Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Virus preventing internet connection

This is a discussion on Virus preventing internet connection within the Resolved HJT Threads forums, part of the Tech Support Forum category. Dear Tech Support Forum, A couple of months ago I got a virus on my laptop. I was aware of


 
 
Thread Tools Search this Thread
Old 10-05-2012, 09:16 AM   #1
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Dear Tech Support Forum,

A couple of months ago I got a virus on my laptop. I was aware of it when it first showed up, I suddenly had an icon on my desktop for something like "Windows Live Protection" and it had the same icon as the virus protection I was using which was BT Net Proction by McAfee. I tried to delete the program via the uninstall program in the control panel, this had mixed results so I scanned the laptop with the virus software. It recognised one threat and when I told the software to fix it the laptop went into a sort of "lock-down" where all ports of communication were closed i.e. internet/network connection was inactive, CD/DVDs were not regognised and USB connectors didn't come up.

Since this I have logged on in safe mode and run Malwarebytes which recognised one threat and removed it but this hasn't changed much. The the Windows live protection has gone but a sheild icon with yellow and blue squares has appreared on a few of the desktop icons, this wasn't there before. Now the desktop (not in safe mode) has a message in the corner saying "Windows 7, Build 7601, This copy of windows is not genuine" and I can't use the Malwarebytes, the messge that comes up says "the specified service does not exist as an installed service", though the BT Net Protect didn't recognise any threats. I tried to uninstall the BT when I got the Malwarebytes but it wouldn't let me giving the same message as trying to open the malwarebytes.

I've managed to get a usb device to connect to get the DDS report onto another laptop.

I am using Windows 7 on a compaq presario with intel celeron. Untill this I was fully updated. The DDS report follows:

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Sheppy at 16:23:05 on 2012-10-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.2601 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uStart Page = https://www.google.co.uk/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625115909.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_S5FBB.tmp" /EF "HKCU"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Spotify] "c:\users\sheppy\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\sheppy\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [SpeedyComputer] c:\program files\speeding software\speedycomputer\SPPCLauncher.exe
mRun: [SynTPEnh] H.EXE
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QlbCtrl.exe] S\QLBCTRL.EXE /START
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] K\YOUCAM\2.0"
mRun: [UpdateLBPShortCut] T\2.5"
mRun: [UpdatePDIRShortCut] K\POWERDIRECTOR\7.0"
mRun: [UpdatePSTShortCut] K\POWERSTARTER"
mRun: [WirelessAssistant] .EXE
mRun: [NokiaMServer] OKIAMSERVER /WATCHFILES STARTUP
mRun: [hpqSRMon] .EXE
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [mcui_exe] KEY
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE
mRun: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE
mRun: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE
mRun: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE"
mRun: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\sheppy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: Garmin Communicator Plug-In - hxxp://download.garmin.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\244584F6D65684572623D2754353A5 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\2456C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\4656661657C647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\5434 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\6796277696E6D65646961633533393835383 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}\E656471333E6 : DhcpNameServer = 192.168.4.254 192.168.4.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-30 169608]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 464304]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-30 64912]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe [2009-3-2 81920]
S2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-12-14 1737464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cae56b15bf1ac4;Google Update Service (gupdate1cae56b15bf1ac4);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 133104]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-3 399432]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-3 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-30 214904]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-30 214904]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-30 214904]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-11-30 214904]
S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-30 166288]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-30 161632]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-30 151880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-28 365952]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-30 57600]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-28 222512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-11-24 80184]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-26 133104]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-14 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-3 22856]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-30 180848]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-30 59456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-30 340920]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-30 87656]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-2-16 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-6 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-10-04 13:31:45 -------- d-----w- c:\users\sheppy\appdata\roaming\SpeedyComputer
2012-10-04 13:31:33 -------- d-----w- c:\program files\Speeding Software
2012-10-03 20:57:17 -------- d-----w- c:\users\sheppy\appdata\roaming\Malwarebytes
2012-10-03 20:57:12 -------- d-----w- c:\programdata\Malwarebytes
2012-10-03 20:57:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 20:57:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-08-06 12:13:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 12:13:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 16:24:59.51 ===============
Gareth S is offline  
Sponsored Links
Advertisement
 
Old 10-07-2012, 06:11 AM   #2
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please run the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button.
  • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
    services.exe
  • now press the search button
  • when the search is complete, search.txt will also be written to your USB
  • type exit and reboot the computer normally
  • please copy and paste both logs in your reply.(FRST.txt and Search.txt)
CatByte is offline  
Old 10-08-2012, 02:54 PM   #3
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Hi CatByte,

Thanks for the reply and sorry mine was not sooner. The logs are posted below first is FRST.txt then search.txt:

Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 08-10-2012 22:40:57
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] H.EXE [x]
HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] S\QLBCTRL.EXE /START [x]
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2008-09-23] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] K\YOUCAM\2.0" [x]
HKLM\...\Run: [UpdateLBPShortCut] T\2.5" [x]
HKLM\...\Run: [UpdatePDIRShortCut] K\POWERDIRECTOR\7.0" [x]
HKLM\...\Run: [UpdatePSTShortCut] K\POWERSTARTER" [x]
HKLM\...\Run: [WirelessAssistant] .EXE [x]
HKLM\...\Run: [NokiaMServer] OKIAMSERVER /WATCHFILES STARTUP [x]
HKLM\...\Run: [hpqSRMon] .EXE [x]
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [mcui_exe] KEY [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-03-07] (Apple Inc.)
HKLM\...\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]
HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]
HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]
HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x]
HKLM\...\Run: [SunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x]
HKU\Sheppy\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\Sheppy\...\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S5FBB.tmp" /EF "HKCU" [188928 2008-02-04] (SEIKO EPSON CORPORATION)
HKU\Sheppy\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-09-16] (Hewlett-Packard Company)
HKU\Sheppy\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-09-30] (Google Inc.)
HKU\Sheppy\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\Sheppy\...\Run: [Spotify] "C:\Users\Sheppy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7601880 2012-07-25] (Spotify Ltd)
HKU\Sheppy\...\Run: [Spotify Web Helper] "C:\Users\Sheppy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-07-25] ()
HKU\Sheppy\...\Run: [SpeedyComputer] C:\Program Files\Speeding Software\SpeedyComputer\SPPCLauncher.exe [80016 2012-03-14] (Speeding Software Inc)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-07] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1089608 2012-09-07] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Sheppy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
2 BecHelperService; C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()
2 gupdate1cae56b15bf1ac4; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2010-04-26] (Google Inc.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [361976 2012-04-18] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [214904 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [166288 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [161632 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [151880 2012-03-20] (McAfee, Inc.)
3 RasMan; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-23] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2008-11-25] ()
3 SensrSvc; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
3 Symantec RemoteAssist; "C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [394704 2008-01-29] (Symantec, Inc.)
3 WebClient; C:\Windows\System32\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
3 WinDefend; C:\Windows\System32\svchost.exe -k secsvcs [20992 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers (Whitelisted) ====================

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
2 mdvrmng; \??\C:\Windows\system32\drivers\mdvrmng.sys [10240 2010-01-28] ()
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137344 2010-02-26] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8320 2010-02-26] (Nokia)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-11-22] (VSO Software)
3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [83208 2007-04-23] (MCCI Corporation)
3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [15112 2007-04-23] (MCCI Corporation)
3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [108680 2007-04-23] (MCCI Corporation)
3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [100488 2007-04-23] (MCCI Corporation)
3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [98568 2007-04-23] (MCCI Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-06 10:17 - 2012-10-06 10:21 - 269586882 ____A C:\Users\Sheppy\Desktop\Documents Backup.zip
2012-10-04 07:30 - 2012-10-04 07:30 - 00017662 ____A C:\Users\Sheppy\Documents\Attach.txt
2012-10-04 07:30 - 2012-10-04 07:30 - 00017373 ____A C:\Users\Sheppy\Documents\DDS.txt
2012-10-04 05:31 - 2012-10-04 05:31 - 00001227 ____A C:\Users\Sheppy\Desktop\SpeedyComputer.lnk
2012-10-04 05:31 - 2012-10-04 05:31 - 00000000 ____D C:\Users\Sheppy\AppData\Roaming\SpeedyComputer
2012-10-04 05:31 - 2012-10-04 05:31 - 00000000 ____D C:\Program Files\Speeding Software
2012-10-03 14:26 - 2012-10-03 14:26 - 00002028 ____A C:\Users\Sheppy\Documents\Malwarebytes one.txt
2012-10-03 12:57 - 2012-10-03 12:57 - 00001063 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-10-03 12:57 - 2012-10-03 12:57 - 00000000 ____D C:\Users\Sheppy\AppData\Roaming\Malwarebytes
2012-10-03 12:57 - 2012-10-03 12:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-10-03 12:57 - 2012-10-03 12:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-10-03 12:57 - 2012-09-07 08:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


