDriverT - ok

12:30:34.0156 12192 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:30:34.0312 12192 idsvc - ok

12:30:34.0359 12192 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

12:30:34.0406 12192 Imapi - ok

12:30:34.0453 12192 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

12:30:34.0531 12192 ImapiService - ok

12:30:34.0546 12192 ini910u - ok

12:30:34.0578 12192 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys

12:30:34.0593 12192 IntelIde - ok

12:30:34.0625 12192 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

12:30:34.0687 12192 Ip6Fw - ok

12:30:34.0703 12192 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:30:34.0734 12192 IpFilterDriver - ok

12:30:34.0750 12192 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:30:34.0796 12192 IpInIp - ok

12:30:34.0843 12192 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:30:34.0875 12192 IpNat - ok

12:30:34.0890 12192 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:30:34.0953 12192 IPSec - ok

12:30:34.0968 12192 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

12:30:35.0000 12192 IRENUM - ok

12:30:35.0015 12192 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:30:35.0046 12192 isapnp - ok

12:30:35.0078 12192 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:30:35.0109 12192 Kbdclass - ok

12:30:35.0125 12192 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:30:35.0156 12192 kbdhid - ok

12:30:35.0171 12192 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

12:30:35.0171 12192 kmixer - ok

12:30:35.0218 12192 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

12:30:35.0218 12192 KSecDD - ok

12:30:35.0406 12192 [ 0423BC118534EC23A063E54EBCA9B92D ] KService C:\Program Files\Kontiki\KService.exe

12:30:36.0125 12192 KService - ok

12:30:36.0187 12192 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

12:30:36.0187 12192 lanmanserver - ok

12:30:36.0234 12192 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

12:30:36.0234 12192 lanmanworkstation - ok

12:30:36.0250 12192 lbrtfdc - ok

12:30:36.0312 12192 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

12:30:36.0359 12192 LmHosts - ok

12:30:36.0468 12192 [ 9A3D4FC6B86E7E36473079AB76AC703D ] LVcKap C:\WINDOWS\system32\DRIVERS\LVcKap.sys

12:30:36.0562 12192 LVcKap - ok

12:30:36.0656 12192 [ 0ACBC11F19320AF6C19F2E20013D9095 ] LVMVDrv C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

12:30:36.0781 12192 LVMVDrv - ok

12:30:36.0875 12192 [ E8ACF6DD83956FB63CEB058D5F51B18A ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

12:30:36.0953 12192 lvpopflt - ok

12:30:37.0015 12192 [ 12866641284EBB41E627BB53C04DA959 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

12:30:37.0046 12192 LVPr2Mon - ok

12:30:37.0109 12192 [ 995D0B52870C7A5CAF3EA165FD674A35 ] LVPrcSrv c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe

12:30:37.0218 12192 LVPrcSrv - ok

12:30:37.0250 12192 [ A005CEE9BE199C5E375FAA559CA9A7A9 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

12:30:37.0343 12192 LVSrvLauncher - ok

12:30:37.0375 12192 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys

12:30:37.0375 12192 LVUSBSta - ok

12:30:37.0500 12192 [ 922BE6770499220DC27B529CA236815A ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys

12:30:37.0609 12192 LVUVC - ok

12:30:37.0625 12192 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

12:30:37.0656 12192 Messenger - ok

12:30:37.0703 12192 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

12:30:37.0718 12192 mnmdd - ok

12:30:37.0750 12192 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

12:30:37.0828 12192 mnmsrvc - ok

12:30:37.0859 12192 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

12:30:37.0921 12192 Modem - ok

12:30:37.0953 12192 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:30:37.0984 12192 Mouclass - ok

12:30:38.0015 12192 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:30:38.0046 12192 mouhid - ok

12:30:38.0062 12192 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

12:30:38.0109 12192 MountMgr - ok

12:30:38.0140 12192 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys

12:30:38.0187 12192 MpFilter - ok

12:30:38.0296 12192 [ A69630D039C38018689190234F866D77 ] MpKsl9ab5c64c c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C12FE1AA-A084-4C71-AD28-62EB45E3E9E0}\MpKsl9ab5c64c.sys

12:30:38.0296 12192 MpKsl9ab5c64c - ok

12:30:38.0343 12192 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys

12:30:38.0375 12192 MQAC - ok

12:30:38.0375 12192 mraid35x - ok

12:30:38.0406 12192 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:30:38.0437 12192 MRxDAV - ok

12:30:38.0484 12192 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:30:38.0500 12192 MRxSmb - ok

12:30:38.0531 12192 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

12:30:38.0562 12192 MSDTC - ok

12:30:38.0609 12192 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

12:30:38.0703 12192 Msfs - ok

12:30:38.0703 12192 MSIServer - ok

12:30:38.0734 12192 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:30:38.0765 12192 MSKSSRV - ok

12:30:38.0828 12192 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

12:30:38.0859 12192 MsMpSvc - ok

12:30:38.0906 12192 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe

12:30:38.0937 12192 MSMQ - ok

12:30:38.0953 12192 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe

12:30:39.0781 12192 MSMQTriggers - ok

12:30:39.0812 12192 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:30:39.0859 12192 MSPCLOCK - ok

12:30:39.0906 12192 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

12:30:39.0937 12192 MSPQM - ok

12:30:39.0953 12192 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:30:39.0984 12192 mssmbios - ok

12:30:40.0015 12192 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

12:30:40.0031 12192 MSTEE - ok

12:30:40.0078 12192 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

12:30:40.0078 12192 Mup - ok

12:30:40.0125 12192 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

12:30:40.0171 12192 NABTSFEC - ok

12:30:40.0234 12192 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

12:30:40.0312 12192 napagent - ok

12:30:40.0343 12192 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

12:30:40.0421 12192 NDIS - ok

12:30:40.0453 12192 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

12:30:40.0500 12192 NdisIP - ok

12:30:40.0546 12192 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:30:40.0546 12192 NdisTapi - ok

12:30:40.0593 12192 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:30:40.0609 12192 Ndisuio - ok

12:30:40.0625 12192 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:30:40.0687 12192 NdisWan - ok

12:30:40.0734 12192 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

12:30:40.0734 12192 NDProxy - ok

12:30:40.0750 12192 Net6IM - ok

12:30:40.0750 12192 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

12:30:40.0796 12192 NetBIOS - ok

12:30:40.0812 12192 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

12:30:40.0859 12192 NetBT - ok

12:30:40.0921 12192 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

12:30:41.0031 12192 NetDDE - ok

12:30:41.0031 12192 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

12:30:41.0031 12192 NetDDEdsdm - ok

12:30:41.0093 12192 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

12:30:41.0093 12192 Netlogon - ok

12:30:41.0109 12192 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

12:30:41.0171 12192 Netman - ok

12:30:41.0187 12192 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:30:41.0234 12192 NetTcpPortSharing - ok

12:30:41.0265 12192 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

12:30:41.0312 12192 NIC1394 - ok

12:30:41.0328 12192 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

12:30:41.0343 12192 Nla - ok

12:30:41.0359 12192 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

12:30:41.0390 12192 Npfs - ok

12:30:41.0453 12192 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\WINDOWS\system32\drivers\npf_devolo.sys

12:30:41.0656 12192 NPF_devolo - ok

12:30:41.0703 12192 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

12:30:41.0765 12192 Ntfs - ok

12:30:41.0781 12192 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

12:30:41.0781 12192 NtLmSsp - ok

12:30:41.0843 12192 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

12:30:41.0906 12192 NtmsSvc - ok

12:30:41.0953 12192 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

12:30:41.0984 12192 Null - ok

12:30:41.0984 12192 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:30:42.0015 12192 NwlnkFlt - ok

12:30:42.0015 12192 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:30:42.0062 12192 NwlnkFwd - ok