==================== 3 Months Modified Files ==================

2012-10-06 10:21 - 2012-10-06 10:17 - 269586882 ____A C:\Users\Sheppy\Desktop\Documents Backup.zip
2012-10-06 08:43 - 2011-05-27 02:02 - 00001828 ____A C:\Users\Public\Desktop\BT NetProtect Plus.lnk
2012-10-06 08:41 - 2009-11-16 09:41 - 00732510 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-06 08:34 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-05 08:22 - 2010-04-26 10:20 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-05 08:13 - 2012-04-10 01:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-05 07:54 - 2012-02-06 02:02 - 00000340 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2012-10-05 07:50 - 2010-04-26 10:20 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-05 06:13 - 2009-11-16 08:42 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-05 06:13 - 2009-11-16 08:42 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-05 06:08 - 2009-11-16 09:41 - 00000222 ____A C:\Users\All Users\hpqp.ini
2012-10-04 07:43 - 2009-11-16 09:14 - 00379806 ____A C:\Windows\PFRO.log
2012-10-04 07:30 - 2012-10-04 07:30 - 00017662 ____A C:\Users\Sheppy\Documents\Attach.txt
2012-10-04 07:30 - 2012-10-04 07:30 - 00017373 ____A C:\Users\Sheppy\Documents\DDS.txt
2012-10-04 05:31 - 2012-10-04 05:31 - 00001227 ____A C:\Users\Sheppy\Desktop\SpeedyComputer.lnk
2012-10-03 14:26 - 2012-10-03 14:26 - 00002028 ____A C:\Users\Sheppy\Documents\Malwarebytes one.txt
2012-10-03 12:57 - 2012-10-03 12:57 - 00001063 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-07 08:04 - 2012-10-03 12:57 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-24 05:32 - 2009-09-30 05:56 - 00000326 ____A C:\Windows\Tasks\HPCeeScheduleForSheppy.job
2012-08-07 03:33 - 2009-11-16 09:28 - 01823722 ____A C:\Windows\WindowsUpdate.log
2012-08-06 04:13 - 2012-04-10 01:42 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-06 04:13 - 2011-05-16 04:01 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-06 03:52 - 2010-04-26 10:06 - 00002282 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-06 03:41 - 2012-08-06 03:41 - 03984452 ____A C:\Users\Sheppy\Downloads\IMG_0123[1]
2012-08-06 03:41 - 2010-08-07 11:26 - 00001945 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2012-08-06 03:40 - 2012-08-06 03:46 - 02301632 ____A C:\Users\Sheppy\Downloads\IMG_0149[1] - Copy (2)
2012-08-06 03:40 - 2012-08-06 03:46 - 02301632 ____A C:\Users\Sheppy\Downloads\IMG_0149[1] - Copy
2012-08-06 03:40 - 2012-08-06 03:40 - 02301632 ____A C:\Users\Sheppy\Downloads\IMG_0149[1]
2012-08-06 03:40 - 2012-08-06 03:40 - 02242296 ____A C:\Users\Sheppy\Downloads\IMG_0147[1]
2012-08-06 03:34 - 2009-07-13 20:39 - 01603500 ____A C:\Windows\setupact.log
2012-07-22 05:36 - 2010-08-07 11:01 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-07-12 05:50 - 2009-07-13 20:33 - 00354520 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 05:22 - 2009-12-09 04:08 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:
C:\Users\Sheppy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Sheppy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Users\Sheppy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Users\Sheppy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-01-31 16:21:09
Restore point made on: 2012-02-16 00:21:25
Restore point made on: 2012-03-13 12:48:28
Restore point made on: 2012-03-13 12:49:33
Restore point made on: 2012-03-13 12:51:05
Restore point made on: 2012-03-13 12:52:26
Restore point made on: 2012-03-15 06:52:18
Restore point made on: 2012-03-16 12:29:53
Restore point made on: 2012-04-01 02:57:31
Restore point made on: 2012-04-09 12:37:20
Restore point made on: 2012-04-12 07:44:11
Restore point made on: 2012-04-26 08:03:45
Restore point made on: 2012-05-12 00:35:03
Restore point made on: 2012-05-12 09:21:20
Restore point made on: 2012-05-19 08:50:11
Restore point made on: 2012-05-27 05:57:09
Restore point made on: 2012-06-04 00:57:41
Restore point made on: 2012-06-11 07:34:11
Restore point made on: 2012-06-13 06:02:36
Restore point made on: 2012-06-20 23:47:04
Restore point made on: 2012-06-26 10:12:42
Restore point made on: 2012-07-08 00:17:48
Restore point made on: 2012-07-12 05:19:54
Restore point made on: 2012-08-09 12:07:12

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3002.93 MB
Available physical RAM: 2513.11 MB
Total Pagefile: 3001.2 MB
Available Pagefile: 2523.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:222.33 GB) (Free:91 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10.55 GB) (Free:1.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.41 GB) (Free:4.78 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 2048 KB
Disk 1 Online 7600 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 222 GB 1024 KB
Partition 2 Primary 10 GB 222 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 222 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 10 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7600 MB 0 B

=========================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-08-07 08:22

==================== End Of Log ============================




Farbar Recovery Scan Tool (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-08 22:44:00
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===
Gareth S is offline  
Sponsored Links
Advertisement
 
Old 10-08-2012, 03:52 PM   #4
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
start
C:\Users\Sheppy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
CatByte is offline  
Old 10-09-2012, 11:59 AM   #5
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Thanks

Here are the two logs with the combofix log first. I could only open ComboFix in safe mode. When I tried to open it (from the desktop after trasfering it from the flash drive) I got the message "the specified service does not exist as an installed service" which is the same as the message I've had before when opening MalwareBytes.

Cheers again

ComboFix 12-10-09.01 - Sheppy 09/10/2012 18:54:21.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3003.2600 [GMT 1:00]
Running from: c:\users\Sheppy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sheppy\AppData\Roaming\inst.exe
c:\users\Sheppy\GoToAssistDownloadHelper.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\SET6E11.tmp
c:\windows\system32\SET7B8A.tmp
c:\windows\system32\SET8750.tmp
c:\windows\system32\SETA50A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 18:04 . 2012-10-09 18:05 -------- d-----w- c:\users\Sheppy\AppData\Local\temp
2012-10-09 18:04 . 2012-10-09 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 06:40 . 2012-10-09 06:40 -------- d-----w- C:\FRST
2012-10-04 13:31 . 2012-10-04 13:31 -------- d-----w- c:\users\Sheppy\AppData\Roaming\SpeedyComputer
2012-10-04 13:31 . 2012-10-04 13:31 -------- d-----w- c:\program files\Speeding Software
2012-10-03 20:57 . 2012-10-03 20:57 -------- d-----w- c:\users\Sheppy\AppData\Roaming\Malwarebytes
2012-10-03 20:57 . 2012-10-03 20:57 -------- d-----w- c:\programdata\Malwarebytes
2012-10-03 20:57 . 2012-10-03 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-03 20:57 . 2012-09-07 16:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 12:13 . 2012-04-10 09:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-06 12:13 . 2011-05-16 12:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-30 39408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Spotify"="c:\users\Sheppy\AppData\Roaming\Spotify\Spotify.exe" [2012-07-25 7601880]
"Spotify Web Helper"="c:\users\Sheppy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-25 1193176]
"SpeedyComputer"="c:\program files\Speeding Software\SpeedyComputer\SPPCLauncher.exe" [2012-03-14 80016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="K\YOUCAM\2.0" [X]
"UpdateLBPShortCut"="T\2.5" [X]
"UpdatePDIRShortCut"="K\POWERDIRECTOR\7.0" [X]
"UpdatePSTShortCut"="K\POWERSTARTER" [X]
"NokiaMServer"="OKIAMSERVER" [X]
"mcui_exe"="KEY" [X]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-03-07 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-09-07 1089608]
.
c:\users\Sheppy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [x]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [x]
R2 gupdate1cae56b15bf1ac4;Google Update Service (gupdate1cae56b15bf1ac4);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [x]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [x]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [x]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [x]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVix86
*Deregistered* - SymEFA
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:13]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 18:05]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 18:05]
.
2012-10-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-06-12 21:26]
.
2012-08-24 c:\windows\Tasks\HPCeeScheduleForSheppy.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-28 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: Garmin Communicator Plug-In - hxxp://download.garmin.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} - hxxp://www.turntool.com/ViewerInstall.exe
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-QlbCtrl.exe - S\QLBCTRL.EXE
HKLM-Run-WirelessAssistant - .EXE
HKLM-Run-hpqSRMon - .EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2830794849-73186190-218026193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2830794849-73186190-218026193-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-09 19:07:29
ComboFix-quarantined-files.txt 2012-10-09 18:07
.
Pre-Run: 97,577,840,640 bytes free
Post-Run: 98,172,534,784 bytes free
.
- - End Of File - - 2723A591AF639B2A24295168F12BC1BC





Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-09 18:40:23 Run:1
Running from F:\

==============================================

C:\Users\Sheppy\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} moved successfully.

==== End of Fixlog ====
Gareth S is offline  
Old 10-09-2012, 03:45 PM   #6
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT

try MBAM in normal mode, if it won't run please copy down the exact message, thanks
CatByte is offline  
Old 10-11-2012, 05:18 AM   #7
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Thanks,

I ran TDSSKiller in safe mode and it didn't find any malicious objects. When I tried to open it in normal mode I received the same message as with MBAM which reads:

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

The specified service does not exist as an installed service."

Also I notice in normal mode that the blue and yellow shield emblem is now attached to/part of the icons of both TDSSKiller and ComboFix aswell as any other virus/malware prevention icons on the desktop also.

The log follows:

Cheers

13:01:59.0371 1712 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:01:59.0433 1712 ============================================================
13:01:59.0433 1712 Current date / time: 2012/10/11 13:01:59.0433
13:01:59.0433 1712 SystemInfo:
13:01:59.0433 1712
13:01:59.0433 1712 OS Version: 6.1.7601 ServicePack: 1.0
13:01:59.0433 1712 Product type: Workstation
13:01:59.0433 1712 ComputerName: LAPTOP
13:01:59.0433 1712 UserName: Sheppy
13:01:59.0433 1712 Windows directory: C:\Windows
13:01:59.0433 1712 System windows directory: C:\Windows
13:01:59.0433 1712 Processor architecture: Intel x86
13:01:59.0433 1712 Number of processors: 2
13:01:59.0433 1712 Page size: 0x1000
13:01:59.0433 1712 Boot type: Safe boot with network
13:01:59.0433 1712 ============================================================
13:02:00.0853 1712 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:02:00.0853 1712 Drive \Device\Harddisk1\DR1 - Size: 0x1DB000000 (7.42 Gb), SectorSize: 0x200, Cylinders: 0x3C8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:02:01.0055 1712 ============================================================
13:02:01.0055 1712 \Device\Harddisk0\DR0:
13:02:01.0055 1712 MBR partitions:
13:02:01.0055 1712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCA9000
13:02:01.0055 1712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BCA9800, BlocksNum 0x151A800
13:02:01.0055 1712 \Device\Harddisk1\DR1:
13:02:01.0055 1712 MBR partitions:
13:02:01.0055 1712 ============================================================
13:02:01.0087 1712 C: <-> \Device\Harddisk0\DR0\Partition1
13:02:01.0118 1712 D: <-> \Device\Harddisk0\DR0\Partition2
13:02:01.0118 1712 ============================================================
13:02:01.0118 1712 Initialize success
13:02:01.0118 1712 ============================================================
13:02:23.0332 1768 ============================================================
13:02:23.0332 1768 Scan started
13:02:23.0332 1768 Mode: Manual; TDLFS;
13:02:23.0332 1768 ============================================================
13:02:24.0580 1768 ================ Scan system memory ========================
13:02:24.0580 1768 System memory - ok
13:02:24.0580 1768 ================ Scan services =============================
13:02:24.0767 1768 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:02:24.0783 1768 1394ohci - ok
13:02:24.0830 1768 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:02:24.0830 1768 ACPI - ok
13:02:24.0892 1768 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:02:24.0892 1768 AcpiPmi - ok
13:02:25.0079 1768 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:02:25.0079 1768 AdobeARMservice - ok
13:02:25.0157 1768 [ F19C98AD81D2C0E1BBFD8153D2C80EE8 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:02:25.0189 1768 AdobeFlashPlayerUpdateSvc - ok
13:02:25.0251 1768 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:02:25.0251 1768 adp94xx - ok
13:02:25.0267 1768 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:02:25.0267 1768 adpahci - ok
13:02:25.0313 1768 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:02:25.0313 1768 adpu320 - ok
13:02:25.0360 1768 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:02:25.0391 1768 AeLookupSvc - ok
13:02:25.0501 1768 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
13:02:25.0501 1768 AESTFilters - ok
13:02:25.0563 1768 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:02:25.0563 1768 AFD - ok
13:02:25.0610 1768 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:02:25.0610 1768 agp440 - ok
13:02:25.0657 1768 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:02:25.0657 1768 aic78xx - ok
13:02:25.0703 1768 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:02:25.0719 1768 ALG - ok
13:02:25.0735 1768 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:02:25.0750 1768 aliide - ok
13:02:25.0766 1768 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:02:25.0766 1768 amdagp - ok
13:02:25.0781 1768 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:02:25.0781 1768 amdide - ok
13:02:25.0844 1768 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:02:25.0844 1768 AmdK8 - ok
13:02:25.0859 1768 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:02:25.0859 1768 AmdPPM - ok
13:02:25.0906 1768 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:02:25.0906 1768 amdsata - ok
13:02:25.0922 1768 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:02:25.0922 1768 amdsbs - ok
13:02:25.0937 1768 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:02:25.0937 1768 amdxata - ok
13:02:25.0984 1768 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:02:26.0000 1768 AppID - ok
13:02:26.0031 1768 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:02:26.0047 1768 AppIDSvc - ok
13:02:26.0125 1768 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:02:26.0140 1768 arc - ok
13:02:26.0140 1768 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:02:26.0140 1768 arcsas - ok
13:02:26.0187 1768 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:02:26.0187 1768 AsyncMac - ok
13:02:26.0218 1768 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:02:26.0218 1768 atapi - ok
13:02:26.0296 1768 [ 6A661D017C4E5CD313F6A55ACF1D7465 ] athr C:\Windows\system32\DRIVERS\athr.sys
13:02:26.0327 1768 athr - ok
13:02:26.0390 1768 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:02:26.0390 1768 AudioEndpointBuilder - ok
13:02:26.0405 1768 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:02:26.0405 1768 Audiosrv - ok
13:02:26.0452 1768 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:02:26.0468 1768 b06bdrv - ok
13:02:26.0515 1768 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:02:26.0515 1768 b57nd60x - ok
13:02:26.0608 1768 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:02:26.0608 1768 BBSvc - ok
13:02:26.0671 1768 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:02:26.0686 1768 BDESVC - ok
13:02:26.0764 1768 [ 553E94AE71D233C14A8C8B4AF9286ED0 ] BecHelperService C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
13:02:26.0811 1768 BecHelperService - ok
13:02:26.0858 1768 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:02:26.0858 1768 Beep - ok
13:02:26.0905 1768 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:02:26.0920 1768 BFE - ok
13:02:26.0967 1768 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
13:02:27.0170 1768 BITS - ok
13:02:27.0185 1768 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:02:27.0185 1768 blbdrive - ok
13:02:27.0232 1768 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:02:27.0232 1768 bowser - ok
13:02:27.0263 1768 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:02:27.0263 1768 BrFiltLo - ok
13:02:27.0295 1768 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:02:27.0295 1768 BrFiltUp - ok
13:02:27.0373 1768 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:02:27.0373 1768 BridgeMP - ok
13:02:27.0419 1768 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
13:02:27.0419 1768 Browser - ok
13:02:27.0451 1768 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:02:27.0451 1768 Brserid - ok
13:02:27.0466 1768 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:02:27.0466 1768 BrSerWdm - ok
13:02:27.0497 1768 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:02:27.0497 1768 BrUsbMdm - ok
13:02:27.0497 1768 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:02:27.0497 1768 BrUsbSer - ok
13:02:27.0560 1768 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:02:27.0560 1768 BthEnum - ok
13:02:27.0575 1768 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:02:27.0575 1768 BTHMODEM - ok
13:02:27.0638 1768 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:02:27.0638 1768 BthPan - ok
13:02:27.0685 1768 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:02:27.0685 1768 BTHPORT - ok
13:02:27.0747 1768 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:02:27.0747 1768 bthserv - ok
13:02:27.0763 1768 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:02:27.0763 1768 BTHUSB - ok
13:02:27.0809 1768 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
13:02:27.0809 1768 btusbflt - ok
13:02:27.0856 1768 [ 97062053359F6908E1FB2791BFA54734 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
13:02:27.0856 1768 btwavdt - ok
13:02:27.0965 1768 catchme - ok
13:02:27.0997 1768 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:02:27.0997 1768 cdfs - ok
13:02:28.0043 1768 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:02:28.0059 1768 cdrom - ok
13:02:28.0106 1768 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:02:28.0106 1768 CertPropSvc - ok
13:02:28.0168 1768 [ 1C7B1E36F3CED9E4B0B13385E627FE8B ] cfwids C:\Windows\system32\drivers\cfwids.sys
13:02:28.0168 1768 cfwids - ok
13:02:28.0215 1768 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:02:28.0215 1768 circlass - ok
13:02:28.0262 1768 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:02:28.0277 1768 CLFS - ok
13:02:28.0371 1768 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:02:28.0371 1768 clr_optimization_v2.0.50727_32 - ok
13:02:28.0465 1768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:02:28.0511 1768 clr_optimization_v4.0.30319_32 - ok
13:02:28.0543 1768 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:02:28.0543 1768 CmBatt - ok
13:02:28.0558 1768 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:02:28.0558 1768 cmdide - ok
13:02:28.0605 1768 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:02:28.0605 1768 CNG - ok
13:02:28.0714 1768 [ 2F27104F5D6ED63FDAC38CACB9D19DFD ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:02:28.0714 1768 Com4QLBEx - ok
13:02:28.0777 1768 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:02:28.0777 1768 Compbatt - ok
13:02:28.0823 1768 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:02:28.0823 1768 CompositeBus - ok
13:02:28.0839 1768 COMSysApp - ok
13:02:28.0870 1768 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:02:28.0870 1768 crcdisk - ok
13:02:28.0933 1768 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:02:28.0948 1768 CryptSvc - ok
13:02:28.0995 1768 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:02:29.0011 1768 DcomLaunch - ok
13:02:29.0057 1768 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:02:29.0057 1768 defragsvc - ok
13:02:29.0104 1768 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:02:29.0104 1768 DfsC - ok
13:02:29.0167 1768 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:02:29.0167 1768 dg_ssudbus - ok
13:02:29.0213 1768 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:02:29.0229 1768 Dhcp - ok
13:02:29.0276 1768 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:02:29.0276 1768 discache - ok
13:02:29.0307 1768 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:02:29.0307 1768 Disk - ok
13:02:29.0354 1768 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:02:29.0354 1768 Dnscache - ok
13:02:29.0401 1768 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:02:29.0416 1768 dot3svc - ok
13:02:29.0447 1768 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
13:02:29.0463 1768 Dot4 - ok
13:02:29.0510 1768 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
13:02:29.0510 1768 Dot4Print - ok
13:02:29.0541 1768 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
13:02:29.0603 1768 dot4usb - ok
13:02:29.0650 1768 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:02:29.0650 1768 DPS - ok
13:02:29.0697 1768 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:02:29.0697 1768 drmkaud - ok
13:02:29.0728 1768 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:02:29.0759 1768 DXGKrnl - ok
13:02:29.0822 1768 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:02:29.0822 1768 EapHost - ok
13:02:29.0931 1768 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:02:30.0009 1768 ebdrv - ok
13:02:30.0040 1768 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:02:30.0056 1768 EFS - ok
13:02:30.0118 1768 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:02:30.0134 1768 ehRecvr - ok
13:02:30.0181 1768 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:02:30.0181 1768 ehSched - ok
13:02:30.0227 1768 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:02:30.0243 1768 elxstor - ok
13:02:30.0290 1768 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:02:30.0290 1768 ErrDev - ok
13:02:30.0368 1768 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:02:30.0368 1768 EventSystem - ok
13:02:30.0399 1768 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:02:30.0399 1768 exfat - ok