12:30:42.0062 12192 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

12:30:42.0109 12192 ohci1394 - ok

12:30:42.0125 12192 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

12:30:42.0171 12192 Parport - ok

12:30:42.0187 12192 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

12:30:42.0234 12192 PartMgr - ok

12:30:42.0250 12192 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

12:30:42.0281 12192 ParVdm - ok

12:30:42.0281 12192 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

12:30:42.0343 12192 PCI - ok

12:30:42.0343 12192 PCIDump - ok

12:30:42.0359 12192 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

12:30:42.0375 12192 PCIIde - ok

12:30:42.0390 12192 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

12:30:42.0453 12192 Pcmcia - ok

12:30:42.0453 12192 PDCOMP - ok

12:30:42.0468 12192 PDFRAME - ok

12:30:42.0468 12192 PDRELI - ok

12:30:42.0484 12192 PDRFRAME - ok

12:30:42.0484 12192 perc2 - ok

12:30:42.0500 12192 perc2hib - ok

12:30:42.0546 12192 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

12:30:42.0546 12192 PlugPlay - ok

12:30:42.0593 12192 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

12:30:42.0921 12192 Pml Driver HPZ12 - ok

12:30:42.0968 12192 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

12:30:42.0968 12192 PolicyAgent - ok

12:30:43.0015 12192 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:30:43.0062 12192 PptpMiniport - ok

12:30:43.0078 12192 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

12:30:43.0125 12192 Processor - ok

12:30:43.0125 12192 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

12:30:43.0125 12192 ProtectedStorage - ok

12:30:43.0140 12192 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

12:30:43.0187 12192 PSched - ok

12:30:43.0218 12192 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:30:43.0250 12192 Ptilink - ok

12:30:43.0250 12192 ql1080 - ok

12:30:43.0265 12192 Ql10wnt - ok

12:30:43.0265 12192 ql12160 - ok

12:30:43.0281 12192 ql1240 - ok

12:30:43.0281 12192 ql1280 - ok

12:30:43.0312 12192 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:30:43.0328 12192 RasAcd - ok

12:30:43.0359 12192 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

12:30:43.0390 12192 RasAuto - ok

12:30:43.0406 12192 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

12:30:43.0421 12192 Rasirda - ok

12:30:43.0453 12192 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:30:43.0484 12192 Rasl2tp - ok

12:30:43.0546 12192 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

12:30:43.0578 12192 RasMan - ok

12:30:43.0593 12192 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:30:43.0625 12192 RasPppoe - ok

12:30:43.0640 12192 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

12:30:43.0671 12192 Raspti - ok

12:30:43.0703 12192 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:30:43.0718 12192 Rdbss - ok

12:30:43.0734 12192 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:30:43.0750 12192 RDPCDD - ok

12:30:43.0796 12192 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:30:43.0828 12192 rdpdr - ok

12:30:43.0859 12192 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

12:30:43.0859 12192 RDPWD - ok

12:30:43.0890 12192 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

12:30:43.0937 12192 redbook - ok

12:30:43.0984 12192 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

12:30:44.0031 12192 RemoteAccess - ok

12:30:44.0078 12192 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

12:30:44.0109 12192 RemoteRegistry - ok

12:30:44.0140 12192 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys

12:30:44.0187 12192 RimUsb - ok

12:30:44.0234 12192 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys

12:30:44.0234 12192 RMCAST - ok

12:30:44.0296 12192 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

12:30:44.0343 12192 RpcLocator - ok

12:30:44.0390 12192 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

12:30:44.0390 12192 RpcSs - ok

12:30:44.0437 12192 [ 085CED4621302B27D86358AD6239DABE ] RsvLock C:\WINDOWS\system32\drivers\RsvLock.sys

12:30:44.0500 12192 RsvLock - ok

12:30:44.0515 12192 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

12:30:44.0578 12192 RSVP - ok

12:30:44.0609 12192 [ 26AF84A03E2C2C5AD7ABFECEFC43BC4D ] SafeBoot C:\WINDOWS\system32\drivers\SafeBoot.sys

12:30:44.0609 12192 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 26AF84A03E2C2C5AD7ABFECEFC43BC4D

12:30:44.0609 12192 SafeBoot ( LockedFile.Multi.Generic ) - warning

12:30:44.0609 12192 SafeBoot - detected LockedFile.Multi.Generic (1)

12:30:44.0625 12192 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

12:30:44.0625 12192 SamSs - ok

12:30:44.0640 12192 [ 587674B8CBB440691692335F7ED28E02 ] SbAlg C:\WINDOWS\system32\drivers\SbAlg.sys

12:30:44.0703 12192 SbAlg - ok

12:30:44.0703 12192 [ 41C08F2DA137340855BB2E4FDE8FD765 ] SbFsLock C:\WINDOWS\system32\drivers\SbFsLock.sys

12:30:44.0734 12192 SbFsLock - ok

12:30:44.0796 12192 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

12:30:44.0875 12192 SCardSvr - ok

12:30:44.0921 12192 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

12:30:44.0937 12192 Schedule - ok

12:30:44.0984 12192 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:30:45.0015 12192 Secdrv - ok

12:30:45.0031 12192 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

12:30:45.0062 12192 seclogon - ok

12:30:45.0078 12192 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

12:30:45.0078 12192 SENS - ok

12:30:45.0093 12192 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

12:30:45.0109 12192 serenum - ok

12:30:45.0140 12192 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

12:30:45.0218 12192 Serial - ok

12:30:45.0265 12192 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys

12:30:45.0296 12192 SFAUDIO - ok

12:30:45.0312 12192 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

12:30:45.0328 12192 Sfloppy - ok

12:30:45.0406 12192 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

12:30:45.0484 12192 SharedAccess - ok

12:30:45.0500 12192 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

12:30:45.0515 12192 ShellHWDetection - ok

12:30:45.0515 12192 Simbad - ok

12:30:45.0562 12192 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

12:30:45.0578 12192 SLIP - ok

12:30:45.0640 12192 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys

12:30:45.0671 12192 SMCIRDA - ok

12:30:45.0718 12192 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

12:30:45.0734 12192 SONYPVU1 - ok

12:30:45.0750 12192 Sparrow - ok

12:30:45.0796 12192 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

12:30:45.0828 12192 splitter - ok

12:30:45.0859 12192 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

12:30:45.0859 12192 Spooler - ok

12:30:45.0906 12192 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

12:30:45.0968 12192 sr - ok

12:30:46.0015 12192 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

12:30:46.0062 12192 srservice - ok

12:30:46.0109 12192 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

12:30:46.0125 12192 Srv - ok

12:30:46.0140 12192 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

12:30:46.0187 12192 SSDPSRV - ok

12:30:46.0218 12192 [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys

12:30:46.0281 12192 ss_bus - ok

12:30:46.0296 12192 [ F0A85580E36A3A85059037D39A9CF079 ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys

12:30:46.0328 12192 ss_mdfl - ok

12:30:46.0328 12192 [ 84C3DBFD1BFA4ADC0A950B3D5506CB00 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys

12:30:46.0406 12192 ss_mdm - ok

12:30:46.0421 12192 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys

12:30:46.0453 12192 StarOpen - ok

12:30:46.0468 12192 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

12:30:46.0546 12192 stisvc - ok

12:30:46.0578 12192 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

12:30:46.0609 12192 streamip - ok

12:30:46.0656 12192 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

12:30:46.0703 12192 swenum - ok

12:30:46.0734 12192 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

12:30:46.0765 12192 swmidi - ok

12:30:46.0781 12192 SwPrv - ok

12:30:46.0796 12192 symc810 - ok

12:30:46.0796 12192 symc8xx - ok

12:30:46.0812 12192 sym_hi - ok

12:30:46.0812 12192 sym_u3 - ok

12:30:46.0875 12192 [ 926E0BB4CAC05D9A0C3B59DC16FE2F1C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

12:30:46.0953 12192 SynTP - ok

12:30:46.0968 12192 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

12:30:47.0031 12192 sysaudio - ok

12:30:47.0062 12192 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

12:30:47.0125 12192 SysmonLog - ok

12:30:47.0156 12192 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

12:30:47.0203 12192 TapiSrv - ok

12:30:47.0265 12192 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:30:47.0281 12192 Tcpip - ok

12:30:47.0312 12192 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

12:30:47.0343 12192 TDPIPE - ok

12:30:47.0375 12192 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

12:30:47.0406 12192 TDTCP - ok

12:30:47.0421 12192 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

12:30:47.0468 12192 TermDD - ok

12:30:47.0531 12192 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

12:30:47.0578 12192 TermService - ok

12:30:47.0609 12192 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

12:30:47.0609 12192 Themes - ok

12:30:47.0625 12192 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

12:30:47.0703 12192 TlntSvr - ok

12:30:47.0703 12192 TosIde - ok

12:30:47.0734 12192 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

12:30:47.0781 12192 TrkWks - ok

12:30:47.0796 12192 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

12:30:47.0843 12192 Udfs - ok

12:30:47.0843 12192 ultra - ok

12:30:47.0906 12192 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

12:30:47.0937 12192 Update - ok

12:30:47.0953 12192 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

12:30:48.0000 12192 upnphost - ok

12:30:48.0031 12192 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

12:30:48.0125 12192 UPS - ok

12:30:48.0171 12192 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

12:30:48.0218 12192 usbaudio - ok

12:30:48.0281 12192 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:30:48.0312 12192 usbccgp - ok

12:30:48.0343 12192 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:30:48.0375 12192 usbehci - ok

12:30:48.0406 12192 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:30:48.0453 12192 usbhub - ok

12:30:48.0484 12192 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

12:30:48.0515 12192 usbohci - ok

12:30:48.0515 12192 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:30:48.0546 12192 usbprint - ok

12:30:48.0578 12192 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:30:48.0593 12192 usbscan - ok

12:30:48.0671 12192 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:30:48.0703 12192 USBSTOR - ok

12:30:48.0703 12192 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:30:48.0734 12192 usbuhci - ok

12:30:48.0765 12192 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

12:30:48.0796 12192 VgaSave - ok

12:30:48.0812 12192 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys

12:30:48.0828 12192 ViaIde - ok

12:30:48.0843 12192 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

12:30:48.0890 12192 VolSnap - ok

12:30:48.0953 12192 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

12:30:49.0031 12192 VSS - ok

12:30:49.0062 12192 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

12:30:49.0109 12192 W32Time - ok

12:30:49.0171 12192 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:30:49.0218 12192 Wanarp - ok

12:30:49.0265 12192 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

12:30:49.0312 12192 Wdf01000 - ok

12:30:49.0328 12192 WDICA - ok

12:30:49.0359 12192 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

12:30:49.0421 12192 wdmaud - ok

12:30:49.0468 12192 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

12:30:49.0500 12192 WebClient - ok

12:30:49.0609 12192 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

12:30:49.0687 12192 winmgmt - ok

12:30:49.0703 12192 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

12:30:49.0750 12192 WmdmPmSN - ok

12:30:49.0796 12192 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

12:30:49.0812 12192 Wmi - ok

12:30:49.0812 12192 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

12:30:49.0843 12192 WmiAcpi - ok

12:30:49.0875 12192 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

12:30:49.0953 12192 WmiApSrv - ok

12:30:50.0046 12192 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

12:30:50.0375 12192 WMPNetworkSvc - ok

12:30:50.0406 12192 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

12:30:50.0453 12192 WpdUsb - ok

12:30:50.0531 12192 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:30:50.0640 12192 WPFFontCache_v0400 - ok

12:30:50.0687 12192 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

12:30:50.0734 12192 wscsvc - ok

12:30:50.0750 12192 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

12:30:50.0796 12192 WSTCODEC - ok

12:30:50.0859 12192 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

12:30:50.0890 12192 wuauserv - ok

12:30:50.0937 12192 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:30:51.0000 12192 WudfPf - ok

12:30:51.0000 12192 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:30:51.0078 12192 WudfRd - ok

12:30:51.0093 12192 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

12:30:51.0125 12192 WudfSvc - ok

12:30:51.0187 12192 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

12:30:51.0234 12192 WZCSVC - ok

12:30:51.0250 12192 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

12:30:51.0296 12192 xmlprov - ok

12:30:51.0359 12192 [ D57A909F1A9114D5D18A2EACB1AFECD5 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys

12:30:51.0390 12192 yukonwxp - ok

12:30:51.0406 12192 ================ Scan global ===============================

12:30:51.0453 12192 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

12:30:51.0500 12192 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

12:30:51.0515 12192 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll

12:30:51.0562 12192 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

12:30:51.0562 12192 [Global] - ok

12:30:51.0562 12192 ================ Scan MBR ==================================

12:30:51.0593 12192 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk0\DR0

12:30:51.0828 12192 \Device\Harddisk0\DR0 - ok

12:30:51.0828 12192 ================ Scan VBR ==================================

12:30:51.0828 12192 [ 93369DC93ECC31DDF4CF136BEC771FC2 ] \Device\Harddisk0\DR0\Partition1

12:30:51.0828 12192 \Device\Harddisk0\DR0\Partition1 - ok

12:30:51.0859 12192 [ E427D2A1FFB7DD96EEDA855F744747F1 ] \Device\Harddisk0\DR0\Partition2

12:30:51.0859 12192 \Device\Harddisk0\DR0\Partition2 - ok

12:30:51.0859 12192 ============================================================

12:30:51.0859 12192 Scan finished

12:30:51.0859 12192 ============================================================

12:30:51.0875 12180 Detected object count: 1

12:30:51.0875 12180 Actual detected object count: 1

12:33:56.0390 12180 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user

12:33:56.0390 12180 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

12:35:36.0187 11764 Deinitialize success

~~~~~~~~~~~~~~~

Is it ok to proceed to step 2?

[plugandplay]

Hi,

I have now done step 2 & run Malwarebytes Anti-Rootkit; at the start it found AppInit_dlls and said either Remove or select NO if not sure; I selected NO, just in case & ran the scan.

~~~~~~~~~~~~~~~~~~

mbar log

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.26.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Paul :: LAPTOP [administrator]

26/05/2013 14:55:45

mbar-log-2013-05-26 (14-55-45).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 295945

Time elapsed: 56 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

system-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.099000 GHz

Memory total: 2949427200, free: 2091208704

Host not found

Net Exception

Downloaded database version: v2013.05.26.04

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

05/26/2013 14:55:32

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

intelide.sys

viaide.sys

aliide.sys

pcmcia.sys

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

ACPIEC.sys

\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

PartMgr.sys

VolSnap.sys

atapi.sys

ahcix86.sys

\WINDOWS\System32\DRIVERS\SCSIPORT.SYS

SbAlg.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

SbFsLock.sys

sr.sys

MpFilter.sys

KSecDD.sys

WudfPf.sys

Ntfs.sys

NDIS.sys

sfaudio.sys

SafeBoot.sys

Mup.sys

hpdskflt.sys

Amddfltr.sys

\SystemRoot\system32\DRIVERS\AmdPPM.sys

\SystemRoot\system32\DRIVERS\ati2mtag.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\yk51x86.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

\SystemRoot\system32\DRIVERS\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\Wdf01000.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\Accelerometer.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\cpqbttn.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\btkrnl.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\btport.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\ADIHdAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\AEAudio.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\System32\Drivers\Modem.SYS

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\System32\Drivers\StarOpen.SYS

\SystemRoot\System32\Drivers\RsvLock.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_ahcix86.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\ati2dvag.dll

\SystemRoot\System32\ati2cqag.dll

\SystemRoot\System32\atikvmag.dll

\SystemRoot\System32\atiok3x2.dll

\SystemRoot\System32\ati3duag.dll

\SystemRoot\System32\ativvaxx.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mqac.sys

\SystemRoot\system32\drivers\npf_devolo.sys

\??\C:\WINDOWS\system32\drivers\RMCast.sys

\SystemRoot\system32\DRIVERS\LVPr2Mon.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5F05A567-49B8-4FE7-8416-D5A14E2299BE}\MpKsl1dba4d5b.sys

\??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C12FE1AA-A084-4C71-AD28-62EB45E3E9E0}\MpKsl9ab5c64c.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8abdb7f0

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Scsi\ahcix861Port0Path0Target0Lun0\

Lower Device Object: 0xffffffff8ac5c030

Lower Device Driver Name: \Driver\ahcix86\

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8abdb7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8ab87a00, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a669020, DeviceName: Unknown, DriverName: \Driver\SafeBoot\

DevicePointer: 0xffffffff8abdb7f0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8abdbd58, DeviceName: Unknown, DriverName: \Driver\hpdskflt\

DevicePointer: 0xffffffff8abc48d8, DeviceName: Unknown, DriverName: \Driver\Amddfltr\

DevicePointer: 0xffffffff8ac5c920, DeviceName: \Device\00000087\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8ac5c030, DeviceName: \Device\Scsi\ahcix861Port0Path0Target0Lun0\, DriverName: \Driver\ahcix86\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\SafeBoot\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\system32\drivers...