13:02:30.0415 1768 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:02:30.0415 1768 fastfat - ok
13:02:30.0493 1768 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:02:30.0493 1768 Fax - ok
13:02:30.0539 1768 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:02:30.0539 1768 fdc - ok
13:02:30.0571 1768 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:02:30.0586 1768 fdPHost - ok
13:02:30.0602 1768 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:02:30.0602 1768 FDResPub - ok
13:02:30.0617 1768 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:02:30.0617 1768 FileInfo - ok
13:02:30.0633 1768 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:02:30.0649 1768 Filetrace - ok
13:02:30.0664 1768 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:02:30.0664 1768 flpydisk - ok
13:02:30.0680 1768 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:02:30.0695 1768 FltMgr - ok
13:02:30.0789 1768 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:02:30.0805 1768 FontCache3.0.0.0 - ok
13:02:30.0820 1768 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:02:30.0820 1768 FsDepends - ok
13:02:30.0867 1768 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:02:30.0867 1768 fssfltr - ok
13:02:30.0945 1768 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:02:30.0976 1768 fsssvc - ok
13:02:31.0007 1768 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:02:31.0023 1768 Fs_Rec - ok
13:02:31.0101 1768 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:02:31.0101 1768 fvevol - ok
13:02:31.0148 1768 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:02:31.0148 1768 gagp30kx - ok
13:02:31.0241 1768 [ 67CF4C2E7477B9A01DF07E38AF293414 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
13:02:31.0257 1768 GameConsoleService - ok
13:02:31.0304 1768 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:02:31.0319 1768 gpsvc - ok
13:02:31.0429 1768 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cae56b15bf1ac4 C:\Program Files\Google\Update\GoogleUpdate.exe
13:02:31.0429 1768 gupdate1cae56b15bf1ac4 - ok
13:02:31.0444 1768 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:02:31.0460 1768 gupdatem - ok
13:02:31.0507 1768 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:02:31.0507 1768 gusvc - ok
13:02:31.0553 1768 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:02:31.0553 1768 hcw85cir - ok
13:02:31.0600 1768 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:02:31.0600 1768 HDAudBus - ok
13:02:31.0616 1768 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:02:31.0616 1768 HidBatt - ok
13:02:31.0631 1768 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:02:31.0631 1768 HidBth - ok
13:02:31.0663 1768 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:02:31.0663 1768 HidIr - ok
13:02:31.0678 1768 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
13:02:31.0694 1768 hidserv - ok
13:02:31.0725 1768 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:02:31.0725 1768 HidUsb - ok
13:02:31.0772 1768 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:02:31.0772 1768 hkmsvc - ok
13:02:31.0819 1768 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:02:31.0819 1768 HomeGroupListener - ok
13:02:31.0881 1768 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:02:31.0881 1768 HomeGroupProvider - ok
13:02:31.0959 1768 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:02:31.0959 1768 HP Health Check Service - ok
13:02:32.0021 1768 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:02:32.0021 1768 HpqKbFiltr - ok
13:02:32.0084 1768 [ 188FF0ADF66768D53AD94F43972E1E9A ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:02:32.0099 1768 hpqwmiex - ok
13:02:32.0131 1768 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:02:32.0131 1768 HpSAMD - ok
13:02:32.0177 1768 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:02:32.0177 1768 HTTP - ok
13:02:32.0224 1768 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:02:32.0224 1768 hwpolicy - ok
13:02:32.0271 1768 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:02:32.0287 1768 i8042prt - ok
13:02:32.0333 1768 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:02:32.0349 1768 iaStorV - ok
13:02:32.0427 1768 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:02:32.0443 1768 idsvc - ok
13:02:32.0677 1768 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:02:32.0879 1768 igfx - ok
13:02:32.0926 1768 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:02:32.0926 1768 iirsp - ok
13:02:32.0973 1768 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:02:33.0004 1768 IKEEXT - ok
13:02:33.0035 1768 [ 092A78E9C6F71BF0E22379503B90E800 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:02:33.0035 1768 IntcHdmiAddService - ok
13:02:33.0082 1768 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:02:33.0082 1768 intelide - ok
13:02:33.0098 1768 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:02:33.0098 1768 intelppm - ok
13:02:33.0129 1768 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:02:33.0129 1768 IpFilterDriver - ok
13:02:33.0176 1768 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:02:33.0191 1768 iphlpsvc - ok
13:02:33.0223 1768 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:02:33.0238 1768 IPMIDRV - ok
13:02:33.0254 1768 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:02:33.0254 1768 IPNAT - ok
13:02:33.0285 1768 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:02:33.0285 1768 IRENUM - ok
13:02:33.0332 1768 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:02:33.0332 1768 isapnp - ok
13:02:33.0379 1768 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:02:33.0379 1768 iScsiPrt - ok
13:02:33.0410 1768 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:02:33.0410 1768 kbdclass - ok
13:02:33.0441 1768 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:02:33.0457 1768 kbdhid - ok
13:02:33.0472 1768 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:02:33.0472 1768 KeyIso - ok
13:02:33.0503 1768 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:02:33.0503 1768 KSecDD - ok
13:02:33.0550 1768 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:02:33.0566 1768 KSecPkg - ok
13:02:33.0597 1768 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:02:33.0613 1768 KtmRm - ok
13:02:33.0659 1768 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
13:02:33.0675 1768 LanmanServer - ok
13:02:33.0691 1768 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:02:33.0691 1768 LanmanWorkstation - ok
13:02:33.0737 1768 [ 6E7B4E75E8A226EDC8A9A8B1C3510F9B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:02:33.0737 1768 LightScribeService - ok
13:02:33.0769 1768 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:02:33.0769 1768 lltdio - ok
13:02:33.0815 1768 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:02:33.0815 1768 lltdsvc - ok
13:02:33.0831 1768 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:02:33.0847 1768 lmhosts - ok
13:02:33.0862 1768 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:02:33.0878 1768 LSI_FC - ok
13:02:33.0893 1768 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:02:33.0893 1768 LSI_SAS - ok
13:02:33.0909 1768 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:02:33.0909 1768 LSI_SAS2 - ok
13:02:33.0940 1768 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:02:33.0940 1768 LSI_SCSI - ok
13:02:33.0971 1768 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:02:33.0971 1768 luafv - ok
13:02:34.0018 1768 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\drivers\massfilter.sys
13:02:34.0018 1768 massfilter - ok
13:02:34.0065 1768 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:02:34.0065 1768 MBAMProtector - ok
13:02:34.0143 1768 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:02:34.0159 1768 MBAMScheduler - ok
13:02:34.0205 1768 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:02:34.0221 1768 MBAMService - ok
13:02:34.0330 1768 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:02:34.0330 1768 McAfee SiteAdvisor Service - ok
13:02:34.0361 1768 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:02:34.0361 1768 McMPFSvc - ok
13:02:34.0377 1768 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:02:34.0377 1768 mcmscsvc - ok
13:02:34.0377 1768 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:02:34.0377 1768 McNaiAnn - ok
13:02:34.0408 1768 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:02:34.0424 1768 McNASvc - ok
13:02:34.0517 1768 [ 135AA9E9E7047B7DC1F753205D421A26 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
13:02:34.0533 1768 McODS - ok
13:02:34.0580 1768 [ 7E6932EEDA54C8EAF7DC6C2225261B85 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
13:02:34.0580 1768 McProxy - ok
13:02:34.0658 1768 [ 593FA4C378818ECE76BA64A11AD56CF2 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:02:34.0658 1768 McShield - ok
13:02:34.0689 1768 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:02:34.0705 1768 Mcx2Svc - ok
13:02:34.0767 1768 [ 4E10E84320A8EC1C12BD0D00973B22AB ] mdvrmng C:\Windows\system32\drivers\mdvrmng.sys
13:02:34.0783 1768 mdvrmng - ok
13:02:34.0829 1768 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:02:34.0829 1768 megasas - ok
13:02:34.0861 1768 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:02:34.0861 1768 MegaSR - ok
13:02:34.0892 1768 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
13:02:34.0892 1768 mfeapfk - ok
13:02:34.0954 1768 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
13:02:34.0954 1768 mfeavfk - ok
13:02:34.0970 1768 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
13:02:34.0970 1768 mfebopk - ok
13:02:35.0032 1768 [ 7E1F8B1BDC8240F08BD358B3A466C005 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:02:35.0032 1768 mfefire - ok
13:02:35.0063 1768 [ 4EA6FF90015424517843E931448E00F1 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
13:02:35.0063 1768 mfefirek - ok
13:02:35.0110 1768 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
13:02:35.0126 1768 mfehidk - ok
13:02:35.0173 1768 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
13:02:35.0173 1768 mfenlfk - ok
13:02:35.0219 1768 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
13:02:35.0235 1768 mferkdet - ok
13:02:35.0282 1768 [ B10C4EFD40810C08F4B44DF2EFCB54F7 ] mfevtp C:\Windows\system32\mfevtps.exe
13:02:35.0282 1768 mfevtp - ok
13:02:35.0313 1768 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
13:02:35.0313 1768 mfewfpk - ok
13:02:35.0360 1768 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:02:35.0375 1768 MMCSS - ok
13:02:35.0391 1768 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:02:35.0391 1768 Modem - ok
13:02:35.0438 1768 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:02:35.0438 1768 monitor - ok
13:02:35.0485 1768 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:02:35.0485 1768 mouclass - ok
13:02:35.0500 1768 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:02:35.0500 1768 mouhid - ok
13:02:35.0547 1768 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:02:35.0563 1768 mountmgr - ok
13:02:35.0609 1768 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:02:35.0609 1768 mpio - ok
13:02:35.0625 1768 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:02:35.0625 1768 mpsdrv - ok
13:02:35.0672 1768 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:02:35.0703 1768 MpsSvc - ok
13:02:35.0750 1768 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:02:35.0750 1768 MRxDAV - ok
13:02:35.0797 1768 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:35.0797 1768 mrxsmb - ok
13:02:35.0828 1768 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:35.0828 1768 mrxsmb10 - ok
13:02:35.0859 1768 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:35.0859 1768 mrxsmb20 - ok
13:02:35.0906 1768 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:02:35.0906 1768 msahci - ok
13:02:35.0937 1768 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:02:35.0937 1768 msdsm - ok
13:02:35.0968 1768 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:02:35.0968 1768 MSDTC - ok
13:02:36.0015 1768 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:02:36.0015 1768 Msfs - ok
13:02:36.0031 1768 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:02:36.0031 1768 mshidkmdf - ok
13:02:36.0077 1768 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:02:36.0077 1768 msisadrv - ok
13:02:36.0124 1768 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:02:36.0124 1768 MSiSCSI - ok
13:02:36.0124 1768 msiserver - ok
13:02:36.0171 1768 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:02:36.0171 1768 MSKSSRV - ok
13:02:36.0187 1768 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:36.0187 1768 MSPCLOCK - ok
13:02:36.0202 1768 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:02:36.0202 1768 MSPQM - ok
13:02:36.0218 1768 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:02:36.0218 1768 MsRPC - ok
13:02:36.0280 1768 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:02:36.0280 1768 mssmbios - ok
13:02:36.0296 1768 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:02:36.0296 1768 MSTEE - ok
13:02:36.0311 1768 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:36.0311 1768 MTConfig - ok
13:02:36.0327 1768 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:02:36.0327 1768 Mup - ok
13:02:36.0374 1768 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:02:36.0389 1768 napagent - ok
13:02:36.0421 1768 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:02:36.0421 1768 NativeWifiP - ok
13:02:36.0452 1768 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:02:36.0467 1768 NDIS - ok
13:02:36.0483 1768 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:36.0483 1768 NdisCap - ok
13:02:36.0514 1768 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:36.0514 1768 NdisTapi - ok
13:02:36.0545 1768 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:36.0561 1768 Ndisuio - ok
13:02:36.0592 1768 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:36.0592 1768 NdisWan - ok
13:02:36.0639 1768 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:02:36.0639 1768 NDProxy - ok
13:02:36.0655 1768 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:02:36.0655 1768 NetBIOS - ok
13:02:36.0717 1768 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:02:36.0717 1768 NetBT - ok
13:02:36.0733 1768 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:02:36.0733 1768 Netlogon - ok
13:02:36.0748 1768 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:36.0748 1768 NetTcpPortSharing - ok
13:02:36.0779 1768 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:36.0779 1768 nfrd960 - ok
13:02:36.0826 1768 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:02:36.0826 1768 NlaSvc - ok
13:02:36.0857 1768 [ C3963D85B721A7F80D8A55F4E2867A3A ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
13:02:36.0873 1768 nmwcd - ok
13:02:36.0889 1768 [ 3859C69A77793180548802DAC9F34A38 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
13:02:36.0889 1768 nmwcdc - ok
13:02:36.0920 1768 [ 338F83EE9CB9E15EEACF0CBB90218CBF ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
13:02:36.0920 1768 nmwcdnsu - ok
13:02:36.0951 1768 [ D15BAC979144FB69ED28F97B2DD84D48 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
13:02:36.0951 1768 nmwcdnsuc - ok
13:02:36.0998 1768 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:02:36.0998 1768 Npfs - ok
13:02:37.0013 1768 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:02:37.0013 1768 nsiproxy - ok
13:02:37.0076 1768 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:02:37.0107 1768 Ntfs - ok
13:02:37.0123 1768 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:02:37.0123 1768 Null - ok
13:02:37.0154 1768 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:02:37.0154 1768 nvraid - ok
13:02:37.0201 1768 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:02:37.0201 1768 nvstor - ok
13:02:37.0232 1768 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:02:37.0232 1768 nv_agp - ok
13:02:37.0310 1768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:02:37.0310 1768 odserv - ok
13:02:37.0341 1768 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:02:37.0357 1768 ohci1394 - ok
13:02:37.0372 1768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:02:37.0388 1768 ose - ok
13:02:37.0435 1768 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:02:37.0435 1768 p2pimsvc - ok
13:02:37.0466 1768 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:02:37.0466 1768 p2psvc - ok
13:02:37.0513 1768 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:02:37.0528 1768 Parport - ok
13:02:37.0559 1768 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:02:37.0559 1768 partmgr - ok
13:02:37.0591 1768 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:02:37.0591 1768 Parvdm - ok
13:02:37.0606 1768 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:02:37.0606 1768 PcaSvc - ok
13:02:37.0637 1768 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:02:37.0637 1768 pccsmcfd - ok
13:02:37.0684 1768 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:02:37.0684 1768 pci - ok
13:02:37.0715 1768 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:02:37.0715 1768 pciide - ok
13:02:37.0762 1768 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:37.0762 1768 pcmcia - ok
13:02:37.0825 1768 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
13:02:37.0825 1768 pcouffin - ok
13:02:37.0840 1768 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:02:37.0840 1768 pcw - ok
13:02:37.0871 1768 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:02:37.0871 1768 PEAUTH - ok
13:02:37.0965 1768 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:02:38.0012 1768 pla - ok
13:02:38.0043 1768 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:02:38.0043 1768 PNRPAutoReg - ok
13:02:38.0074 1768 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:02:38.0090 1768 PolicyAgent - ok
13:02:38.0137 1768 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:02:38.0137 1768 Power - ok
13:02:38.0199 1768 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:02:38.0199 1768 PptpMiniport - ok
13:02:38.0215 1768 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:02:38.0230 1768 Processor - ok
13:02:38.0277 1768 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:02:38.0293 1768 ProfSvc - ok
13:02:38.0308 1768 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:02:38.0308 1768 ProtectedStorage - ok
13:02:38.0355 1768 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:02:38.0355 1768 Psched - ok
13:02:38.0402 1768 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:02:38.0433 1768 ql2300 - ok
13:02:38.0449 1768 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:38.0449 1768 ql40xx - ok
13:02:38.0464 1768 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:02:38.0464 1768 QWAVEdrv - ok
13:02:38.0480 1768 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:02:38.0480 1768 RasAcd - ok
13:02:38.0542 1768 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:38.0542 1768 RasAgileVpn - ok
13:02:38.0573 1768 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:02:38.0589 1768 RasAuto - ok
13:02:38.0620 1768 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:38.0620 1768 Rasl2tp - ok
13:02:38.0667 1768 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:38.0667 1768 RasPppoe - ok
13:02:38.0683 1768 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:02:38.0683 1768 RasSstp - ok
13:02:38.0729 1768 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:02:38.0729 1768 rdbss - ok
13:02:38.0745 1768 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:38.0745 1768 rdpbus - ok
13:02:38.0792 1768 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:38.0792 1768 RDPCDD - ok
13:02:38.0823 1768 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:02:38.0823 1768 RDPENCDD - ok
13:02:38.0839 1768 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:02:38.0839 1768 RDPREFMP - ok
13:02:38.0885 1768 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:02:38.0885 1768 RDPWD - ok
13:02:38.0948 1768 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:02:38.0963 1768 rdyboost - ok
13:02:39.0026 1768 [ 2063D6B51FD874E67502B31A9FDBA685 ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
13:02:39.0026 1768 Recovery Service for Windows - ok
13:02:39.0073 1768 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:02:39.0073 1768 RemoteAccess - ok
13:02:39.0104 1768 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:02:39.0119 1768 RemoteRegistry - ok
13:02:39.0151 1768 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:02:39.0151 1768 RFCOMM - ok
13:02:39.0260 1768 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:02:39.0275 1768 RichVideo - ok
13:02:39.0307 1768 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:02:39.0322 1768 RpcEptMapper - ok
13:02:39.0353 1768 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:02:39.0369 1768 RpcLocator - ok
13:02:39.0385 1768 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:02:39.0385 1768 RpcSs - ok
13:02:39.0431 1768 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:02:39.0431 1768 rspndr - ok
13:02:39.0494 1768 [ A1ADC7B4C074744662207DA6EDCDFBB0 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:02:39.0494 1768 RTL8169 - ok
13:02:39.0525 1768 [ 2B7DA5A2D2C4AAE01098D910007EDAC5 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
13:02:39.0525 1768 RTSTOR - ok
13:02:39.0572 1768 [ E1AB463B36A7EF31D8A73A97A9B57AFA ] s115bus C:\Windows\system32\DRIVERS\s115bus.sys
13:02:39.0572 1768 s115bus - ok
13:02:39.0572 1768 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\Windows\system32\DRIVERS\s115mdfl.sys
13:02:39.0587 1768 s115mdfl - ok
13:02:39.0603 1768 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\Windows\system32\DRIVERS\s115mdm.sys
13:02:39.0603 1768 s115mdm - ok
13:02:39.0619 1768 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\Windows\system32\DRIVERS\s115mgmt.sys
13:02:39.0619 1768 s115mgmt - ok
13:02:39.0634 1768 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\Windows\system32\DRIVERS\s115obex.sys
13:02:39.0634 1768 s115obex - ok
13:02:39.0650 1768 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:02:39.0665 1768 SamSs - ok
13:02:39.0697 1768 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:02:39.0697 1768 sbp2port - ok
13:02:39.0743 1768 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:02:39.0743 1768 SCardSvr - ok
13:02:39.0759 1768 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:02:39.0775 1768 scfilter - ok
13:02:39.0821 1768 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:02:39.0853 1768 Schedule - ok
13:02:39.0884 1768 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:02:39.0884 1768 SCPolicySvc - ok
13:02:39.0915 1768 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:02:39.0915 1768 SDRSVC - ok
13:02:39.0993 1768 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:02:39.0993 1768 SeaPort - ok
13:02:40.0040 1768 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:02:40.0040 1768 secdrv - ok
13:02:40.0102 1768 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:02:40.0102 1768 seclogon - ok
13:02:40.0133 1768 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:02:40.0133 1768 Serenum - ok
13:02:40.0149 1768 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:02:40.0149 1768 Serial - ok
13:02:40.0180 1768 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:02:40.0196 1768 sermouse - ok
13:02:40.0243 1768 [ D0D2FF6132DB177A5192891A8CC9578C ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:02:40.0258 1768 ServiceLayer - ok
13:02:40.0321 1768 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:02:40.0321 1768 sffdisk - ok
13:02:40.0336 1768 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:02:40.0336 1768 sffp_mmc - ok
13:02:40.0352 1768 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:02:40.0352 1768 sffp_sd - ok
13:02:40.0383 1768 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:02:40.0399 1768 sfloppy - ok
13:02:40.0445 1768 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:02:40.0445 1768 SharedAccess - ok
13:02:40.0508 1768 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:02:40.0508 1768 ShellHWDetection - ok
13:02:40.0555 1768 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:02:40.0555 1768 sisagp - ok
13:02:40.0570 1768 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:02:40.0586 1768 SiSRaid2 - ok
13:02:40.0601 1768 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:02:40.0601 1768 SiSRaid4 - ok
13:02:40.0664 1768 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:02:40.0679 1768 SkypeUpdate - ok
13:02:40.0695 1768 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:02:40.0695 1768 Smb - ok
13:02:40.0742 1768 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:02:40.0742 1768 SNMPTRAP - ok
13:02:40.0804 1768 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:02:40.0804 1768 spldr - ok
13:02:40.0835 1768 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
13:02:40.0851 1768 Spooler - ok
13:02:40.0945 1768 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:02:41.0023 1768 sppsvc - ok