<<<2>>>

Device number: 0, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\WINDOWS\system32\drivers\SafeBoot.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 95AA95AA

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 310456062

Partition file system is NTFS

Partition is bootable

Partition 1 type is Other (0xc)

Partition is NOT ACTIVE.

Partition starts at LBA: 310472190 Numsec = 2104515

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...

Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.099000 GHz

Memory total: 2949427200, free: 2134679552

=======================================

It said that no malicious items were found.

I shall wait to hear from you before Step 3.

[D-FRED-BROWN]

Hi, I need the other logs as well. Let me know how things go.

[plugandplay]

Hi DFB,

Steps 3 & 4 reports below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix

ComboFix 13-05-27.02 - Paul 27/05/2013 20:48:23.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2813.1819 [GMT 1:00]

Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Paul\System

c:\documents and settings\Paul\System\win_qs8.jqx

c:\windows\EventSystem.log

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-04-27 to 2013-05-27 )))))))))))))))))))))))))))))))

.

.

2013-05-27 17:24 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C06C03FE-AD8C-4F78-8213-093BE8308639}\mpengine.dll

2013-05-26 13:55 . 2013-05-26 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-05-26 09:54 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-25 08:42 . 2013-05-25 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-25 08:42 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-09 13:11 . 2013-05-09 13:11 -------- d-----w- c:\documents and settings\Alyson\Application Data\Foxit Software

2013-05-04 15:15 . 2013-05-04 15:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Foxit Software

2013-05-04 15:14 . 2013-05-04 15:14 -------- d-----w- c:\program files\Foxit Software

2013-05-04 13:57 . 2013-05-25 14:39 -------- d-----w- c:\program files\Common Files\Adobe AIR

2013-05-04 13:57 . 2013-05-04 13:57 -------- d-----w- c:\program files\devolo

2013-05-04 13:46 . 2013-05-04 15:15 -------- d-----w- c:\documents and settings\Paul\Application Data\Foxit Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-23 14:57 . 2012-04-10 17:32 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-23 14:57 . 2011-05-15 16:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-02 15:28 . 2013-03-19 21:32 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-16 22:17 . 2004-08-04 08:00 920064 ----a-w- c:\windows\system32\wininet.dll

2013-04-16 22:17 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-16 22:17 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-04-12 23:28 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec

2013-04-10 01:31 . 2004-08-04 08:00 1876352 ----a-w- c:\windows\system32\win32k.sys

2013-03-08 08:36 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2004-08-04 08:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-04 08:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-27 07:56 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-24 39408]

"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]

"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-02-05 1099576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-02 296056]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1040384]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]

"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-10-07 349488]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]

"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-09-23 24848]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-11-27 298536]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]

2007-11-27 16:41 109568 ----a-w- c:\windows\system32\ackpbsc.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]

2007-11-27 16:40 286720 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\APSHook.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\mstsc.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\devolo\\dlan\\devolonetsvc.exe"=

.

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [27/06/2008 07:57 174600]

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [27/06/2008 08:21 15416]

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [01/10/2008 15:01 109216]

R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [01/10/2008 15:02 51408]

R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [01/10/2008 15:02 12960]

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 11:14 24064]

R1 MpKsl9ab5c64c;MpKsl9ab5c64c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C12FE1AA-A084-4C71-AD28-62EB45E3E9E0}\MpKsl9ab5c64c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C12FE1AA-A084-4C71-AD28-62EB45E3E9E0}\MpKsl9ab5c64c.sys [?]

R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [01/10/2008 15:02 12528]

R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [27/11/2007 17:42 185896]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04/08/2004 09:00 14336]

R2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [23/12/2010 11:41 3304768]

R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [05/02/2013 19:08 185144]

R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [01/10/2008 15:01 256544]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [25/05/2013 09:42 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/05/2013 09:42 701512]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [10/06/2010 12:32 35840]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [27/06/2008 09:21 193840]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/05/2013 09:42 22856]

S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [07/10/2008 14:17 45056]

S3 Net6IM;Net6;c:\windows\system32\DRIVERS\net6im51.sys --> c:\windows\system32\DRIVERS\net6im51.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

Cognizance REG_MULTI_SZ ASChannel

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:57]

.

2013-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2013-05-26 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-24 16:15]

.

2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 19:37]

.

2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 19:37]

.

2013-05-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 11:11]

.

2013-05-27 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 11:11]

.

2013-05-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2013-05-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2013-05-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-501.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2013-05-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-692129560-3622723548-494710042-1005.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2013-05-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-692129560-3622723548-494710042-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2013-05-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-692129560-3622723548-494710042-501.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]

.

2013-05-27 c:\windows\Tasks\User_Feed_Synchronization-{D9341EA1-CAB2-45B5-A33E-DEAEF51EE083}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://news.bbc.co.uk/sport/default.stm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-27 21:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|p>?|????i>?|??@

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(700)

c:\windows\system32\APSHook.dll

c:\windows\system32\ackpbsc.dll

c:\windows\system32\aclog.dll

c:\windows\system32\accrypto.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\windows\system32\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll

.

- - - - - - - > 'winlogon.exe'(3344)

c:\windows\system32\APSHook.dll

c:\windows\system32\ackpbsc.dll

c:\windows\system32\aclog.dll

c:\windows\system32\accrypto.dll

c:\windows\system32\ACLIBEAY.dll

c:\windows\system32\acevtsub.dll

c:\windows\system32\asphat32.dll

c:\windows\system32\acerrmes.dll

c:\windows\system32\aspcom.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ActivIdentity\ActivClient\acunlock.dll

c:\windows\system32\aipingui.dll

c:\windows\system32\aicext.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll

c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll

c:\program files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll

.

- - - - - - - > 'lsass.exe'(756)

c:\windows\system32\APSHook.dll

.

Completion time: 2013-05-27 21:07:10

ComboFix-quarantined-files.txt 2013-05-27 20:07

.

Pre-Run: 120,787,017,728 bytes free

Post-Run: 126,562,066,432 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 7C203D3C3D19BFF04FCF90AECC0272CB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Security Check

Results of screen317's Security Check version 0.99.64

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC is being installed.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

M

i

c

r

o

s

o

f

t

ECHO is off.

S

e

c

u

r

i

t

y

ECHO is off.