13:02:41.0069 1768 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:02:41.0069 1768 srv - ok
13:02:41.0101 1768 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:02:41.0101 1768 srv2 - ok
13:02:41.0116 1768 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:02:41.0116 1768 srvnet - ok
13:02:41.0194 1768 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:02:41.0194 1768 SSDPSRV - ok
13:02:41.0210 1768 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:02:41.0210 1768 SstpSvc - ok
13:02:41.0272 1768 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:02:41.0272 1768 ssudmdm - ok
13:02:41.0366 1768 [ FE7F776F2590C8331123BDA3A3A21DE6 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
13:02:41.0381 1768 STacSV - ok
13:02:41.0413 1768 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:02:41.0413 1768 stexstor - ok
13:02:41.0444 1768 [ DADB74BF26766757DBBA9C5912969EBF ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
13:02:41.0444 1768 STHDA - ok
13:02:41.0506 1768 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:02:41.0522 1768 StiSvc - ok
13:02:41.0553 1768 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:02:41.0553 1768 swenum - ok
13:02:41.0615 1768 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:02:41.0615 1768 swprv - ok
13:02:41.0709 1768 [ 267C914667C94E5F47D342311C1C577F ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
13:02:41.0725 1768 Symantec RemoteAssist - ok
13:02:41.0756 1768 [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:02:41.0756 1768 SynTP - ok
13:02:41.0803 1768 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:02:41.0803 1768 TabletInputService - ok
13:02:41.0849 1768 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:02:41.0849 1768 TapiSrv - ok
13:02:41.0896 1768 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:02:41.0896 1768 TBS - ok
13:02:41.0974 1768 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:02:42.0005 1768 Tcpip - ok
13:02:42.0068 1768 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:02:42.0068 1768 TCPIP6 - ok
13:02:42.0130 1768 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:02:42.0130 1768 tcpipreg - ok
13:02:42.0177 1768 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:02:42.0177 1768 TDPIPE - ok
13:02:42.0208 1768 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:02:42.0208 1768 TDTCP - ok
13:02:42.0255 1768 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:02:42.0255 1768 tdx - ok
13:02:42.0286 1768 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:02:42.0286 1768 TermDD - ok
13:02:42.0333 1768 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:02:42.0349 1768 TermService - ok
13:02:42.0395 1768 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:02:42.0395 1768 Themes - ok
13:02:42.0427 1768 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:02:42.0427 1768 THREADORDER - ok
13:02:42.0458 1768 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:02:42.0458 1768 TrkWks - ok
13:02:42.0536 1768 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:02:42.0536 1768 TrustedInstaller - ok
13:02:42.0598 1768 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:02:42.0598 1768 tssecsrv - ok
13:02:42.0661 1768 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:02:42.0676 1768 TsUsbFlt - ok
13:02:42.0723 1768 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:02:42.0723 1768 tunnel - ok
13:02:42.0770 1768 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:02:42.0770 1768 uagp35 - ok
13:02:42.0785 1768 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:02:42.0785 1768 udfs - ok
13:02:42.0848 1768 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:02:42.0848 1768 UI0Detect - ok
13:02:42.0895 1768 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:02:42.0895 1768 uliagpkx - ok
13:02:42.0941 1768 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
13:02:42.0941 1768 umbus - ok
13:02:43.0004 1768 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:02:43.0004 1768 UmPass - ok
13:02:43.0035 1768 [ 0CCADC7391021376EDBB8AA649D04E68 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:02:43.0035 1768 upperdev - ok
13:02:43.0051 1768 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:02:43.0051 1768 usbccgp - ok
13:02:43.0097 1768 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:02:43.0097 1768 usbcir - ok
13:02:43.0113 1768 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:02:43.0113 1768 usbehci - ok
13:02:43.0144 1768 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:02:43.0144 1768 usbhub - ok
13:02:43.0160 1768 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:02:43.0160 1768 usbohci - ok
13:02:43.0207 1768 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:02:43.0207 1768 usbprint - ok
13:02:43.0253 1768 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:02:43.0253 1768 usbscan - ok
13:02:43.0300 1768 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
13:02:43.0300 1768 usbser - ok
13:02:43.0347 1768 [ 68B4F83CCCF70A2FF32EE142C234332A ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
13:02:43.0347 1768 UsbserFilt - ok
13:02:43.0394 1768 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:02:43.0394 1768 USBSTOR - ok
13:02:43.0441 1768 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:02:43.0441 1768 usbuhci - ok
13:02:43.0472 1768 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:02:43.0472 1768 usbvideo - ok
13:02:43.0519 1768 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:02:43.0519 1768 UxSms - ok
13:02:43.0534 1768 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:02:43.0534 1768 VaultSvc - ok
13:02:43.0550 1768 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:02:43.0550 1768 vdrvroot - ok
13:02:43.0597 1768 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:02:43.0612 1768 vds - ok
13:02:43.0659 1768 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:02:43.0659 1768 vga - ok
13:02:43.0675 1768 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:02:43.0675 1768 VgaSave - ok
13:02:43.0706 1768 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:02:43.0721 1768 vhdmp - ok
13:02:43.0753 1768 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:02:43.0753 1768 viaagp - ok
13:02:43.0768 1768 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:02:43.0784 1768 ViaC7 - ok
13:02:43.0799 1768 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:02:43.0799 1768 viaide - ok
13:02:43.0815 1768 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:02:43.0831 1768 volmgr - ok
13:02:43.0846 1768 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:02:43.0846 1768 volmgrx - ok
13:02:43.0877 1768 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:02:43.0877 1768 volsnap - ok
13:02:43.0909 1768 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:02:43.0909 1768 vsmraid - ok
13:02:43.0971 1768 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:02:44.0002 1768 VSS - ok
13:02:44.0018 1768 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:02:44.0018 1768 vwifibus - ok
13:02:44.0049 1768 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:02:44.0049 1768 vwififlt - ok
13:02:44.0065 1768 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:02:44.0065 1768 vwifimp - ok
13:02:44.0111 1768 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:02:44.0111 1768 W32Time - ok
13:02:44.0158 1768 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:02:44.0158 1768 WacomPen - ok
13:02:44.0221 1768 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:02:44.0236 1768 WANARP - ok
13:02:44.0236 1768 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:02:44.0236 1768 Wanarpv6 - ok
13:02:44.0314 1768 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:02:44.0345 1768 WatAdminSvc - ok
13:02:44.0408 1768 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:02:44.0439 1768 wbengine - ok
13:02:44.0501 1768 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:02:44.0501 1768 WbioSrvc - ok
13:02:44.0548 1768 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:02:44.0548 1768 Wd - ok
13:02:44.0579 1768 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:02:44.0595 1768 Wdf01000 - ok
13:02:44.0611 1768 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:02:44.0611 1768 WdiServiceHost - ok
13:02:44.0626 1768 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:02:44.0626 1768 WdiSystemHost - ok
13:02:44.0657 1768 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:02:44.0673 1768 Wecsvc - ok
13:02:44.0689 1768 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:02:44.0689 1768 wercplsupport - ok
13:02:44.0704 1768 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:02:44.0720 1768 WerSvc - ok
13:02:44.0735 1768 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:02:44.0735 1768 WfpLwf - ok
13:02:44.0751 1768 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:02:44.0751 1768 WIMMount - ok
13:02:44.0845 1768 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:02:44.0860 1768 WinDefend - ok
13:02:44.0891 1768 WinHttpAutoProxySvc - ok
13:02:44.0985 1768 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:02:44.0985 1768 Winmgmt - ok
13:02:45.0047 1768 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:02:45.0079 1768 WinRM - ok
13:02:45.0125 1768 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:02:45.0125 1768 WinUsb - ok
13:02:45.0188 1768 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:02:45.0219 1768 Wlansvc - ok
13:02:45.0313 1768 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:02:45.0313 1768 wlcrasvc - ok
13:02:45.0453 1768 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:02:45.0484 1768 wlidsvc - ok
13:02:45.0547 1768 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:02:45.0547 1768 WmiAcpi - ok
13:02:45.0578 1768 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:02:45.0593 1768 wmiApSrv - ok
13:02:45.0703 1768 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:02:45.0734 1768 WMPNetworkSvc - ok
13:02:45.0781 1768 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:02:45.0781 1768 WPCSvc - ok
13:02:45.0827 1768 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:02:45.0827 1768 ws2ifsl - ok
13:02:45.0843 1768 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
13:02:45.0843 1768 wscsvc - ok
13:02:45.0859 1768 WSearch - ok
13:02:45.0952 1768 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:02:45.0999 1768 wuauserv - ok
13:02:46.0030 1768 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:02:46.0046 1768 WudfPf - ok
13:02:46.0077 1768 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:02:46.0093 1768 WUDFRd - ok
13:02:46.0108 1768 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:02:46.0108 1768 wudfsvc - ok
13:02:46.0155 1768 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:02:46.0171 1768 ZTEusbmdm6k - ok
13:02:46.0186 1768 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:02:46.0202 1768 ZTEusbnmea - ok
13:02:46.0217 1768 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:02:46.0217 1768 ZTEusbser6k - ok
13:02:46.0249 1768 ================ Scan global ===============================
13:02:46.0311 1768 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:02:46.0342 1768 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:02:46.0358 1768 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:02:46.0405 1768 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:02:46.0420 1768 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:02:46.0436 1768 [Global] - ok
13:02:46.0436 1768 ================ Scan MBR ==================================
13:02:46.0451 1768 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:02:46.0841 1768 \Device\Harddisk0\DR0 - ok
13:02:47.0060 1768 [ D052FCB13C75ECCE0197788B961BC056 ] \Device\Harddisk1\DR1
13:02:51.0568 1768 \Device\Harddisk1\DR1 - ok
13:02:51.0568 1768 ================ Scan VBR ==================================
13:02:51.0724 1768 [ 02AF0A87CBE8419510DFDC819012707D ] \Device\Harddisk0\DR0\Partition1
13:02:51.0724 1768 \Device\Harddisk0\DR0\Partition1 - ok
13:02:51.0787 1768 [ E7E509C2152C5966C87D07924BF986EA ] \Device\Harddisk0\DR0\Partition2
13:02:51.0787 1768 \Device\Harddisk0\DR0\Partition2 - ok
13:02:51.0787 1768 ============================================================
13:02:51.0787 1768 Scan finished
13:02:51.0787 1768 ============================================================
13:02:51.0818 1760 Detected object count: 0
13:02:51.0818 1760 Actual detected object count: 0
13:04:03.0781 1708 Deinitialize success
Gareth S is offline  
Old 10-11-2012, 02:37 PM   #8
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



I believe the shield you are referring to is the User Account Control



You can change the level of the UAC in the Action Center, what is the current setting?

If you right click on Malwarebytes and choose to run an an administrator, do you still get the same error message?
CatByte is offline  
Old 10-11-2012, 03:41 PM   #9
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Ah, I see. Having entered the Action Centre in both normal and safe mode I can't open the user account control settings. All of the other links open normally but that one does nothing.

Thanks
Gareth S is offline  
Old 10-11-2012, 03:55 PM   #10
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



it seems there are problems with the "permissions" on your machine. Is your account an "Administrators" account

are there any other user accounts on the machine?

If so, is each account experiencing the same issue in normal mode?

If not, create a new user account and give it admin permissions, see if there are still the same issues with the new user account
CatByte is offline  
Old 10-11-2012, 04:09 PM   #11
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



This is the only user account on the laptop and it is an administrator and I've never had any problems getting access before. I'm not able to set up another account, it doesn't do anything after clicking on the links, again, in either mode.
Gareth S is offline  
Old 10-11-2012, 04:13 PM   #12
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



hmmm,

there seems to be a lot of corruption

try this:


Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check



Once that is done then go to step 3 and allow it to run SFC



On the the Start Repairs tab => Click the Start



Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.
CatByte is offline  
Old 10-12-2012, 04:27 PM   #13
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



I've installed Windows Repair (All in one) but am having trouble using it. I get the same problem with opening it in normal mode as with MBAM (which I also get even with the Windows Repair installer) so have tried it in safe mode but can't get the disk checker to actually start after a reboo

I'm also concearned about the flash drive passing the virus over to this clean laptop.
Gareth S is offline  
Old 10-12-2012, 04:34 PM   #14
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Ok, I've managed to get step 3 to work now so maybe I was doing something wrong or had the wrong idea but it doesn't seem to have done a scan or anything for step 2.

Sorry for confusion!

CHeers
Gareth S is offline  
Old 10-12-2012, 05:34 PM   #15
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



I've run the final step and done the repairs. It doesn't seem to have changed anything, though I was runnng the program in safe mode. I still get the same messages when trying to open any malware-killing related program in normal mode and still have the messages telling me it isn't a genuine copy of windows. Also this sheild seems to be connected to all of the things I can't do, like access the User Account Control Settings i.e. wherever there is a link/program I can't open there is a little sheild icon there.

Cheers
Gareth S is offline  
Old 10-12-2012, 07:39 PM   #16
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Please run the following:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs



while you are only moving logs back and forth via the USB there shouldn't be any transfer of infection
CatByte is offline  
Old 10-13-2012, 02:12 AM   #17
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Here are the logs "OTL" first.

Thanks




OTL logfile created on: 13/10/2012 08:31:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sheppy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 85.48% Memory free
5.86 Gb Paging File | 5.46 Gb Available in Paging File | 93.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 91.55 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.34 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive F: | 7.41 Gb Total Space | 4.77 Gb Free Space | 64.43% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Sheppy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 08:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheppy\Desktop\OTL.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/06 13:13:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/20 12:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/06 08:03:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/23 14:53:06 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe -- (STacSV)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/24 01:18:20 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sheppy\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/02/16 00:24:36 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/11/24 23:23:12 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/03/23 14:53:06 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/03/02 17:43:20 | 001,263,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/02/26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/23 14:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt)
DRV - [2007/04/23 14:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 14:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 14:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 14:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.co.uk
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{025691BC-FC8A-4AB2-96A1-7111A3722E0D}: "URL" = https://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{77B01CD3-C3C5-47F9-9270-9E415C3F1308}: "URL" = https://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\SearchScopes\{F304A406-DF59-4420-A8BC-6A357E233831}: "URL" = https://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\SearchScopes\{42DDC1EB-E063-4A6F-97F0-7FFF9A934CD6}: "URL" = https://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_enGB347
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-2830794849-73186190-218026193-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/25 23:42:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/25 16:11:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/10/13 01:22:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/25 23:42:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sheppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Sheppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Sheppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Sheppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012/10/13 01:13:35 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120625115909.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcui_exe] KEY File not found
O4 - HKLM..\Run: [NokiaMServer] OKIAMSERVER /WATCHFILES STARTUP File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] K\YOUCAM\2.0" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] T\2.5" File not found
O4 - HKLM..\Run: [UpdatePDIRShortCut] K\POWERDIRECTOR\7.0" File not found
O4 - HKLM..\Run: [UpdatePSTShortCut] K\POWERSTARTER" File not found
O4 - HKU\S-1-5-21-2830794849-73186190-218026193-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2830794849-73186190-218026193-1000..\Run: [SpeedyComputer] C:\Program Files\Speeding Software\SpeedyComputer\SPPCLauncher.exe (Speeding Software Inc)
O4 - HKU\S-1-5-21-2830794849-73186190-218026193-1000..\Run: [Spotify] C:\Users\Sheppy\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2830794849-73186190-218026193-1000..\Run: [Spotify Web Helper] C:\Users\Sheppy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2830794849-73186190-218026193-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2830794849-73186190-218026193-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2830794849-73186190-218026193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-2830794849-73186190-218026193-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} https://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} https://www.turntool.com/ViewerInstall.exe (TurnTool Scene)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} https://h20264.www2.hp.com/ediags/dd/...sticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} https://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} https://gfx1.hotmail.com/mail/w4/pr01...PUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://download.garmin.com/gcp/ie/2....nAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4DFFC7A-6AB6-4655-A154-610C22AA35D5}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sheppy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sheppy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: SessionEnv - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/10/13 08:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/13 08:25:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sheppy\Desktop\OTL.exe
[2012/10/13 01:18:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/13 01:17:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/13 00:43:10 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/10/12 12:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/10/12 12:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/10/12 08:39:25 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/09 19:07:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/09 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Sheppy\AppData\Local\temp
[2012/10/09 18:52:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/09 18:52:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/09 18:52:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/09 18:51:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/09 18:51:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/09 18:45:33 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\Sheppy\Desktop\ComboFix.exe
[2012/10/09 07:40:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/04 14:31:45 | 000,000,000 | ---D | C] -- C:\Users\Sheppy\AppData\Roaming\SpeedyComputer
[2012/10/04 14:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speeding Software
[2012/10/04 14:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speeding Software
[2012/10/03 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Sheppy\AppData\Roaming\Malwarebytes
[2012/10/03 21:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/03 21:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/03 21:57:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/03 21:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sheppy\Desktop\TDSSKiller.exe
[2009/11/22 11:46:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sheppy\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/10/13 08:30:24 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\BT NetProtect Plus.lnk
[2012/10/13 08:28:42 | 000,632,198 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/13 08:28:42 | 000,112,184 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/13 08:23:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/13 08:23:18 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/13 08:22:41 | 000,011,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 08:22:41 | 000,011,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 08:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheppy\Desktop\OTL.exe
[2012/10/13 01:27:31 | 000,000,222 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/10/13 01:27:14 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/13 01:18:20 | 000,354,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/13 01:13:35 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/13 00:44:13 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-LAPTOP-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2012/10/13 00:13:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 12:56:07 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/12 12:31:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/12 12:31:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/10/12 08:31:44 | 005,345,461 | ---- | M] () -- C:\Users\Sheppy\Desktop\kweat dowswin pairer.exe
[2012/10/11 23:29:43 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSheppy.job
[2012/10/09 19:05:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_634
[2012/10/09 18:36:24 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\Sheppy\Desktop\ComboFix.exe
[2012/10/06 19:21:36 | 269,586,882 | ---- | M] () -- C:\Users\Sheppy\Desktop\Documents Backup.zip
[2012/10/04 14:31:35 | 000,001,227 | ---- | M] () -- C:\Users\Sheppy\Desktop\SpeedyComputer.lnk
[2012/10/03 21:57:13 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sheppy\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2012/10/13 01:11:05 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/10/13 00:44:13 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LAPTOP-Microsoft-Windows-7-Home-Premium-(32-bit).dat
[2012/10/12 12:56:07 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/12 12:47:45 | 005,345,461 | ---- | C] () -- C:\Users\Sheppy\Desktop\kweat dowswin pairer.exe
[2012/10/09 18:52:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/09 18:52:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/09 18:52:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/09 18:52:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/09 18:52:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/06 19:17:17 | 269,586,882 | ---- | C] () -- C:\Users\Sheppy\Desktop\Documents Backup.zip
[2012/10/04 14:31:35 | 000,001,227 | ---- | C] () -- C:\Users\Sheppy\Desktop\SpeedyComputer.lnk
[2012/10/03 21:57:13 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/10 10:34:39 | 000,025,772 | ---- | C] () -- C:\Users\Sheppy\.TransferManager.db
[2012/01/28 00:41:04 | 000,078,392 | ---- | C] () -- C:\Users\Sheppy\Tudors Mindmap!.imx
[2011/11/02 18:45:18 | 000,007,605 | ---- | C] () -- C:\Users\Sheppy\AppData\Local\Resmon.ResmonCfg
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/12/14 15:09:23 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2009/12/15 00:19:51 | 000,017,408 | ---- | C] () -- C:\Users\Sheppy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/22 11:46:55 | 000,007,887 | ---- | C] () -- C:\Users\Sheppy\AppData\Roaming\pcouffin.cat
[2009/11/22 11:46:55 | 000,001,144 | ---- | C] () -- C:\Users\Sheppy\AppData\Roaming\pcouffin.inf
[2009/11/16 18:42:12 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/16 18:41:17 | 000,000,222 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/09/30 18:42:24 | 000,000,294 | ---- | C] () -- C:\Users\Sheppy\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/04 00:29:25 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Amazon
[2010/04/12 22:21:53 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/12/14 15:10:17 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Birdstep Technology
[2010/10/11 08:37:40 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/03 13:28:41 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\GARMIN
[2009/12/02 10:43:26 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Nokia
[2010/05/09 17:10:20 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Nseries
[2009/12/15 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\PC Suite
[2012/10/04 14:31:45 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\SpeedyComputer
[2012/10/13 01:27:39 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Spotify
[2009/09/30 18:42:24 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Template
[2012/02/27 23:37:35 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Visan
[2010/07/30 16:25:44 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Vso
[2009/12/02 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\WildTangent
[2010/11/30 13:36:30 | 000,000,000 | ---D | M] -- C:\Users\Sheppy\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*exe >
[2008/05/08 06:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/12 00:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< \md5start >
[2009/07/14 05:53:46 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/09/30 14:56:10 | 000,000,326 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForSheppy.job
[2010/04/26 19:20:49 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 19:20:50 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 11:02:23 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Communicator.job
[2012/04/10 10:42:20 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< explorer.exe >

< winlogon.exe >

< Userinit.exe >

< svchost.exe >

< services.exe/ >
Invalid Switch:

< / md5stop >
Invalid Switch: md5stop

< %systemroot%\*. /rp/s >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Drive Information ==========

Physical Drives
---------------

Error accessing drive info (0)
Error accessing drive info (0)

Partitions
---------------

Error accessing partition info (0)
Error accessing partition info (0)