E

s

e

n

t

i

a

l

s

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

HP JavaCard for HP ProtectTools

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 3%

````````````````````End of Log``````````````````````

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After I completed & posted the MBAR results yesterday I left the laptop running but it froze overnight; when I rebooted it was stuck for hours again before it opened. Please let me know if I need to do anything else before I reboot again to test the startup menu and operation.

[D-FRED-BROWN]

Go ahead and reboot. How is your computer running now?

Please run the following two scans to check for any leftover malware:

Please download RogueKiller to your desktop

• Quit all running programs
  
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  
• When prompted, type 1 and validate
  
• The RKreport.txt shall be generated next to the executable.
  
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  

Please post the contents of the RKreport.txt in your next Reply.

-------

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[plugandplay]

Good news & bad news!

I rebooted as you said and it was fine first time, although a bit slow starting up.

I then ran Roguekiller (log below); it found two items and instructed me to delete them, which I did.

I rebooted again but this time I had the same problem of it being stuck, with the cd drive clicking away. I did a forced power down and rebooted a few times - finally succeeded after about eight attempts & 15 minutes. This is still better than most times recently!

I will run the ESET scanner overnight and post the log in the morning.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller Report

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Paul [Admin rights]

Mode : Scan -- Date : 05/27/2013 22:21:05

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1652GSX SCSI Disk Device +++++

--- User ---

[MBR] 2fa94093819be11d8c41bfae446a3ece

[bSP] 36db149b5fe5c1f0bdba2e2485204d2d : Empty MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 151589 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 310472190 | Size: 1027 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_05272013_02d2221.txt >>

RKreport[1]_S_05272013_02d2221.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[D-FRED-BROWN]

I will run the ESET scanner overnight and post the log in the morning.

Sounds good. Keep me posted.

[plugandplay]

^Hi,

^{Ran the ESET scan and then rebooted but had the usual problems unfortunately. Eset did not find any problems:}

^{ESETSmartInstaller@High as CAB hook log:}

^{OnlineScanner.ocx - registred OK}

^{# version=8}

^{# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)}

^{# OnlineScanner.ocx=1.0.0.6920}

^{# api_version=3.0.2}

^{# EOSSerial=e161076db9ce0e46946ac8fcd76820ac}

^{# engine=13933}

^{# end=finished}

^{# remove_checked=false}

^{# archives_checked=true}

^{# unwanted_checked=true}

^{# unsafe_checked=false}

^{# antistealth_checked=true}

^{# utc_time=2013-05-28 01:53:31}

^{# local_time=2013-05-28 02:53:31 (+0000, GMT Daylight Time)}

^{# country="United Kingdom"}

^{# lang=1033}

^{# osver=5.1.2600 NT Service Pack 3}

^{# compatibility_mode=5892 16777213 88 94 5982000 11012067 0 0}

^{# scanned=115451}

^{# found=0}

^{# cleaned=0}

^{# scan_time=13003}

^{What do I need to do next?}

^Thanks.

[plugandplay]

Just to let you know, I might be away from the laptop for a couple of days.

[D-FRED-BROWN]

No worries, I'll keep the topic open. Just post back here when you get back.

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Change the "Extra Registry" option to "SafeList"

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

[plugandplay]

Hi,

I have run OTL, txt log below, Extras log on next post:

OTL logfile created on: 01/06/2013 11:22:10 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 71.71% Memory free

4.59 Gb Paging File | 3.90 Gb Available in Paging File | 85.09% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.04 Gb Total Space | 117.80 Gb Free Space | 79.57% Space Free | Partition Type: NTFS

Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/01 11:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/05 19:08:42 | 001,099,576 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe

PRC - [2013/02/05 19:08:14 | 000,185,144 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

PRC - [2013/01/27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe

PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/06/02 07:58:05 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe

PRC - [2010/12/23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Program Files\devolo\dlan\devolonetsvc.exe

PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe

PRC - [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe

PRC - [2008/10/07 14:29:46 | 000,349,488 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe

PRC - [2008/10/01 15:01:14 | 000,256,544 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2008/06/09 16:10:04 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe

PRC - [2008/05/12 15:55:10 | 001,440,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

PRC - [2008/05/12 15:55:10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

PRC - [2007/11/27 17:42:14 | 000,185,896 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe

PRC - [2007/11/27 17:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe

PRC - [2007/11/27 17:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe

PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/15 13:20:35 | 000,369,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9c93d906010c964c537d9138851bdba8\System.ServiceModel.Routing.ni.dll

MOD - [2013/05/15 13:20:33 | 001,139,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\6b28ed6b9eb59d2feaafe560b6a0bcea\System.ServiceModel.Discovery.ni.dll

MOD - [2013/05/15 13:20:29 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\94b2cf583276f57d5dbf88f239de6a05\System.ServiceModel.Channels.ni.dll

MOD - [2013/05/15 13:20:28 | 001,392,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4b638522ab72384ab24ac0cfaa98695d\System.ServiceModel.Activities.ni.dll

MOD - [2013/05/15 13:20:23 | 018,054,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\70a964bc3696ad2a415a714fe70b08aa\System.ServiceModel.ni.dll

MOD - [2013/05/15 13:19:47 | 001,077,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1eaf141d2aff7f2ad5348d47dee32603\System.IdentityModel.ni.dll

MOD - [2013/05/15 13:17:51 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\46db6334e80a57cdebff3f11a857b765\System.Runtime.DurableInstancing.ni.dll

MOD - [2013/05/15 13:17:49 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\c30d2152f54ac1787609efa875e8c93a\System.Runtime.Serialization.ni.dll

MOD - [2013/05/15 13:17:45 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7b3eaf7c9db6651949a8acec16af531c\System.Xml.Linq.ni.dll

MOD - [2013/05/15 10:18:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll

MOD - [2013/05/15 10:16:40 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2013/05/15 10:12:30 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e33209641fcfd84515a4c99c7acc8c6f\PresentationFramework.ni.dll

MOD - [2013/05/15 10:12:16 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\462b2d075ff2b0bdb173b2d4a1a712e0\System.Windows.Forms.ni.dll

MOD - [2013/05/15 10:11:48 | 000,742,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\5af593b8c4a8be035e7d82dc64d9d4bd\System.Security.ni.dll

MOD - [2013/05/15 10:11:46 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\a1f7478ef0285516ee6f4ae9513eb912\System.Configuration.ni.dll

MOD - [2013/05/15 10:11:45 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\da03cdfd5f183a9f45fcaeb52d09a3bf\PresentationCore.ni.dll

MOD - [2013/05/15 10:11:20 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\d7f6c0b5d4997a7b98f3c51d4f92783f\System.Core.ni.dll

MOD - [2013/05/15 10:11:10 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\f52572d44b789088efa38e51ccf78fea\WindowsBase.ni.dll

MOD - [2013/02/13 00:30:42 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\66476359cfb5550178ddb0d34128aa61\System.ServiceProcess.ni.dll

MOD - [2013/02/13 00:29:39 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll

MOD - [2013/01/09 17:08:57 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\f711a3947215ce03c71314d0fd35c171\System.Transactions.ni.dll

MOD - [2013/01/09 17:08:54 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\033adbf1a8b8244700121f8784e27908\SMDiagnostics.ni.dll

MOD - [2013/01/09 17:08:49 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\acf3c1c09598ff28c926aaeb9fcf5b4e\System.Xaml.ni.dll

MOD - [2013/01/08 21:31:19 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll

MOD - [2013/01/08 21:30:31 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll

MOD - [2013/01/08 21:29:51 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll

MOD - [2013/01/08 21:29:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll

MOD - [2013/01/08 21:25:24 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\1c27a7c883c2dfe6fb67a7296ab0bc2d\System.Drawing.ni.dll

MOD - [2013/01/08 21:25:10 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7547fd91e6fba347148e6b0758683315\PresentationFramework.Luna.ni.dll

MOD - [2013/01/08 21:25:00 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\4e2cac0827fc76ba1caa25443cc4ca61\System.Xml.ni.dll

MOD - [2013/01/08 21:24:37 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\da100161503047a994c55c9832d72ce7\System.ni.dll

MOD - [2013/01/08 21:24:26 | 014,413,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll

MOD - [2008/06/27 08:43:31 | 001,679,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3057.37261__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:31 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3057.37222__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:31 | 000,196,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3057.37273__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:31 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3057.37441__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3057.37407__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:31 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3057.37253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:31 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3057.37367__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3057.37240__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:30 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3057.37469__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:16 | 000,352,256 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3057.37415__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:16 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3057.37482__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:16 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3057.37476__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:16 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3057.37267__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3057.37420__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3057.37234__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:16 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3057.37414__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3057.37481__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3057.37266__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:14 | 000,802,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3057.37375__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:14 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3057.37433__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:14 | 000,217,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3057.37280__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:14 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3057.37388__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:14 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3057.37374__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:13 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3057.37286__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:13 | 000,479,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3057.37369__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:13 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3057.37241__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:13 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3057.37401__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll

MOD - [2008/06/27 08:43:13 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3057.37292__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll

MOD - [2008/06/27 08:43:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3057.37367__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3057.37291__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3057.37374__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:13 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3057.37387__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3057.37400__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll

MOD - [2008/06/27 08:43:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll

MOD - [2008/06/27 08:43:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll

MOD - [2008/06/27 08:43:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll

MOD - [2008/06/27 08:43:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll

MOD - [2008/06/27 08:43:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll

MOD - [2008/06/27 08:43:13 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll

MOD - [2008/06/27 08:43:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll

MOD - [2008/06/27 08:43:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll

MOD - [2008/06/27 08:43:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2939.23766__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll

MOD - [2008/06/27 08:43:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll

MOD - [2008/06/27 08:43:06 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3057.37248__90ba9c70f846762e\CLI.Component.Wizard.dll

MOD - [2008/06/27 08:43:06 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3057.37461__90ba9c70f846762e\MOM.Implementation.dll

MOD - [2008/06/27 08:43:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3057.37214__90ba9c70f846762e\CLI.Component.Runtime.dll

MOD - [2008/06/27 08:43:06 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3057.37459__90ba9c70f846762e\LOG.Foundation.Implementation.dll

MOD - [2008/06/27 08:43:06 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll

MOD - [2008/06/27 08:43:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll

MOD - [2008/06/27 08:43:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3057.37487__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll

MOD - [2008/06/27 08:43:06 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll

MOD - [2008/06/27 08:43:06 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll

MOD - [2008/06/27 08:43:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll

MOD - [2008/06/27 08:43:06 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll

MOD - [2008/06/27 08:43:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3057.37214__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll

MOD - [2008/06/27 08:43:05 | 001,511,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3057.37228__90ba9c70f846762e\CLI.Component.Dashboard.dll

MOD - [2008/06/27 08:43:05 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3057.37215__90ba9c70f846762e\ATIDEMOS.dll

MOD - [2008/06/27 08:43:05 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3057.37213__90ba9c70f846762e\APM.Server.dll

MOD - [2008/06/27 08:43:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3057.37214__90ba9c70f846762e\AEM.Server.dll

MOD - [2008/06/27 08:43:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll

MOD - [2008/06/27 08:43:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3057.37460__90ba9c70f846762e\CCC.Implementation.dll

MOD - [2008/06/27 08:43:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll

MOD - [2008/06/27 08:43:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll

MOD - [2008/06/27 08:43:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll

MOD - [2008/05/12 15:51:50 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll

MOD - [2008/05/12 15:49:02 | 000,040,960 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007/11/27 17:41:06 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\aicext.dll

MOD - [2007/02/08 01:18:18 | 001,119,768 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\LAppRes.DLL

MOD - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

MOD - [2007/02/08 01:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LCMServerPS.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - [2013/05/23 15:57:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/05 19:08:14 | 000,185,144 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)

SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/12/23 11:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)

SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)

SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)

SRV - [2008/10/07 14:17:40 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2008/10/01 15:01:14 | 000,256,544 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2008/09/23 08:06:54 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

SRV - [2007/12/11 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007/11/27 17:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)

SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\net6im51.sys -- (Net6IM)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/06/10 12:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf_devolo.sys -- (NPF_devolo)

DRV - [2009/09/06 09:26:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2008/10/01 15:02:04 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2008/10/01 15:02:02 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2008/10/01 15:02:00 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2008/10/01 15:01:58 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2008/05/27 14:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)

DRV - [2008/05/23 14:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)

DRV - [2008/05/23 14:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2008/05/16 01:33:44 | 002,881,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2008/05/14 09:08:16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2008/05/14 09:08:14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2008/05/14 09:08:14 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2008/05/14 09:08:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2008/05/14 09:08:14 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)

DRV - [2008/04/28 23:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)

DRV - [2008/04/03 22:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)

DRV - [2008/03/21 19:35:14 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2008/03/12 16:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Amddfltr.sys -- (Amddfltr)

DRV - [2008/03/01 00:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)

DRV - [2007/04/17 00:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/02/03 19:32:58 | 000,022,560 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2007/02/03 19:32:45 | 001,939,360 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2007/02/03 19:32:34 | 000,041,504 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/02/03 19:30:57 | 001,507,232 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2001/08/17 20:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9D52A3FB-7FC6-462E-BDC7-580B06DF7C7B}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmnbie7-en-gb

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/sport/default.stm

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\..\SearchScopes,DefaultScope = {FB7B12C7-BCDD-4DE2-89D3-5F5B05A49A0E}

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\..\SearchScopes\{9D52A3FB-7FC6-462E-BDC7-580B06DF7C7B}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcmnbie7-en-gb

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\..\SearchScopes\{FB7B12C7-BCDD-4DE2-89D3-5F5B05A49A0E}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_enGB311

IE - HKU\S-1-5-21-692129560-3622723548-494710042-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013/05/27 21:04:13 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/02 07:58:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/02 07:58:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

O1 HOSTS File: ([2013/05/27 21:03:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)

O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)

O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-692129560-3622723548-494710042-1005..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)

O4 - HKU\S-1-5-21-692129560-3622723548-494710042-1005..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-692129560-3622723548-494710042-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-692129560-3622723548-494710042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-692129560-3622723548-494710042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-692129560-3622723548-494710042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229519619936 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340782883656 (MUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC64B42-340A-4F1D-A3D1-C4987EB1DCBE}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF13AFCA-42A5-4D0C-A807-D3E40C248A38}: DhcpNameServer = 192.168.0.1

O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)

O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ackpbsc: DllName - (c:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)

O20 - Winlogon\Notify\acunlock: DllName - (c:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/01 11:20:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe

[2013/05/27 22:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\RK_Quarantine

[2013/05/27 20:45:40 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2013/05/27 20:37:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2013/05/27 20:37:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2013/05/27 20:37:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2013/05/27 20:37:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2013/05/27 20:36:11 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/05/27 20:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt

[2013/05/27 20:20:54 | 005,073,915 | R--- | C] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe

[2013/05/26 14:55:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

[2013/05/26 14:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\mbar-1.06.0.1003

[2013/05/26 12:28:55 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\tdsskiller.exe

[2013/05/25 09:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/25 09:42:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/05/25 09:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/05/25 09:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware

[2013/05/04 16:15:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software

[2013/05/04 16:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader

[2013/05/04 16:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software

[2013/05/04 14:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\devolo

[2013/05/04 14:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2013/05/04 14:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\devolo

[2013/05/04 14:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Foxit Software

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/01 11:41:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9341EA1-CAB2-45B5-A33E-DEAEF51EE083}.job

[2013/06/01 11:37:46 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job

[2013/06/01 11:20:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe

[2013/06/01 11:18:50 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job

[2013/06/01 11:17:30 | 210,633,728 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\Outlook - paul.pst

[2013/06/01 11:13:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-1005.job

[2013/06/01 11:12:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-692129560-3622723548-494710042-1005.job

[2013/06/01 11:12:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/01 11:12:31 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-1006.job

[2013/06/01 11:12:31 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-501.job

[2013/06/01 11:12:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/06/01 11:12:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/01 11:08:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/05/28 11:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/05/27 22:16:14 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\RogueKiller.exe

[2013/05/27 21:20:11 | 000,890,854 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\SecurityCheck.exe

[2013/05/27 21:03:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2013/05/27 20:45:46 | 000,000,339 | RHS- | M] () -- C:\boot.ini

[2013/05/27 20:21:10 | 005,073,915 | R--- | M] (Swearware) -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe

[2013/05/26 13:49:00 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2013/05/26 13:41:39 | 013,169,742 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\mbar-1.06.0.1003.zip

[2013/05/26 12:29:00 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\tdsskiller.exe

[2013/05/25 09:42:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/25 06:02:46 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-692129560-3622723548-494710042-1006.job

[2013/05/25 00:30:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-692129560-3622723548-494710042-501.job

[2013/05/23 15:57:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/05/23 15:57:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/05/23 13:09:59 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.zip

[2013/05/20 07:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/05/15 12:50:56 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/05/15 10:17:17 | 000,536,926 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/05/15 10:17:17 | 000,092,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/05/15 10:06:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/05/09 15:18:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2013/05/07 05:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2013/05/04 16:14:29 | 000,001,721 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2013/05/04 16:14:29 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2013/05/04 14:57:41 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\devolo dLAN Cockpit.lnk

[2013/05/02 16:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/27 22:15:32 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\RogueKiller.exe

[2013/05/27 21:20:02 | 000,890,854 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\SecurityCheck.exe

[2013/05/27 20:45:45 | 000,000,223 | ---- | C] () -- C:\Boot.bak

[2013/05/27 20:45:42 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2013/05/27 20:37:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2013/05/27 20:37:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2013/05/27 20:37:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2013/05/27 20:37:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2013/05/27 20:37:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2013/05/26 13:41:15 | 013,169,742 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\mbar-1.06.0.1003.zip

[2013/05/25 09:42:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2013/05/23 13:09:59 | 000,000,571 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.zip

[2013/05/12 12:52:07 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-692129560-3622723548-494710042-1005.job

[2013/05/04 16:14:29 | 000,001,721 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk

[2013/05/04 16:14:29 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk

[2013/05/04 14:57:41 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\devolo dLAN Cockpit.lnk

[2013/03/23 18:21:28 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2013/02/23 16:36:54 | 000,305,776 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2013/02/10 16:05:09 | 000,980,814 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-692129560-3622723548-494710042-1005-0.dat

[2013/02/10 16:05:08 | 000,314,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2012/08/29 12:44:48 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat

[2012/02/14 22:50:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2009/09/06 09:33:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt

[2009/01/17 19:44:28 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/07 14:09:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

[plugandplay]

OTL Extras.txt:

OTL Extras logfile created on: 01/06/2013 11:22:10 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Paul\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 71.71% Memory free

4.59 Gb Paging File | 3.90 Gb Available in Paging File | 85.09% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 148.04 Gb Total Space | 117.80 Gb Free Space | 79.57% Space Free | Partition Type: NTFS

Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.77% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mstsc.exe" = C:\WINDOWS\system32\mstsc.exe:*:Enabled:Remote Desktop Connection -- (Microsoft Corporation)

"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\devolo\dlan\devolonetsvc.exe" = C:\Program Files\devolo\dlan\devolonetsvc.exe:*:Enabled:devolo dLAN Cockpit -- (devolo AG)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{05B62241-5495-46EF-5086-DBE0F37F052C}" = Catalyst Control Center Localization Korean

"{06A62A90-8E9A-42FF-9443-1ECB99D5E222}" = Garmin Update Service

"{07342A24-8224-4A31-9D38-8847E1209101}" = Credential Manager for HP ProtectTools

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{1050C5B0-97B8-4B56-A2AD-35DDA3322D1C}" = HP JavaCard for HP ProtectTools

"{14290FEA-CD28-4A31-B823-172D7CD3F286}" = Garmin Express

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{27FE77BD-2E0A-385C-C2CC-8367D877356F}" = CCC Help Norwegian

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2CD54AED-740B-1418-464E-CC8E15AD1E4F}" = Catalyst Control Center Localization Swedish

"{2D0EE88B-8720-50A7-7F31-503B4300A8C5}" = Catalyst Control Center Localization French

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{35EB3E58-F46C-CB48-C623-16A455C37C5D}" = CCC Help Turkish

"{36C491D0-A196-F49C-C63C-3509D7A2B91D}" = CCC Help Finnish

"{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier

"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3

"{41E89277-CE1D-E37A-68B5-1AF0225F3BBC}" = ATI Catalyst Install Manager

"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel

"{45E6BF4C-6DC8-B1BB-517C-5F2C1D055A9B}" = CCC Help Hungarian

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{48072101-4DFE-9DC2-9F5D-DE0EF7193C98}" = CCC Help Korean

"{49798684-CC48-AF5C-E513-9FFF61EFD3A6}" = CCC Help Japanese

"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard

"{4CF11D44-43B7-1359-B438-972C69D7AD6F}" = CCC Help Spanish

"{4ED20E34-D511-A85B-D7E5-755AE64D5F6C}" = CCC Help Portuguese

"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)

"{57B186F6-E6A7-A997-92E6-3E8C6189F497}" = Catalyst Control Center Localization Japanese

"{5AB422C9-E804-1331-233E-E44D8BBC1862}" = CCC Help German

"{5CB209A9-B60C-47D8-BC3D-C608B05DF1C3}" = HP ProtectTools Security Manager

"{5ED80CF6-D54D-5F9B-2B9C-E3B6F927879D}" = CCC Help Czech

"{60AFC32A-B82F-3818-E90B-A71446BBCCD6}" = Catalyst Control Center Localization Greek

"{6162653F-D1AB-6708-C73B-8411296900AE}" = Catalyst Control Center Localization Portuguese

"{6179EAEB-0C72-0241-DC0B-0258E86B982A}" = ccc-core-preinstall

"{64FBF438-35D1-8A01-FB00-36911B07FC72}" = Catalyst Control Center Graphics Light

"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{691A161C-0AB3-4A4E-8D76-B0A2A265B633}" = Garmin Express Tray

"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)

"{6B4469FE-20FA-9E1D-6634-CF971706BD24}" = Catalyst Control Center Localization Chinese Traditional

"{6C17DE97-6A5A-FA9C-0F4C-8B027E6AC014}" = CCC Help Russian

"{6FCA773E-903A-5C83-D379-DD53F9EFD794}" = Catalyst Control Center Localization Turkish

"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{747626CF-7958-290F-A7D8-6EE6549C8614}" = Catalyst Control Center Localization Hungarian

"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)

"{7B459B8C-D870-2C14-9BA7-ABFFBCE7CD34}" = CCC Help Italian

"{7BE1B3CE-5476-B847-4719-4421AEC5C663}" = CCC Help Thai

"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam

"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062

"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology

"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{875FDD1A-4259-9361-572C-780AC637C81A}" = Catalyst Control Center Localization Czech

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial

"{8BCD7D3C-5219-4E1F-BADE-E98B4542B8EC}" = Elevated Installer

"{8F676C36-74D3-9B7B-00FC-733EE5AFDA95}" = CCC Help Chinese Traditional

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers

"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR

"{A2CB5EC7-E64F-5E35-2A23-63CB198649F5}" = CCC Help Greek

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A777845E-F260-4572-787B-2BD08E560C78}" = Catalyst Control Center Localization Spanish

"{A7A1BCB9-B9EE-3DBB-6F1C-570C532B9190}" = CCC Help French

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{A9884559-F231-7727-95F4-41FDB052A536}" = Catalyst Control Center Localization Russian

"{AB785290-EA80-7A10-B2C6-98919E514A68}" = Catalyst Control Center Graphics Full New

"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEA355A4-997D-A49D-A57A-CF537FFFEC84}" = Skins

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B18A542F-C99B-73C9-6552-73E1216E8834}" = CCC Help Dutch

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5764B71-4BCE-206A-DE15-2E05469AA74C}" = Catalyst Control Center Localization Polish

"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108

"{B817499D-2D52-2F37-DF6F-40735748FA88}" = CCC Help English

"{BC66641A-3279-BB5E-BEAB-99B39D13B3BD}" = CCC Help Polish

"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver

"{C3D86DED-91D7-A890-5E9E-D14D993B5E9E}" = Catalyst Control Center Localization Dutch

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{C4BEF3C4-9DF1-6D99-6C46-BBBF8E4B07A5}" = ccc-core-static

"{C6BB4BD5-15D5-0B2D-CF4A-49BDCD7B3AC3}" = Catalyst Control Center Localization Norwegian

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{C90BE263-E9B8-AD82-C517-3197FA4DA9C4}" = CCC Help Danish

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)

"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager

"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop

"{d7707c2b-96d2-4c18-b9f8-85755416f0a9}" = Garmin Express

"{D9C94F63-6B2C-9BFA-F37C-E48E1B6133E1}" = CCC Help Swedish

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E19DF3EF-351E-EE5E-623B-1A99C8C3EB5F}" = Catalyst Control Center Graphics Full Existing

"{E2EF1380-9963-C7F9-3478-1046EC008C02}" = Catalyst Control Center Localization Chinese Standard

"{E5C1C126-1687-4868-A3DD-B807176E4970}" = HP 3D DriveGuard

"{E6272A04-665C-4E7D-A6BA-EAF4C6C11B00}" = Drive Encryption for HP ProtectTools

"{E78D8DE3-E3CD-E89C-D5A0-D8FFE5F6E7F9}" = CCC Help Chinese Standard

"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{EA7D5022-7744-4D28-0E83-2DF9678C27B6}" = Catalyst Control Center Core Implementation

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{EDD0A584-1ABB-8E7B-97AB-743C7E35EEA7}" = Catalyst Control Center Localization German

"{EFBC8D78-75EA-4BB1-0CC6-172BFDF4B70F}" = Catalyst Control Center Localization Danish

"{F01701B8-2C94-282D-9339-23AFBEDBE3E2}" = Catalyst Control Center Localization Italian

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0BE302E-6B30-B816-4EA3-23CD6A23B08D}" = ccc-utility

"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F940B4EC-8504-CEE5-F36C-C2F5471D9E87}" = Catalyst Control Center Localization Thai

"{FBAA2B2F-002D-45BB-2917-35FC46FB1326}" = Catalyst Control Center Localization Finnish

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9

"ATI Display Driver" = ATI Display Driver

"BBC iPlayer Download Manager" = BBC iPlayer Download Manager

"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop

"Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit

"dlancockpit" = devolo dLAN Cockpit

"ESET Online Scanner" = ESET Online Scanner v3

"Foxit Reader_is1" = Foxit Reader

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"QcDrv" = Logitech® Camera Driver

"QuickTime32" = QuickTime for Windows (32-bit)

"RealPlayer 15.0" = RealPlayer

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TescoDownloader" = Tesco Download Manager

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-692129560-3622723548-494710042-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Game Organizer" = EasyBits GO

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/05/2013 17:17:41 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application ati2evxx.exe, version 6.14.10.4190, faulting

module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

Error - 10/05/2013 17:17:49 | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application ati2evxx.exe, version 6.14.10.4190, faulting

module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.

Error - 10/05/2013 17:18:01 | Computer Name = LAPTOP | Source = Application Error | ID = 1001

Description = Fault bucket -1991195371.

Error - 15/05/2013 07:53:52 | Computer Name = LAPTOP | Source = .NET Runtime Optimization Service | ID = 1103

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Tried to start a service that wasn't the latest version of CLR Optimization service.

Will shutdown

Error - 23/05/2013 08:52:57 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 25/05/2013 04:42:58 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid.

Error - 26/05/2013 07:27:55 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 26/05/2013 07:27:55 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 26/05/2013 07:27:55 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file.

Error - 27/05/2013 15:26:45 | Computer Name = LAPTOP | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,

P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10

NIL.

[ Credential Manager Events ]

Error - 01/06/2011 08:51:26 | Computer Name = LAPTOP | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Paul@LAPTOP Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 01/06/2011 08:51:26 | Computer Name = LAPTOP | Source = AuthServer | ID = 100811779

Description = The system failed to authenticate the submitted user credentials. User:

Paul@LAPTOP Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client

Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 01/06/2011 08:51:32 | Computer Name = LAPTOP | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Paul@LAPTOP Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 01/06/2011 08:51:32 | Computer Name = LAPTOP | Source = AuthServer | ID = 100811779

Description = The system failed to authenticate the submitted user credentials. User:

Paul@LAPTOP Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client

Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 01/06/2011 08:52:20 | Computer Name = LAPTOP | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Paul@LAPTOP Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 01/06/2011 08:52:20 | Computer Name = LAPTOP | Source = AuthServer | ID = 100811779

Description = The system failed to authenticate the submitted user credentials. User:

Paul@LAPTOP Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client

Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 01/06/2011 08:52:44 | Computer Name = LAPTOP | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Paul@LAPTOP Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 01/06/2011 08:52:44 | Computer Name = LAPTOP | Source = AuthServer | ID = 100811779

Description = The system failed to authenticate the submitted user credentials. User:

Paul@LAPTOP Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client

Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 01/06/2011 08:52:56 | Computer Name = LAPTOP | Source = AuthWiz | ID = 100796068

Description = The submitted credentials were rejected. User: Paul@LAPTOP Credentials:

Password Error: (0xC516020B) The system could not log you on. Verify your user

name and domain are correct and then type your password again. Letters in passwords

must be typed using the correct case. Verify that Caps Lock is off.

Error - 01/06/2011 08:52:56 | Computer Name = LAPTOP | Source = AuthServer | ID = 100811779

Description = The system failed to authenticate the submitted user credentials. User:

Paul@LAPTOP Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client

Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

[ System Events ]

Error - 24/05/2013 05:36:36 | Computer Name = LAPTOP | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.151.474.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error

code: 0x80072f76 Error description: The requested header was not found

Error - 24/05/2013 06:20:44 | Computer Name = LAPTOP | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.151.474.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 26/05/2013 06:20:18 | Computer Name = LAPTOP | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.151.946.0 Update Source: %%859 Update Stage:

%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error

code: 0x8024402c Error description: An unexpected problem occurred while checking

for updates. For information on installing or troubleshooting updates, see Help

and Support.

Error - 26/05/2013 13:16:10 | Computer Name = LAPTOP | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.

The

error: "%2" Happened while starting this command: "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

-Embedding

Error - 26/05/2013 17:16:30 | Computer Name = LAPTOP | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.

The

error: "%2" Happened while starting this command: "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

-Embedding

Error - 27/05/2013 14:00:18 | Computer Name = LAPTOP | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.

The

error: "%2" Happened while starting this command: "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

-Embedding

Error - 27/05/2013 15:35:55 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034

Description = The Process Monitor service terminated unexpectedly. It has done

this 1 time(s).

Error - 27/05/2013 16:11:48 | Computer Name = LAPTOP | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.

The

error: "%2" Happened while starting this command: "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

-Embedding

Error - 27/05/2013 17:10:03 | Computer Name = LAPTOP | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.

The

error: "%2" Happened while starting this command: "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

-Embedding

Error - 27/05/2013 17:11:32 | Computer Name = LAPTOP | Source = DCOM | ID = 10000

Description = Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.

The

error: "%2" Happened while starting this command: "c:\Program Files\ActivIdentity\ActivClient\acevents.exe"

-Embedding

< End of report >

What would you like me to do next?

[D-FRED-BROWN]

I'd say you look in pretty good shape. Before we move on, are you having any further issues?

[plugandplay]

Hi DFB,

When I first switched on this morning, I had the same problem: could not boot up and had to shut down and restart several times before it worked after several hours. Do you think there could be another issue, which would be a bit of a coincidence, as these startup issues definitely sem to have been occurring since the infection?

Thanks.

[D-FRED-BROWN]

That sounds like more of a hardware issue to me.

When you're having trouble booting up- how far does the computer actually boot? Does it reach the "Windows XP" icon, or does it crash before that? Please let me know.

--------

Let's run a few more scans:

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror which will download a randomly named file
  
• Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  
• Disconnect from the Internet and close all running programs
  
• Temporarily disable any real-time active protection
  
• It is very important you do not use your computer while GMER is running
  
• Double-click on the randomly named GMER icon
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  
• If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  
• Please check in the Quick scan box
  
• Please uncheck the following:
  
  • IAT/EAT
    
  • Show All <<< Important
    

  [*]Click Scan

  [*]If you see a rootkit warning window click OK

  [*]When the scan is finished, Save the results to your desktop as gmer.log

  [*]Click Copy then paste the results in your reply

  [*]Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

• If you encounter any problems, try running GMER in Safe Mode
  
• If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
  

[plugandplay]

It does not do anything except have a black screen; if I get the XP logo, it fully boots up every time, if I remember correctly. I was beginning to wonder if something else had happened too!

I will follow your instructions and post the results.

[D-FRED-BROWN]

Sounds good. Can you also find me the name of the manufacturer of your hard drive?

[plugandplay]

TOSHIBA MK1652GSX SCSI Disk Device

Is this the info you need?

[D-FRED-BROWN]

Yeah that should be fine. Go ahead and post the GMER log when you can

[plugandplay]

GMER log:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-06-01 23:43:59

Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port0Path0Target0Lun0 TOSHIBA_ rev.LV01 149.05GB

Running: ir3w6tsf.exe; Driver: C:\DOCUME~1\Paul\LOCALS~1\Temp\uxtdapow.sys

---- Kernel code sections - GMER 2.1 ----

? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xA92F7000, 0x18A386, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\program files\real\realplayer\update\realsched.exe[3780] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

[D-FRED-BROWN]

I need you to scan a specific file:

Please go to http://www.virustotal.com/ , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\windows\system32\drivers\SafeBoot.sys

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://virusscan.jotti.org.

If you can't upload the file directly from it's location, try copy+pasting it on your Desktop, and the uploading it from there.

Let me know how things go.