< CREATERESTORE POINT >

< End of report >


OTL Extras logfile created on: 13/10/2012 08:31:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sheppy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 85.48% Memory free
5.86 Gb Paging File | 5.46 Gb Available in Paging File | 93.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.33 Gb Total Space | 91.55 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 1.34 Gb Free Space | 12.71% Space Free | Partition Type: NTFS
Drive F: | 7.41 Gb Total Space | 4.77 Gb Free Space | 64.43% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: Sheppy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2830794849-73186190-218026193-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A1D4835-5E66-4ACD-934C-4165AA3A3557}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4593E3FD-6755-4955-A567-74E64F051486}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{55ACDDF5-BD22-4761-8D83-945D283B4CD3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A4227A1-D7AD-4C2A-BAF3-57DC1E770601}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B266AA0-D4D4-491B-9198-CA0646C4C4AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76C59E08-450F-445F-A60E-9D8E0911DC72}" = lport=10243 | protocol=6 | dir=in | app=system |
"{80747C50-957F-4DAF-B4C4-7FC380E1245F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96F8853D-6CA0-4EC0-8C60-C49BD3F2A810}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABB9C4B9-4EFE-4190-82E8-65473E0FF7BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BAB916A3-1480-4DFD-9B5C-71A2DFCFE36B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6DA0F14-F497-4927-850B-76D6EA986CB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C71BAA2E-EA5D-40A8-B566-CAB15A82A3DD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E0765A28-073B-4804-BF3F-0F3058BA23F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EAF3B7-48FB-462F-A3F9-DBF86E98C3B3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F973A3A-77B7-4889-BCA7-742127FC480D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{1025BD20-E7B1-4DB4-A8B0-8681891DC956}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{1B6B8BB9-752D-4C80-A7C7-BAFBE91704C2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1E4AA583-EAFB-4EBF-9111-45446AF2D043}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1F8D0F29-0609-4282-B0EF-1984E561907A}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{3B4FA70C-5C59-42F5-B008-0A09505E74E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BE2D05C-5AA5-42B5-8A4E-F318340848F9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{3DBAD71B-A144-4314-9229-82CD342F87F5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{4157DA59-F1A3-435F-BF1F-AD77F6B884E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{419AC6BA-70D6-4A9B-91F3-AD5FD2D37FBE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B0DFB98-B78D-4A7B-91A3-D80DA646E32B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{4D9F19BB-715F-4787-952B-6664F0EEC0CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5035C860-21D8-4A99-8051-D33D4B2F754D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{52D26122-A3A7-4B50-9AD1-CE7C256BA9E0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{55605BA3-03AA-4981-82A4-3DBFCB48026B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5910C0E4-929F-4799-8CD6-14B09DB8BDF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5C4B3B47-9F0F-4236-ABE1-87494E9E2281}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{5DCC4483-01D1-4D23-975E-54FB37582A94}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5E0AE917-9B36-4625-9EEB-73950A1799BB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{60DEB4C1-C9A6-474C-857F-A7AAD1E3BC01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{652CA382-01E6-4A19-ABE3-EFA4527BA978}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{7123F98A-10DE-40B0-84A1-C9301B569690}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7ECEE71D-954A-4D8D-93C3-0A3052091FE9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D372051-464E-40F0-A23B-7AF2B2E47A31}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{91D9E0FC-A61B-4F27-A7D9-C9935C854806}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A00429FB-0A8A-4EA6-AD3C-E844355AA1E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A1519B11-BFFB-4F2F-82E6-5EA7A41BBAA5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A2EF7FE0-8E71-4C7C-9E15-8DF1620583E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7B6BDAF-006F-4EEB-B933-CDD7BF3A1EE8}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A95FCC5A-8D70-498C-AE7E-25802FC99BE3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B0D43E74-E4A6-45C9-9EEA-CD02DA3E8976}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{BA6D8855-EBF8-4085-86C6-FE275FED84EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAE31AC0-5CA4-466C-9D41-30FED831966E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C123B4AC-4E78-4DF0-AE26-A29C24D076E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{D7258BCC-9314-493F-9D57-2BCEC15B709A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DD15CF9F-7658-4E95-813B-37FDEFFCD6E3}" = protocol=17 | dir=in | app=c:\users\sheppy\appdata\local\temp\7zsf90d.tmp\symnrt.exe |
"{EAE52432-3126-4017-B8B6-5224CC7EBDE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{EB8BAE50-CF6D-4E8E-B013-AF7F2BCD2BE6}" = protocol=6 | dir=out | app=system |
"{EDF9328F-3D96-4761-9938-2294476A1137}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F4E89C88-0B6E-4072-8D6B-F96852B28254}" = protocol=6 | dir=in | app=c:\users\sheppy\appdata\local\temp\7zsf90d.tmp\symnrt.exe |
"{F8C67EC0-3CF2-4DE8-A5CD-F4BF66659F79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9659FA9-E083-4DED-989A-51AEF7241F92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"TCP Query User{CA6389ED-8E3E-4020-9F4F-F414F0DB1E98}C:\users\sheppy\appdata\local\temp\lmi15d2.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\sheppy\appdata\local\temp\lmi15d2.tmp\lmi_rescue.exe |
"UDP Query User{9EA04B65-CA22-49B1-A5D4-6C29F6C5E15F}C:\users\sheppy\appdata\local\temp\lmi15d2.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\sheppy\appdata\local\temp\lmi15d2.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9C94B6-AD1D-4FF2-A66D-4488C4F67A2C}" = iMindMap 5
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeô 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AOL Toolbar" = AOL Toolbar 5.0
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Userís Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = BT NetProtect Plus
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedyComputer_is1" = SpeedyComputer v3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2830794849-73186190-218026193-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/08/2010 17:09:31 | Computer Name = Sheppy-PC | Source = Windows Backup | ID = 4104
Description = The backup was not successful. The error is: Windows backup is not
configured after Windows was upgraded from an earlier version. Review your backup
settings. (0x8100002D).

Error - 31/08/2010 18:17:44 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/09/2010 12:50:18 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/09/2010 13:12:05 | Computer Name = Sheppy-PC | Source = Google Update | ID = 20
Description =

Error - 01/09/2010 14:44:49 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/09/2010 15:42:02 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2010 14:05:19 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/09/2010 17:45:14 | Computer Name = Sheppy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16625,
time stamp: 0x4c2ae0bb Exception code: 0xc0000005 Fault offset: 0x001bafd2 Faulting
process id: 0x7c8 Faulting application start time: 0x01cb4ade42c77217 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 5dc89ebb-b6db-11df-8547-00247eabad0b

Error - 03/09/2010 04:00:50 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/09/2010 03:05:10 | Computer Name = Sheppy-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: NSI. This service
might not be installed.

Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: NSI. This service
might not be installed.

Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: NSI. This service
might not be installed.

Error - 13/10/2012 03:28:42 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 13/10/2012 03:28:43 | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description = The DNS Client service depends the following service: NSI. This service
might not be installed.

Error - 13/10/2012 03:28:43 | Computer Name = Laptop | Source = Service Control Manager | ID = 7003
Description = The Workstation service depends the following service: NSI. This service
might not be installed.

Error - 13/10/2012 03:28:43 | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
Gareth S is offline  
Old 10-13-2012, 06:27 AM   #18
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



Quote:
still have the messages telling me it isn't a genuine copy of windows
this may be the cause of the remaining issues as there doesn't appear to be any malware remaining in the logs.

Please follow the direction for resolving this by re-validating windows (you should have an option in the notification to "resolve this now")

If you don't know your licence key and the sticker on your computer is unreadable, then you can use a tool such as "Magic Jelly Bean" to find your key

Magical Jelly Bean
CatByte is offline  
Old 10-14-2012, 10:30 AM   #19
Registered Member
 
Join Date: Nov 2008
Posts: 31
OS: Windows XP



Hi CatByte,

Thanks for your help, I'm glad my computer doesn't seem to have any malware left. Sadly the issues are persisting, I'm not able to get online to try to enter my product key and I'm not able to open anything to help in normal mode! It seems that recently alot of people have been having similar problems but no one seems to have a solution (a quick google search of either "this copy of windows in not genuine Build 7601" and "the specified device does not exist as an installed service". Do you think I should consider some sort of install repair or hard drive format? Ideally I'd like not to but it's starting to look inevitable! If you have any more ideas I'd be very grateful!

Thanks for the help, the service people like you offer is invaluable!
Gareth S is offline  
Old 10-14-2012, 10:42 AM   #20
TSF-Emeritus
 
Join Date: Jan 2009
Location: Canada
Posts: 8,956
OS: XP, Vista, Win7, Win8.1



we have a couple more things to try to see if we can get you back on line, there may be a couple of missing services that need re-installing (from the event log in the extra's.txt

please run the following

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please download and run rkill

Note: Vista and Windows 7 users need to right click on the file and choose Run as administrator
post the resulting log
CatByte is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rootkit Issue
I recently downloaded two small utility programs and they both did their job. After I had, my default browser page became isearch.babylon and tried but failed to sort that. Then my superantispyware told me "A serious rootkit was detected on your machine" message and telling me I had to reboot to...
RayCee Resolved HJT Threads 19 10-04-2012 12:27 PM
Help with removing trojan please
Hello, I have followed the instructions, and have all required logs, all attached and pasted as requested. I do not have a boot disk as although the computer has a licensed copy it was not initially my computer. Data as requested
SimonAJ Resolved HJT Threads 29 01-04-2012 10:19 AM
Tweeking My Internet Connection Settings after connection setup & configuration
I am trying to "tweek" my internet connection settings. My internet connections have aready been setup, configured, & web page access tested on both my Wi-Fi signal & my Wired ethernet connection independently and don't need help to setup my netbook for connecting to the internet for the first...
Chris Canfield Networking Support 2 06-07-2011 10:14 PM
Possible virus/trojan?
Hi I have a Dell Inspiron desktop (Vista, SP1) which will not run any Microsoft updates, I am wondering whether it might have been affected by a virus. I have run an attached the reports you asked for. To date I have run Malwarebytes and Norton Internet security. I still cannot run updates...
Tiridhe Resolved HJT Threads 12 05-21-2011 06:35 PM
I think I have a rootkit
Hello Techs. There is something wrong with my computer. It doesn't boot with a usb connection plugged in such as storage device etc. etc. It only goes to error page where I have 30 seconds or whatever to select how I would like to boot windows and which operating system etc. It will do this until I...
delaney14 Virus/Trojan/Spyware Help 14 04-24-2011 09:03 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:05 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts