Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Win32/agent.QUS trojan can't delete or clean

6K views 44 replies 3 participants last post by  emeraldnzl 
#1 ·
Hi, I need soem help please. My HP ProBook 4510s is infected with Win32/agent.QUS trojan. My OS s Windows 7 professional 32 bit. ESET NOD32 Antivirus detected the problem yesterday but could not either delete or clean it.

I don't know if the problem is related but yesterday (before I knew about the Trojan infection) I could not open ACT 9.0 (Sage CRM database). When trying to start ACT it reports a problem with the modem then fails to show the database. The icon is visible in the task bar and when I look at Task manager is shows ACT to be running,

This morning I decided to do a System Restore. I have done that and was hoping this would solve the ACT problem, but it hasn't :mad:. So here I am - looking for some kind soul to help to solve one (or hopefully both) of these probems. I don't know if they are related issues

Here is my logfiel using HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:53, on 05/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Symantec\ACT\ACTLDR.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\ACT\SideACT.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.offerbox.com/en/?s=h&c=1002094007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: ACT! Speed Loader.lnk = C:\Program Files\Symantec\ACT\ACTLDR.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SideACT!.lnk = C:\Program Files\Symantec\ACT\SideACT.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12157 bytes
Regards,
John
 
See less See more
#2 ·
Hello JohnJJ,

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [Firewall Administrating] C:\Users\Public\infocard.exe

Close all windows other than HijackThis, then click Fix checked.

Close HijackThis.

Next

  • Download OTL to your desktop.
  • Double click on the icon to run it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Files
    C:\Users\Public\infocard.exe
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
After that

  • Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
 
#3 ·
Hello Emeraldnzl,
Thanks so much for your help on this. Here is the log from OTL although you will note that I had incorrectly copied and pasted info from your email reply - but I don't think this has had an adverse effect on this log - hopefully!

All processes killed
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== FILES ==========
File\Folder C:\Users\Public\infocard.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 462379 bytes
->Temporary Internet Files folder emptied: 35100948 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John.Walker
->Temp folder emptied: 1079569071 bytes
->Temporary Internet Files folder emptied: 109324133 bytes
->FireFox cache emptied: 37882748 bytes
->Flash cache emptied: 41179 bytes

User: john.walker.HAGUE
->Temp folder emptied: 432958 bytes
->Temporary Internet Files folder emptied: 2952284 bytes
->Flash cache emptied: 405 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 309760 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528323336 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 741060668 bytes

Total Files Cleaned = 2,418.00 mb

OTL by OldTimer - Version 3.2.1.0 log created on 04062010_092334

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------
Another small note is that I couldn't get the OTL download save to desktop so this is not yet in programs, I will try again as I need to run this next for the next part of your procedure.
--------------
OTL logfile created on: 4/6/2010 10:00:55 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\John.Walker\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 171.83 Gb Free Space | 79.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.99 Gb Total Space | 1.92 Gb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNWALKER-PC
Current User Name: John.Walker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/06 09:57:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\John.Walker\Downloads\OTL(2).exe
PRC - [2010/03/23 13:21:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/25 18:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 18:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/07/30 17:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 17:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/30 14:28:18 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 14:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2009/07/29 16:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/29 13:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/27 23:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/23 10:12:00 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/18 22:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/04/03 13:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/07/15 22:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/03/29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2007/03/28 17:43:11 | 000,009,728 | ---- | M] (Sage Software SB, Inc) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [1998/04/29 05:01:00 | 000,176,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\ACT\SideACT.exe
PRC - [1998/04/29 05:01:00 | 000,034,816 | ---- | M] () -- C:\Program Files\Symantec\ACT\ACTLDR.EXE

========== Modules (SafeList) ==========

MOD - [2010/04/06 09:57:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\John.Walker\Downloads\OTL(2).exe
MOD - [2009/07/23 10:05:18 | 000,089,872 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/08/25 18:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/30 14:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 16:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/29 13:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/23 10:05:32 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/23 10:05:26 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/07/20 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 19:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/07/15 22:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/03/15 15:04:54 | 002,702,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/12/13 02:12:11 | 000,000,000 | ---D | M] [Kernel | On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Ripper\ -- (N)
DRV - [2009/11/16 10:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/11/16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/07/30 01:33:04 | 000,213,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/29 16:30:28 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/07/29 16:30:20 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/07/29 16:30:18 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/07/29 16:30:16 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/28 11:31:00 | 005,924,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/20 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 21:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 21:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/07/01 13:46:14 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/07/01 13:46:12 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/07/01 13:46:04 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/05/26 00:12:00 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/18 22:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/05/16 02:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 02:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 02:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 02:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 02:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 16:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/07 16:32:50 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007/11/05 12:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.offerbox.com/en/?s=h&c=1002094007
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 57 0C C3 04 77 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "OfferBox Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 12:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 12:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/01 17:46:45 | 000,000,000 | ---D | M]

[2010/04/02 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Extensions
[2010/04/02 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/02/09 07:39:16 | 000,000,000 | ---D | M] -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Firefox\Profiles\byica5f7.default\extensions
[2010/02/09 10:14:34 | 000,023,894 | ---- | M] () -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Firefox\Profiles\byica5f7.default\searchplugins\OfferBox Search.xml
[2010/02/08 15:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\ACT for Windows\ActSage.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b75c06cf-ef9b-11de-8608-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{b75c06cf-ef9b-11de-8608-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b75c06d1-ef9b-11de-8608-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{b75c06d1-ef9b-11de-8608-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f855-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f855-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f85d-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f85d-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f872-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f872-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f874-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f874-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 03:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 09:23:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/05 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\Documents\HiJack and OTL Logfiles
[2010/04/05 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/05 13:01:40 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/04/05 13:01:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/04/05 13:01:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/04/02 13:18:18 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\Documents\TomTom
[2010/04/02 13:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010/04/02 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Roaming\TomTom
[2010/04/02 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Local\TomTom
[2010/04/02 13:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/04/02 13:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010/03/23 10:33:18 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs
[2010/03/18 10:57:05 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Local\WinZip
[2010/03/15 17:19:10 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Roaming\PrimoPDF
[2010/03/15 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/03/13 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2009/12/01 12:44:46 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/12/01 12:44:44 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/04/06 10:02:47 | 006,029,312 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat
[2010/04/06 09:33:46 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 09:33:46 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 09:31:00 | 000,783,328 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/04/06 09:31:00 | 000,669,254 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/04/06 09:31:00 | 000,125,918 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/04/06 09:28:37 | 000,001,890 | -HS- | M] () -- C:\windows\System32\KGyGaAvL.sys
[2010/04/06 09:26:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2010/04/06 09:26:32 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/06 09:26:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/06 09:26:23 | 2359,504,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/06 03:15:47 | 000,524,288 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000002.regtrans-ms
[2010/04/06 03:15:47 | 000,524,288 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000001.regtrans-ms
[2010/04/06 03:15:47 | 000,065,536 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TM.blf
[2010/04/06 03:15:45 | 003,785,321 | -H-- | M] () -- C:\Users\John.Walker\AppData\Local\IconCache.db
[2010/04/05 13:12:04 | 000,002,039 | ---- | M] () -- C:\Users\John.Walker\Desktop\HijackThis.lnk
[2010/04/01 09:10:35 | 000,002,000 | -H-- | M] () -- C:\Users\John.Walker\Documents\Default.rdp
[2010/03/23 10:32:36 | 001,027,434 | ---- | M] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe
[2010/03/18 18:00:55 | 000,972,626 | ---- | M] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip
[2010/03/18 13:09:19 | 000,004,341 | ---- | M] () -- C:\Users\John.Walker\Desktop\template_5.xls.zip
[2010/03/15 17:17:09 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/15 17:17:07 | 000,000,314 | ---- | M] () -- C:\windows\primopdf.ini
[2010/03/15 15:06:11 | 001,047,740 | ---- | M] () -- C:\windows\System32\oem34.inf
[2010/03/15 15:04:57 | 000,006,656 | ---- | M] () -- C:\windows\System32\bcmwlrc.dll
[2010/03/15 15:04:54 | 003,870,720 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvsrv.dll
[2010/03/15 15:04:54 | 003,559,424 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvui.dll
[2010/03/15 15:04:54 | 002,702,328 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\drivers\BCMWL6.SYS
[2010/03/15 15:04:54 | 000,091,376 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmwlcoi.dll
[2010/03/13 15:34:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/03/12 12:04:53 | 000,003,985 | ---- | M] () -- C:\Users\John.Walker\Desktop\DORLET_110310.RPT
[2010/03/08 23:51:51 | 000,000,478 | ---- | M] () -- C:\windows\win.ini

========== Files Created - No Company Name ==========

[2010/04/05 13:12:04 | 000,002,039 | ---- | C] () -- C:\Users\John.Walker\Desktop\HijackThis.lnk
[2010/04/05 12:56:57 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000002.regtrans-ms
[2010/04/05 12:56:57 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000001.regtrans-ms
[2010/04/05 12:56:57 | 000,065,536 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TM.blf
[2010/03/23 10:32:36 | 001,027,434 | ---- | C] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe
[2010/03/18 18:00:55 | 000,972,626 | ---- | C] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip
[2010/03/18 13:09:19 | 000,004,341 | ---- | C] () -- C:\Users\John.Walker\Desktop\template_5.xls.zip
[2010/03/15 17:17:09 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/15 17:17:08 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2010/03/15 15:06:26 | 001,047,740 | ---- | C] () -- C:\windows\System32\oem34.inf
[2010/03/13 15:34:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/03/12 12:04:53 | 000,003,985 | ---- | C] () -- C:\Users\John.Walker\Desktop\DORLET_110310.RPT
[2010/02/09 10:14:11 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2010/02/09 10:14:11 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2010/01/08 16:21:53 | 000,038,497 | ---- | C] () -- C:\Users\John.Walker\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/01/02 19:48:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/01 18:11:21 | 000,000,008 | RHS- | C] () -- C:\windows\System32\2B33C0A001.sys
[2009/12/23 01:17:53 | 000,001,890 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2009/12/23 01:17:53 | 000,000,088 | RHS- | C] () -- C:\windows\System32\C20235DC19.sys
[2009/12/23 01:12:53 | 000,000,000 | -H-- | C] () -- C:\Users\John.Walker\AppData\Roaming\ActUpdate.log
[2009/12/15 23:45:14 | 000,000,000 | ---- | C] () -- C:\windows\pcfriend.INI
[2009/12/12 20:14:02 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2009/12/11 21:07:48 | 000,094,720 | ---- | C] () -- C:\windows\System32\SH30W32.DLL
[2009/12/11 21:07:38 | 000,000,443 | ---- | C] () -- C:\windows\8272A4GS.INI
[2009/12/11 21:07:38 | 000,000,412 | ---- | C] () -- C:\windows\VIAPLAY.INI
[2009/12/11 21:07:38 | 000,000,000 | R--- | C] () -- C:\windows\VMARK.INI
[2009/12/11 21:03:13 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{959f4198-e67d-11de-b652-00247ed755f8}.TMContainer00000000000000000002.regtrans-ms
[2009/12/11 21:03:13 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{959f4198-e67d-11de-b652-00247ed755f8}.TMContainer00000000000000000001.regtrans-ms
[2009/12/11 21:03:13 | 000,065,536 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{959f4198-e67d-11de-b652-00247ed755f8}.TM.blf
[2009/12/11 15:14:24 | 000,000,017 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\resmon.resmoncfg
[2009/12/05 15:49:46 | 000,033,134 | ---- | C] () -- C:\Users\John.Walker\AppData\Roaming\UserTile.png
[2009/12/01 17:04:10 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/01 16:42:01 | 000,103,720 | ---- | C] () -- C:\Users\John.Walker\GoToAssistDownloadHelper.exe
[2009/12/01 13:07:02 | 000,000,000 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\QSwitch.txt
[2009/12/01 13:07:02 | 000,000,000 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\DSwitch.txt
[2009/12/01 13:07:02 | 000,000,000 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\AtStart.txt
[2009/12/01 12:46:13 | 000,000,880 | ---- | C] () -- C:\windows\HBCIKRNL.INI
[2009/12/01 12:45:07 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009/12/01 12:44:45 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/12/01 12:44:44 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/12/01 12:44:44 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009/12/01 12:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/01 12:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/01 12:35:54 | 000,262,144 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat.LOG1
[2009/12/01 12:35:54 | 000,065,536 | -HS- | C] () -- C:\Users\John.Walker\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/12/01 12:35:54 | 000,000,000 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat.LOG2
[2009/12/01 12:35:53 | 006,029,312 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat
[2009/12/01 12:35:53 | 000,000,020 | -HS- | C] () -- C:\Users\John.Walker\ntuser.ini
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2009/09/17 05:17:01 | 000,000,178 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/31 02:58:42 | 000,000,314 | ---- | C] () -- C:\windows\primopdf.ini
[2009/07/29 16:30:16 | 000,109,216 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/07/16 01:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/05/26 00:12:00 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\windows\System32\Iticheck.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys
[2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[2009/07/14 02:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

OTL Extras logfile created on: 4/6/2010 10:00:55 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\John.Walker\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 171.83 Gb Free Space | 79.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.99 Gb Total Space | 1.92 Gb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNWALKER-PC
Current User Name: John.Walker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004739E9-9BBF-4A8B-9FAC-EB7CA5B7A9D9}" = HP User Guides 0136
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0934E41E-D8EE-478A-A540-AE9FAE399D5D}" = HP ProtectTools Security Manager
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28C7F7AB-B6D7-4092-B2BC-746CE171D493}" = ACT!
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3291E190-DB36-45F8-A119-A5C58645D382}" = HP QuickLook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3B84CB71-78CA-4E9B-9167-1B877D60FB97}" = HP JavaCard for HP ProtectTools
"{3CD5E925-0EFE-4E0E-849E-BAF2E6D9E1C5}" = Credential Manager for HP ProtectTools
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{88A785A2-3EA6-4A2D-ABEE-68E9E55A39F8}" = NTI Ripper
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8CA0170E-6E9E-43A5-AE1F-85A82820B847}" = FreeCompressor
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"ACT! 4.0 for Windows" = ACT! 4.0 for Windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.65
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{28C7F7AB-B6D7-4092-B2BC-746CE171D493}" = ACT! by Sage
"LiveUpdate" = LiveUpdate
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"PCFriendly" = PCFriendly
"PDF Complete" = PDF Complete Special Edition
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thanks for your help on this. Two things to note:
1. I haven't had the infection reported again on my virus checker ( i had done a system restore previous to my posting to you)
2. The problem with ACT 2007 (9.0) persists and is causing me some problems, I'm hoping that the resolution of the infection will also have a positive effect on the ACT database.

Regards,
John
 
#4 ·
Hello Emeraldnzl,
Thanks so much for your help on this. Here is the log from OTL although you will note that I had incorrectly copied and pasted info from your email reply - but I don't think this has had an adverse effect on this log - hopefully!

All processes killed
Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== FILES ==========
File\Folder C:\Users\Public\infocard.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 462379 bytes
->Temporary Internet Files folder emptied: 35100948 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: John.Walker
->Temp folder emptied: 1079569071 bytes
->Temporary Internet Files folder emptied: 109324133 bytes
->FireFox cache emptied: 37882748 bytes
->Flash cache emptied: 41179 bytes

User: john.walker.HAGUE
->Temp folder emptied: 432958 bytes
->Temporary Internet Files folder emptied: 2952284 bytes
->Flash cache emptied: 405 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 309760 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528323336 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 741060668 bytes

Total Files Cleaned = 2,418.00 mb

OTL by OldTimer - Version 3.2.1.0 log created on 04062010_092334

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

--------------------
Another small note is that I couldn't get the OTL download save to desktop so this is not yet in programs, I will try again as I need to run this next for the next part of your procedure.
--------------
OTL logfile created on: 4/6/2010 10:00:55 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\John.Walker\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 171.83 Gb Free Space | 79.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.99 Gb Total Space | 1.92 Gb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNWALKER-PC
Current User Name: John.Walker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/06 09:57:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\John.Walker\Downloads\OTL(2).exe
PRC - [2010/03/23 13:21:28 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/25 18:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 18:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/07/30 17:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 17:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/30 14:28:18 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/07/30 14:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2009/07/29 16:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/29 13:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/27 23:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/07/23 10:12:00 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 17:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 17:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/18 22:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/04/03 13:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/07/15 22:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/03/29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
PRC - [2007/03/28 17:43:11 | 000,009,728 | ---- | M] (Sage Software SB, Inc) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [1998/04/29 05:01:00 | 000,176,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\ACT\SideACT.exe
PRC - [1998/04/29 05:01:00 | 000,034,816 | ---- | M] () -- C:\Program Files\Symantec\ACT\ACTLDR.EXE

========== Modules (SafeList) ==========

MOD - [2010/04/06 09:57:48 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\John.Walker\Downloads\OTL(2).exe
MOD - [2009/07/23 10:05:18 | 000,089,872 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/11/16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/08/25 18:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/07/30 17:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/30 14:24:02 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 16:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/29 13:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/23 10:05:32 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/23 10:05:26 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/07/20 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 19:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/03 17:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$ACT7) SQL Server (ACT7)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/07/15 22:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2010/03/15 15:04:54 | 002,702,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/12/13 02:12:11 | 000,000,000 | ---D | M] [Kernel | On_Demand | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Ripper\ -- (N)
DRV - [2009/11/16 10:06:52 | 000,095,896 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/11/16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/07/30 01:33:04 | 000,213,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/29 16:30:28 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/07/29 16:30:20 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/07/29 16:30:18 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/07/29 16:30:16 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/28 11:31:00 | 005,924,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/20 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/08 21:48:38 | 000,025,656 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2009/07/08 21:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV - [2009/07/02 11:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/07/01 13:46:14 | 000,086,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/07/01 13:46:12 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/07/01 13:46:04 | 000,018,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/05/26 00:12:00 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/18 22:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/05/16 02:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 02:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 02:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 02:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 02:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 16:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/07 16:32:50 | 000,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2007/11/05 12:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.offerbox.com/en/?s=h&c=1002094007
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 57 0C C3 04 77 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "OfferBox Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 12:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/05 12:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/12/01 17:46:45 | 000,000,000 | ---D | M]

[2010/04/02 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Extensions
[2010/04/02 13:17:50 | 000,000,000 | ---D | M] -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/02/09 07:39:16 | 000,000,000 | ---D | M] -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Firefox\Profiles\byica5f7.default\extensions
[2010/02/09 10:14:34 | 000,023,894 | ---- | M] () -- C:\Users\John.Walker\AppData\Roaming\Mozilla\Firefox\Profiles\byica5f7.default\searchplugins\OfferBox Search.xml
[2010/02/08 15:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\ACT for Windows\ActSage.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe (Sage Software SB, Inc)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - c:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b75c06cf-ef9b-11de-8608-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{b75c06cf-ef9b-11de-8608-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b75c06d1-ef9b-11de-8608-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{b75c06d1-ef9b-11de-8608-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f855-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f855-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f85d-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f85d-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f872-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f872-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f655f874-e892-11de-b2fb-00247ed755f8}\Shell - "" = AutoRun
O33 - MountPoints2\{f655f874-e892-11de-b2fb-00247ed755f8}\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 03:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 09:23:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/05 13:13:42 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\Documents\HiJack and OTL Logfiles
[2010/04/05 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/05 13:01:40 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/04/05 13:01:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/04/05 13:01:38 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/04/02 13:18:18 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\Documents\TomTom
[2010/04/02 13:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2010/04/02 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Roaming\TomTom
[2010/04/02 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Local\TomTom
[2010/04/02 13:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/04/02 13:14:47 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010/03/23 10:33:18 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs
[2010/03/18 10:57:05 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Local\WinZip
[2010/03/15 17:19:10 | 000,000,000 | ---D | C] -- C:\Users\John.Walker\AppData\Roaming\PrimoPDF
[2010/03/15 17:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/03/13 15:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2009/12/01 12:44:46 | 000,256,560 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/12/01 12:44:44 | 000,203,312 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/04/06 10:02:47 | 006,029,312 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat
[2010/04/06 09:33:46 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 09:33:46 | 000,020,720 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/06 09:31:00 | 000,783,328 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/04/06 09:31:00 | 000,669,254 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/04/06 09:31:00 | 000,125,918 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/04/06 09:28:37 | 000,001,890 | -HS- | M] () -- C:\windows\System32\KGyGaAvL.sys
[2010/04/06 09:26:34 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2010/04/06 09:26:32 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/06 09:26:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/06 09:26:23 | 2359,504,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/06 03:15:47 | 000,524,288 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000002.regtrans-ms
[2010/04/06 03:15:47 | 000,524,288 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000001.regtrans-ms
[2010/04/06 03:15:47 | 000,065,536 | -HS- | M] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TM.blf
[2010/04/06 03:15:45 | 003,785,321 | -H-- | M] () -- C:\Users\John.Walker\AppData\Local\IconCache.db
[2010/04/05 13:12:04 | 000,002,039 | ---- | M] () -- C:\Users\John.Walker\Desktop\HijackThis.lnk
[2010/04/01 09:10:35 | 000,002,000 | -H-- | M] () -- C:\Users\John.Walker\Documents\Default.rdp
[2010/03/23 10:32:36 | 001,027,434 | ---- | M] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe
[2010/03/18 18:00:55 | 000,972,626 | ---- | M] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip
[2010/03/18 13:09:19 | 000,004,341 | ---- | M] () -- C:\Users\John.Walker\Desktop\template_5.xls.zip
[2010/03/15 17:17:09 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/15 17:17:07 | 000,000,314 | ---- | M] () -- C:\windows\primopdf.ini
[2010/03/15 15:06:11 | 001,047,740 | ---- | M] () -- C:\windows\System32\oem34.inf
[2010/03/15 15:04:57 | 000,006,656 | ---- | M] () -- C:\windows\System32\bcmwlrc.dll
[2010/03/15 15:04:54 | 003,870,720 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvsrv.dll
[2010/03/15 15:04:54 | 003,559,424 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmihvui.dll
[2010/03/15 15:04:54 | 002,702,328 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\drivers\BCMWL6.SYS
[2010/03/15 15:04:54 | 000,091,376 | ---- | M] (Broadcom Corporation) -- C:\windows\System32\bcmwlcoi.dll
[2010/03/13 15:34:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/03/12 12:04:53 | 000,003,985 | ---- | M] () -- C:\Users\John.Walker\Desktop\DORLET_110310.RPT
[2010/03/08 23:51:51 | 000,000,478 | ---- | M] () -- C:\windows\win.ini

========== Files Created - No Company Name ==========

[2010/04/05 13:12:04 | 000,002,039 | ---- | C] () -- C:\Users\John.Walker\Desktop\HijackThis.lnk
[2010/04/05 12:56:57 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000002.regtrans-ms
[2010/04/05 12:56:57 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TMContainer00000000000000000001.regtrans-ms
[2010/04/05 12:56:57 | 000,065,536 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{3d123270-4089-11df-bcf3-8aa291940572}.TM.blf
[2010/03/23 10:32:36 | 001,027,434 | ---- | C] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe
[2010/03/18 18:00:55 | 000,972,626 | ---- | C] () -- C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip
[2010/03/18 13:09:19 | 000,004,341 | ---- | C] () -- C:\Users\John.Walker\Desktop\template_5.xls.zip
[2010/03/15 17:17:09 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/03/15 17:17:08 | 000,176,235 | ---- | C] () -- C:\windows\System32\Primomonnt.dll
[2010/03/15 15:06:26 | 001,047,740 | ---- | C] () -- C:\windows\System32\oem34.inf
[2010/03/13 15:34:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/03/12 12:04:53 | 000,003,985 | ---- | C] () -- C:\Users\John.Walker\Desktop\DORLET_110310.RPT
[2010/02/09 10:14:11 | 000,162,304 | ---- | C] () -- C:\windows\System32\ztvunrar36.dll
[2010/02/09 10:14:11 | 000,077,312 | ---- | C] () -- C:\windows\System32\ztvunace26.dll
[2010/01/08 16:21:53 | 000,038,497 | ---- | C] () -- C:\Users\John.Walker\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/01/02 19:48:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/01 18:11:21 | 000,000,008 | RHS- | C] () -- C:\windows\System32\2B33C0A001.sys
[2009/12/23 01:17:53 | 000,001,890 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys
[2009/12/23 01:17:53 | 000,000,088 | RHS- | C] () -- C:\windows\System32\C20235DC19.sys
[2009/12/23 01:12:53 | 000,000,000 | -H-- | C] () -- C:\Users\John.Walker\AppData\Roaming\ActUpdate.log
[2009/12/15 23:45:14 | 000,000,000 | ---- | C] () -- C:\windows\pcfriend.INI
[2009/12/12 20:14:02 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2009/12/11 21:07:48 | 000,094,720 | ---- | C] () -- C:\windows\System32\SH30W32.DLL
[2009/12/11 21:07:38 | 000,000,443 | ---- | C] () -- C:\windows\8272A4GS.INI
[2009/12/11 21:07:38 | 000,000,412 | ---- | C] () -- C:\windows\VIAPLAY.INI
[2009/12/11 21:07:38 | 000,000,000 | R--- | C] () -- C:\windows\VMARK.INI
[2009/12/11 21:03:13 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{959f4198-e67d-11de-b652-00247ed755f8}.TMContainer00000000000000000002.regtrans-ms
[2009/12/11 21:03:13 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{959f4198-e67d-11de-b652-00247ed755f8}.TMContainer00000000000000000001.regtrans-ms
[2009/12/11 21:03:13 | 000,065,536 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat{959f4198-e67d-11de-b652-00247ed755f8}.TM.blf
[2009/12/11 15:14:24 | 000,000,017 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\resmon.resmoncfg
[2009/12/05 15:49:46 | 000,033,134 | ---- | C] () -- C:\Users\John.Walker\AppData\Roaming\UserTile.png
[2009/12/01 17:04:10 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/01 16:42:01 | 000,103,720 | ---- | C] () -- C:\Users\John.Walker\GoToAssistDownloadHelper.exe
[2009/12/01 13:07:02 | 000,000,000 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\QSwitch.txt
[2009/12/01 13:07:02 | 000,000,000 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\DSwitch.txt
[2009/12/01 13:07:02 | 000,000,000 | ---- | C] () -- C:\Users\John.Walker\AppData\Local\AtStart.txt
[2009/12/01 12:46:13 | 000,000,880 | ---- | C] () -- C:\windows\HBCIKRNL.INI
[2009/12/01 12:45:07 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009/12/01 12:44:45 | 001,765,168 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/12/01 12:44:44 | 000,034,480 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/12/01 12:44:44 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2009/12/01 12:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/12/01 12:35:54 | 000,524,288 | -HS- | C] () -- C:\Users\John.Walker\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009/12/01 12:35:54 | 000,262,144 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat.LOG1
[2009/12/01 12:35:54 | 000,065,536 | -HS- | C] () -- C:\Users\John.Walker\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009/12/01 12:35:54 | 000,000,000 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat.LOG2
[2009/12/01 12:35:53 | 006,029,312 | -HS- | C] () -- C:\Users\John.Walker\ntuser.dat
[2009/12/01 12:35:53 | 000,000,020 | -HS- | C] () -- C:\Users\John.Walker\ntuser.ini
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2009/09/17 05:17:01 | 000,000,178 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/31 02:58:42 | 000,000,314 | ---- | C] () -- C:\windows\primopdf.ini
[2009/07/29 16:30:16 | 000,109,216 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2009/07/16 01:50:42 | 000,013,312 | ---- | C] () -- C:\windows\LPRES.DLL
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/05/26 00:12:00 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\windows\System32\Iticheck.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_1f2a8fa4448bd5bf\iaStor.sys
[2009/08/07 14:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_e0df85a86191e9fe\iaStor.sys
[2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[2009/07/14 02:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

OTL Extras logfile created on: 4/6/2010 10:00:55 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\John.Walker\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 171.83 Gb Free Space | 79.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.99 Gb Total Space | 1.92 Gb Free Space | 96.41% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNWALKER-PC
Current User Name: John.Walker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004739E9-9BBF-4A8B-9FAC-EB7CA5B7A9D9}" = HP User Guides 0136
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0934E41E-D8EE-478A-A540-AE9FAE399D5D}" = HP ProtectTools Security Manager
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{28C7F7AB-B6D7-4092-B2BC-746CE171D493}" = ACT!
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3291E190-DB36-45F8-A119-A5C58645D382}" = HP QuickLook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3B84CB71-78CA-4E9B-9167-1B877D60FB97}" = HP JavaCard for HP ProtectTools
"{3CD5E925-0EFE-4E0E-849E-BAF2E6D9E1C5}" = Credential Manager for HP ProtectTools
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6864ABC3-A982-436B-BEF1-5652D6303361}" = ESET NOD32 Antivirus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{88A785A2-3EA6-4A2D-ABEE-68E9E55A39F8}" = NTI Ripper
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8CA0170E-6E9E-43A5-AE1F-85A82820B847}" = FreeCompressor
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"ACT! 4.0 for Windows" = ACT! 4.0 for Windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freecom Network Storage Assistant_is1" = Freecom Network Storage Assistant 1.65
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{28C7F7AB-B6D7-4092-B2BC-746CE171D493}" = ACT! by Sage
"LiveUpdate" = LiveUpdate
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"PCFriendly" = PCFriendly
"PDF Complete" = PDF Complete Special Edition
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thanks for your help on this. Two things to note:
1. I haven't had the infection reported again on my virus checker ( i had done a system restore previous to my posting to you)
2. The problem with ACT 2007 (9.0) persists and is causing me some problems, I'm hoping that the resolution of the infection will also have a positive effect on the ACT database.

Regards,
John
 
#6 ·
Hello John,

Sorry to pester, but I wanted to know that my reply had been received OK?
No you are not pestering me. For some reason I didn't get the automated e-mail notification of your reply.

If this happens again and you don't receive a reply with 24hours just PM me.

My apologies for the delay.

Now

Something funny going on there. Neither the HJT log or OTL are telling me what OS platform you are running from.

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
 
#7 ·
Hi,

Thanks for your reply, here's the MGA Diag report:

Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-788W3-H689G-6P6GT
Windows Product Key Hash: yr8OHoeXhbT4dc6MxGYjdAStSPY=
Windows Product ID: 00371-OEM-8992671-00008
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {869B776C-6DCF-4B8E-96B8-A10540671A8D}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.091207-1941
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\windows\system32\wat\watadminsvc.exe[hr = 0x80070002]
File Mismatch: C:\windows\system32\wat\npwatweb.dll[hr = 0x80070002]
File Mismatch: C:\windows\system32\wat\watux.exe[hr = 0x80070002]
File Mismatch: C:\windows\system32\wat\watweb.dll[hr = 0x80070002]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{869B776C-6DCF-4B8E-96B8-A10540671A8D}</UGUID><Version>1.9.0019.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-6P6GT</PKey><PID>00371-OEM-8992671-00008</PID><PIDType>2</PIDType><SID>S-1-5-21-2877129937-820309355-2557697650</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP ProBook 4510s</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>68PZI Ver. F.0D</Version><SMBIOSVersion major="2" minor="4"/><Date>20090910000000.000000+000</Date></BIOS><HWID>BCBA3607018400FA</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65502</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 50e329f7-a5fa-46b2-85fd-f224e5da7764
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00178-926-700008-02-2057-7600.0000-3352009
Installation ID: 017002235780900794900291735635192376786953966262161306
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 6P6GT
License Status: Licensed
Remaining Windows rearm count: 1
Trusted time: 09/04/2010 08:59:06

Windows Activation Technologies-->
HrOffline: N/A
HrOnline: N/A
HealthStatus: N/A
Event Time Stamp: N/A
WAT Activex: Not Registered - 0x80040154
WAT Admin Service: Not Registered - 0x80040154

HWID Data-->
HWID Hash Current: MAAAAAEAAQABAAIAAAABAAAAAwABAAEAeqiaOOAEzMCU6VyhcL9OCbCcPpKgNiqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM 3072
FACP HPQOEM 3072
HPET HPQOEM 3072
MCFG HPQOEM 3072
ASF! HPQOEM 3072
SSDT HPQOEM SataAhci
SLIC HPQOEM SLIC-MPC
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci
SSDT HPQOEM SataAhci

Regards,
John
 
#8 ·
Hello JohnJJ,

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
 
#10 ·
Here's the result - no infection found !
I did do a System Restore before I did my furst post to you, hoping that this action woudl clean the infection. Not sure that it woudl though, what would you say about that?
I posted because I still have the problem with ACT 2007 not opening, and this application is obviously important to me.
I have not had a further report from my virus scanner that there is an infection. Maybe it's is clean?
Should I do the complete scan?
Thanks for your help.
John

alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3970

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/04/2010 10:02:08
mbam-log-2010-04-09 (10-02-08).txt

Scan type: Quick scan
Objects scanned: 125527
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
#11 ·
I posted because I still have the problem with ACT 2007
I wonder whether something got corrupted there when you carried out your System Restore. Perhaps you could back up your data and try a reinstall of the program?

As far as malware goes, nothing is leaping out at me but to be sure we should carry out an on line anti-virus scan.

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox. It uses Java Runtime Environment (JRE) .

Please follow these steps:


Now go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.
 
#12 ·
Thanks,

Just for clarity:

I had the problem with ACT after I had the "infection" reported to me by my virus checker, but BEFORE I system restored.

I'd started a full scan for Malwarebytes before receiving your last post, so propose to leave that running then when it's done to follow your further instructions re Kaspersky.

Regardsing ACT I'm not sure if thsi has backed-up properly nor for that matter what files are involved in a dbase backup. I did know with the old ACT 4.0 but this seems more complicated. So a re-install is possible but getting the data is less certain at this stage. It's the data I need of course! Do you know what files are required for the ACT 2007 dbase?

Regards,
John
 
#13 ·
Hi Emeraldnzl,

Here's the full scan result from Malwarebytes. Infection found, I removed it and restarted PC.
Have tried to open ACT - no luck.
.
Malwarebytes Log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3970

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09/04/2010 12:38:32
mbam-log-2010-04-09 (12-38-32).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 267662
Time elapsed: 55 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\John.Walker\Documents\Adobe files\Customers artwork\Universities\Winchester Uni\From customer\THE_UNI_OF_WIN-CMYK.jpg.exe (Trojan.Email.Gen) -> Quarantined and deleted successfully.

Looks like a customer of mine has kindly sent an infected jpg?

Sorry for all the typos - I'm probably stressed out at the mo!

Regards,
John
John
 
#14 ·
It's the data I need of course! Do you know what files are required for the ACT 2007 dbase?
I am afraid I do not know the answer to that. Once we are sure we have got rid of the infection on your machine I can request the admins here to transfer you to another forum that may have some answers for you.

Meantime I look forward to seeing the Kaspersky report.
 
#15 ·
Hello again,

I have had some problems with the Kaspersky routine. Having donloaded Java succesfully, I had a "Application Digital Signature" Error reported on the Kaspersky website. Ignoring this, continued with the routine that you'd outlined. Then I found that Mozilla Firefox kept changing from nomal running to "not responding". Nothing else was running at the tine and I only had one tab open in Firefox. Restarted PC and my router to be sure. Repeated the procedure only to get the same result. :confused: Third time lucky and I got the results after Kaspersky scanning for over 2 hours.
No infection reported. Clicked "View Report" link at the bottom. But this just gave me a small empty window - nothing reported. So I clicked the back button on the browser but this took me back to the first page of Kaspersky before having done a scan.
So I've no report to post, only the fact that after scanning it showed zero infections. I'm not confident that this has been completed properly though.
I checked that my usual security scan program ESAT NOD32 AntiVirus4 was disabled and it was. I thought it might be worthwhie doing a smart sdan with that so I enabled it again and smart scanned. I will leave that going overnight and post that result in the morning (UK time).
One other odd thing to mention is that occassionally the laptop emits a quiet and breif "peep" note. When this happens I often get two "peeps" together separated by about a minute. This has only happened since the original problem.

Regards,
John
 
#16 ·
Hello John,

The more I look at this the more I think it might be a technical problem which I am not qualified to deal with.

My research suggests that peep sounds in HP ProBooks is an indication of some sort of corruption or a hardware failure but I might be wrong.

As I mentioned before I think you might benefit from some tech input.

In the meantime I look forward to the results of the scan you are undertaking.:)
 
#17 ·
Good evening,

The only other problem that I have encountered is with Bluetooth connection. I used to be able to connect to my Nokia, but can't any longer. HP had told me that the fault was with my Nokia but I'm not convinced by that. I will be getting a new phone shortly so had decided to wait until then and see what happens.

The initial reason to post to to you was that my virus checker reported the trojan but could not delete it or clean it. The next day I decided to perform a system restore, but even though the virus seemed to have gone, after running virus checker again, I was still left with the problem of not being able to open the ACT database. This database reports a problem with connection to modem which may be the same problem as the bluetooth connecion I think?

So at the moment I am wanting to be sure that the machine is clean then move onto sorting the dbase first then as a lower priority the bluetooth.

Best regards
John:)

Log from my Virus Checker ESET NOD32:

Scan Log
Version of virus signature database: 5018 (20100411)
Date: 11/04/2010 Time: 23:18:01
Scanned disks, folders and files: Operating memory;C:\Boot sector;E:\Boot sector;C:\;E:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\hp\bin\BlockTracker.py » MIME - is OK (internal scanning not performed)
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht1 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht2 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht11 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht21 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht5 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht6 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht7 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht8 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht9 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht01 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht12 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht13 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht14 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht15 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht16 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht17 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht18 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht19 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht20 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht3 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht22 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht23 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht10 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht4 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ara\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\chs\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\cht\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\csy\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\dan\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\deu\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ell\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\enu\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\esn\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\fin\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\fra\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\heb\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ita\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\jpn\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\kor\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\nld\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\nor\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\plk\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ptb\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ptg\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\rus\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\sky\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\sve\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\trk\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Malwarebytes' Anti-Malware\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Nitro PDF\PrimoPDF\PrimInstInfo.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Microsoft\Crypto\Keys\03f5bbf2bb0a49fb9b82e49d64abceb2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03f7241a4c156545c8767f7da3fe1225_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06ba276bd8807f52098aa20009a851dd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08ced13fec488c4f52aae38ef9853652_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\091f773e3c6a5f7a329079ef96215b9e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0a41f072b1596fd672d816ac6b38f629_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d92423317cd3345b60c3b39a2e4ead3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e6951aac7644cdb699f4c86da9917c2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e6aecf18a8b6d06fb763b0f00a43517_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1330ab20deef1c5bcb43c5e9cd3a8f51_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1386698a65ab1568407491318065f556_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\140c0e2afd095b30eba22f05d77a443b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15bcb80a32fa19d5c028cec4bb10ff79_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\16dbb175c39910e169f27207cfe828a6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1bc6fb78c3234b35a7a1659d09c4e4bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c2b7f78b9e362bf43a68aa15a20f358_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e8a36658cd9c5290c008bfad834454e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\20841c68fbfb05f657424d906e107cc4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\226b2aa00339bb018cbc235215125f0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27029c7fbdb730c108f79c11a88b4861_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a091b5764d5fff83533669848a1d581_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a2897a095fee1b658ce2c97284e3683_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f412553af56ceddcf05cbb228e9e643_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\335a99d6c5e2b8b83cba344f4a4e4a4f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33d5a3f30ae3af6a6f5d1a8fab3ff35e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3448e34b57fc5c353c8a45c8a893ae2f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3470eded03e4733eec8af33601963d49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\357a865994a36d845d099ad53a7f4384_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36075a8c6be6f8dcbec4b62f605901a9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\367983454718ff573421ee1a64f2b16a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\375567249410126dbc6e5448b69fe3c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\385383f9ea4f47a79f9243c24c148759_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39f3e2711827b5cf4d45c83e82245074_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a19091d32e22e4c06db753bf3ecdf20_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c1eb17fca06012acb86e46017cf92ef_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ca0935b06a6b03fb05455cdacdd3d96_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cad43e7bbea8ee20efbea72e1398157_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d06c01c5f6a82668f4da6f338a956e0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f15c05e8577466f80d64f0c3bf70110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ff2f027be15d4b722d7362edd1bfaf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43926f398e8618d6006e840673cbddc7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\439979385d3d0183cca065314fb02388_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43f6cef6673b6003b9d28ce7e223484c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44ddde698af0b3f3910fa798338b3563_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\472e430678f79d26c66be62ca34bf40d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48724566bcaea40ae2c4ccbb4ba173a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a4cfb0445159a9f3771204c0ee6dc80_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a75dad05677dfaa7dff9241057ff842_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c5b86a10621d9a447beaf9c1ec9b2c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d34de200469af879e3a5ffcad1e2e31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e41b111f5c9d00c1fc186ce4f9e7701_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55bd01926ed9bcc1289b77ee4af3863f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56c38c1da57639a61f99bafaef6abfe2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57b1612271a9b2b0ddbf69ae8b6e7a4d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\583460a683e4fa634a976744b87f9754_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a0de0b572b080506246b19030e2f31a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b4bb6ab9d0deb4d9c912373381913bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c1d4db6ddfa708785c44820be76574b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cbfe929c76980947d319033f7001767_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cc7edbade5bdad31a813be78e32ca2c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cf6df78a9114be4092cbf70ebb7d69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f40c82627914b5fc6b68822b6abf83a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\615707758e380a94c597ecbea4e21b6b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\628ccb4b3bc28e47583e6d20da6e3b1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63e79ecc74c907b5f5ba5a94df39f6cd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6500e5e710dfe12f57c93bfbd92025be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6544c32dbf1d240fc0eb00ec2a1d6d98_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\667e390eb6f27d1de38276a9de5eea5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66ac81aed964c3400a2b8de4764a015c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b036828283f000ccfd6c34f85db2923_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6bbcd73c9c9bd9b96638c3df04eb8db6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6bd7bf135d34aec4bd8780cf199a6845_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6e5c7e43fce2b67b7a38d941ab06f582_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\707a8420af20ddc638bdc7e492ca910d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70e178fdec6f37d2219da87010a20ad0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7126a4d9c27b7279e30b71f8f02c3dae_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\71294cbb72af3de3aea0bdf14e629a3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75d94810245c66e908562741fd239997_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78332a858a26548d61ad54c63682e3bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78f574342f1a837ca55b4086c7abfcf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79d005295211868bd7480bde06b570d9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a81daa8dcf406562ccadba26898c7fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ad5a35417c4b88a742247a39991464f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cc58272b0e87e07a18f20c3286cce0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cdb42cfc56c0a303ef165d4c9652ea9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7fa8c8a09bf5bd6add7fdc87f5c218fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\808314508f8eab716a0ad88bda018af0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\817c578703e242f1234b794389a3abf0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\821450bd6fc2525ab6e208b5d6dc5a99_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84587f281c9e7a6e2524e6dd9ce3e97f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89fd723ed2b4b862ca95ab64fc530127_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ad187c5a3d078dd707a2fb0b28eed5b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b08c07440649293f29c5df7c59a509b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b471e73d01ace1a5a0b9cff43b83273_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b78d102589ffcacfccfaa913a953ec0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bf8ee440dedcd62b6fa9128b77ea01d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c29b0ce50632aded0c9c0955e0e44f6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8eadf177ab2a3f64a82db103da99fb73_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f651e3cb534da1b9a0ae8d989397ca3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9136b619dcf326a2c50e730296d951c6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\928a08abac653f97fb1085b1b520f5e1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92b5f2dba1a7c6dac5efa2dd7af9fc5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92d3f043388c1a0db38a0b2778524ddc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93b93942456a477d9fbe20f4738a843f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9564b191993d614b03f248c9b17ead10_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97efc0af6693cf58c291f1d8c371de29_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\987a5445c0444f05d6f8218c9672c3aa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9883cdf087f370c5adc60789759fb440_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98f666bfba7743eeff7781630f71d1d6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\99859e682da8c939bc194eb5119fd8df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\99cb3878e423aa6358b0878604f1c7be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c5b308a9800e706c73047c6a5236721_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cb4c41e1f3a0e7be4f042cbbc5d73e5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cfde5b5b009e3141de3a489a62a0703_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a002f5c50e688d0d8cb3042656a2beb6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a064ab2ef8e2faeca1037d81dde7488d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a08a461920b5122af26b6ef48191524d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a15654b16f267fe712cfaa81845f72ba_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2c699a6303f54f798912807feeb5797_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2fc3c00d1ba0e225d958379fa5ca7c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a691c5b3487970d9f3d7427d66291498_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a9753c57db7db7b0b2c079cc5bda5e3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab046c3062993a476edc7b7461c883c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab823be7c36a3c57675903cf913f2ebe_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abae8004335bb24dc2201b4b8f31dd1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ad606cb50856d35fdabbce08a1f62521_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\adc040b8d7ad7c6ac4aa11e201e7d443_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\adc60576d2afab7a9d834b40bd3d83cc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae709c024358de2ec045650d89adb780_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aed10a19ac7657e064fc90e20bc3fa49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b22116d9fff71a9fe89a9fe6a5096cbc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b27d9888b44386bc5fb1129625d0b953_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3096d15eee7756b091e98a4069b98b7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b364201daa2113d4a9b104228d26f0b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3f2c563b029cf0125ad9811dbbbbebd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5d09ae4b449e5bd2d8ce7a199dab052_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6ec3198374023122ba563831bdca914_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b76dda5a1fdc0751eee90c83c8a9db54_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8d178637e1f123f2d7c650f3ce0b110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b95c5e6da9d0fdcf0ba09167335aebaf_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb08727c02de124e7948b013695e2d3a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcf618d7629c9d389d2873341e7036d5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf21b9742c109669f657c3ca5359b541_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf7d5779e0da9a0e4b0a488894d43df0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c09621ea79900358311a9d4e4a37019f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0cd219a4ccf28139467fdb1b4bbbc60_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3f10ef475304eb2e2465c5f6cb813df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4092fd9e6f3e6b4257701cbd8a0401f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5239d146a02fd43694e76a0b7516f14_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5bc7c1a3fc95aed7db451a634e162fa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c67018132c46ae58176b0c40d8a9f9b0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7d068e56f41be9b1b6bc52f53003f67_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca2d0a58d7eb8273e4a62595585ade3e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca9ba30a478756cd6d01baeaafd9d6df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cca68962ddd4d35b335e780a9415b404_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd7b7fb9233ea2906a91975ea002f0d3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d17b41902eba96d641599e126375d423_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d19f204c02ecfd320295ea1be84a4c31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3fd7e54362e825db941f2a5b31158b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d425b8d530dd2acce56bd46bd965f23d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d740ec60c58b69d0d7d331338edad97a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8846f13a551dde6e1a5b410673b740e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9c3f56e2740e96c53d665971888a08d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da2e1ea7c77b5a1cd29b55453b8b7452_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da95c6377065a89a3261042959ea3d24_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db0a9ed3297ee17d63053fdba02bb097_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc8f25df9080e9435b1978e623a7705a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dcad7656b36e844e509b2e1de27dc69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de4f08a11695a27529014c7ab0e84b7c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df2118957ab5e5c2030db51ce5afec77_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e168751ae9be4511340a005fe6a81e53_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2bc8faacb97f842f2d35892a1ebfe0d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e845f220a67364b45384472e357fe4f2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee2eae9d39474d943bdafdcf35457e9a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee8135e280660cf14a986e4e1d4a54bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef4a36e76a6c2b7dcfb4ca2cc63b10fc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef8356cb0a4103fcbbcda1dde73ae820_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f047fdd3581d7f034de1219a44725e65_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4a56fa992168314591d0243250b803a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4aa4a70ceadf207409d8e342e47cd74_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f528e4dd045752491a04ae92360a0aa4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f589a91a53ee846b38b543909fab9f45_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8188ed161ad50e63641490f9c090655_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fac3627eda1273b511f92ae15ff91ca6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fde2a22e091296bd4d6ed1d9fac59e3d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe481e7f3d975644dbb04e93f50d1305_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fff04bb6d47a1f4ee8cce349db6519db_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\HAGUE+Administrator.dat - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\HAGUE+John.Walker.dat - error opening [4]
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\SYSTEM.SAV\util\App.Evt - error opening [4]
C:\SYSTEM.SAV\util\Sec.Evt - error opening [4]
C:\SYSTEM.SAV\util\SecEvBk1.old - error opening [4]
C:\SYSTEM.SAV\util\Sys.Evt - error opening [4]
C:\SYSTEM.SAV\util\SysEvBk1.old - error opening [4]
C:\SYSTEM.SAV\util\USW732PR_App.Evt - error opening [4]
C:\SYSTEM.SAV\util\USW732PR_Sec.Evt - error opening [4]
C:\SYSTEM.SAV\util\USW732PR_Sys.Evt - error opening [4]
C:\Users\All Users\Microsoft\Crypto\Keys\03f5bbf2bb0a49fb9b82e49d64abceb2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\03f7241a4c156545c8767f7da3fe1225_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\06ba276bd8807f52098aa20009a851dd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\08ced13fec488c4f52aae38ef9853652_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\091f773e3c6a5f7a329079ef96215b9e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0a41f072b1596fd672d816ac6b38f629_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0d92423317cd3345b60c3b39a2e4ead3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0e6951aac7644cdb699f4c86da9917c2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0e6aecf18a8b6d06fb763b0f00a43517_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1330ab20deef1c5bcb43c5e9cd3a8f51_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1386698a65ab1568407491318065f556_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\140c0e2afd095b30eba22f05d77a443b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\15bcb80a32fa19d5c028cec4bb10ff79_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\16dbb175c39910e169f27207cfe828a6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1bc6fb78c3234b35a7a1659d09c4e4bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1c2b7f78b9e362bf43a68aa15a20f358_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1e8a36658cd9c5290c008bfad834454e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\20841c68fbfb05f657424d906e107cc4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\226b2aa00339bb018cbc235215125f0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\27029c7fbdb730c108f79c11a88b4861_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a091b5764d5fff83533669848a1d581_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a2897a095fee1b658ce2c97284e3683_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2f412553af56ceddcf05cbb228e9e643_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\335a99d6c5e2b8b83cba344f4a4e4a4f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\33d5a3f30ae3af6a6f5d1a8fab3ff35e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3448e34b57fc5c353c8a45c8a893ae2f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3470eded03e4733eec8af33601963d49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\357a865994a36d845d099ad53a7f4384_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\36075a8c6be6f8dcbec4b62f605901a9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\367983454718ff573421ee1a64f2b16a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\375567249410126dbc6e5448b69fe3c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\385383f9ea4f47a79f9243c24c148759_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\39f3e2711827b5cf4d45c83e82245074_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3a19091d32e22e4c06db753bf3ecdf20_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3c1eb17fca06012acb86e46017cf92ef_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ca0935b06a6b03fb05455cdacdd3d96_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3cad43e7bbea8ee20efbea72e1398157_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3d06c01c5f6a82668f4da6f338a956e0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3f15c05e8577466f80d64f0c3bf70110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ff2f027be15d4b722d7362edd1bfaf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\43926f398e8618d6006e840673cbddc7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\439979385d3d0183cca065314fb02388_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\43f6cef6673b6003b9d28ce7e223484c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\44ddde698af0b3f3910fa798338b3563_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\472e430678f79d26c66be62ca34bf40d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\48724566bcaea40ae2c4ccbb4ba173a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a4cfb0445159a9f3771204c0ee6dc80_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a75dad05677dfaa7dff9241057ff842_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4c5b86a10621d9a447beaf9c1ec9b2c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4d34de200469af879e3a5ffcad1e2e31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4e41b111f5c9d00c1fc186ce4f9e7701_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\55bd01926ed9bcc1289b77ee4af3863f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\56c38c1da57639a61f99bafaef6abfe2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\57b1612271a9b2b0ddbf69ae8b6e7a4d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\583460a683e4fa634a976744b87f9754_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5a0de0b572b080506246b19030e2f31a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5b4bb6ab9d0deb4d9c912373381913bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5c1d4db6ddfa708785c44820be76574b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cbfe929c76980947d319033f7001767_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cc7edbade5bdad31a813be78e32ca2c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cf6df78a9114be4092cbf70ebb7d69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5f40c82627914b5fc6b68822b6abf83a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\615707758e380a94c597ecbea4e21b6b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\628ccb4b3bc28e47583e6d20da6e3b1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\63e79ecc74c907b5f5ba5a94df39f6cd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6500e5e710dfe12f57c93bfbd92025be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6544c32dbf1d240fc0eb00ec2a1d6d98_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\667e390eb6f27d1de38276a9de5eea5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\66ac81aed964c3400a2b8de4764a015c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6b036828283f000ccfd6c34f85db2923_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6bbcd73c9c9bd9b96638c3df04eb8db6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6bd7bf135d34aec4bd8780cf199a6845_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6e5c7e43fce2b67b7a38d941ab06f582_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\707a8420af20ddc638bdc7e492ca910d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\70e178fdec6f37d2219da87010a20ad0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7126a4d9c27b7279e30b71f8f02c3dae_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\71294cbb72af3de3aea0bdf14e629a3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\75d94810245c66e908562741fd239997_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\78332a858a26548d61ad54c63682e3bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\78f574342f1a837ca55b4086c7abfcf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\79d005295211868bd7480bde06b570d9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7a81daa8dcf406562ccadba26898c7fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7ad5a35417c4b88a742247a39991464f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7cc58272b0e87e07a18f20c3286cce0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7cdb42cfc56c0a303ef165d4c9652ea9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7fa8c8a09bf5bd6add7fdc87f5c218fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\808314508f8eab716a0ad88bda018af0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\817c578703e242f1234b794389a3abf0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\821450bd6fc2525ab6e208b5d6dc5a99_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84587f281c9e7a6e2524e6dd9ce3e97f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\89fd723ed2b4b862ca95ab64fc530127_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8ad187c5a3d078dd707a2fb0b28eed5b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b08c07440649293f29c5df7c59a509b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b471e73d01ace1a5a0b9cff43b83273_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b78d102589ffcacfccfaa913a953ec0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8bf8ee440dedcd62b6fa9128b77ea01d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8c29b0ce50632aded0c9c0955e0e44f6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8eadf177ab2a3f64a82db103da99fb73_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f651e3cb534da1b9a0ae8d989397ca3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9136b619dcf326a2c50e730296d951c6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\928a08abac653f97fb1085b1b520f5e1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\92b5f2dba1a7c6dac5efa2dd7af9fc5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\92d3f043388c1a0db38a0b2778524ddc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\93b93942456a477d9fbe20f4738a843f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9564b191993d614b03f248c9b17ead10_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\97efc0af6693cf58c291f1d8c371de29_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\987a5445c0444f05d6f8218c9672c3aa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9883cdf087f370c5adc60789759fb440_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\98f666bfba7743eeff7781630f71d1d6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\99859e682da8c939bc194eb5119fd8df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\99cb3878e423aa6358b0878604f1c7be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9c5b308a9800e706c73047c6a5236721_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9cb4c41e1f3a0e7be4f042cbbc5d73e5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9cfde5b5b009e3141de3a489a62a0703_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a002f5c50e688d0d8cb3042656a2beb6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a064ab2ef8e2faeca1037d81dde7488d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a08a461920b5122af26b6ef48191524d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a15654b16f267fe712cfaa81845f72ba_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a2c699a6303f54f798912807feeb5797_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a2fc3c00d1ba0e225d958379fa5ca7c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a691c5b3487970d9f3d7427d66291498_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a9753c57db7db7b0b2c079cc5bda5e3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab046c3062993a476edc7b7461c883c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab823be7c36a3c57675903cf913f2ebe_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\abae8004335bb24dc2201b4b8f31dd1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ad606cb50856d35fdabbce08a1f62521_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\adc040b8d7ad7c6ac4aa11e201e7d443_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\adc60576d2afab7a9d834b40bd3d83cc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ae709c024358de2ec045650d89adb780_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\aed10a19ac7657e064fc90e20bc3fa49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b22116d9fff71a9fe89a9fe6a5096cbc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b27d9888b44386bc5fb1129625d0b953_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b3096d15eee7756b091e98a4069b98b7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b364201daa2113d4a9b104228d26f0b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b3f2c563b029cf0125ad9811dbbbbebd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b5d09ae4b449e5bd2d8ce7a199dab052_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b6ec3198374023122ba563831bdca914_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b76dda5a1fdc0751eee90c83c8a9db54_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b8d178637e1f123f2d7c650f3ce0b110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b95c5e6da9d0fdcf0ba09167335aebaf_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bb08727c02de124e7948b013695e2d3a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bcf618d7629c9d389d2873341e7036d5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf21b9742c109669f657c3ca5359b541_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf7d5779e0da9a0e4b0a488894d43df0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c09621ea79900358311a9d4e4a37019f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c0cd219a4ccf28139467fdb1b4bbbc60_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c3f10ef475304eb2e2465c5f6cb813df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c4092fd9e6f3e6b4257701cbd8a0401f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c5239d146a02fd43694e76a0b7516f14_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c5bc7c1a3fc95aed7db451a634e162fa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c67018132c46ae58176b0c40d8a9f9b0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c7d068e56f41be9b1b6bc52f53003f67_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca2d0a58d7eb8273e4a62595585ade3e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca9ba30a478756cd6d01baeaafd9d6df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cca68962ddd4d35b335e780a9415b404_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd7b7fb9233ea2906a91975ea002f0d3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d17b41902eba96d641599e126375d423_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d19f204c02ecfd320295ea1be84a4c31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d3fd7e54362e825db941f2a5b31158b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d425b8d530dd2acce56bd46bd965f23d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d740ec60c58b69d0d7d331338edad97a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d8846f13a551dde6e1a5b410673b740e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d9c3f56e2740e96c53d665971888a08d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\da2e1ea7c77b5a1cd29b55453b8b7452_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\da95c6377065a89a3261042959ea3d24_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\db0a9ed3297ee17d63053fdba02bb097_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\dc8f25df9080e9435b1978e623a7705a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\dcad7656b36e844e509b2e1de27dc69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\de4f08a11695a27529014c7ab0e84b7c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\df2118957ab5e5c2030db51ce5afec77_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e168751ae9be4511340a005fe6a81e53_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e2bc8faacb97f842f2d35892a1ebfe0d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e845f220a67364b45384472e357fe4f2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee2eae9d39474d943bdafdcf35457e9a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee8135e280660cf14a986e4e1d4a54bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef4a36e76a6c2b7dcfb4ca2cc63b10fc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef8356cb0a4103fcbbcda1dde73ae820_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f047fdd3581d7f034de1219a44725e65_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f4a56fa992168314591d0243250b803a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f4aa4a70ceadf207409d8e342e47cd74_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f528e4dd045752491a04ae92360a0aa4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f589a91a53ee846b38b543909fab9f45_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f8188ed161ad50e63641490f9c090655_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fac3627eda1273b511f92ae15ff91ca6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fde2a22e091296bd4d6ed1d9fac59e3d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fe481e7f3d975644dbb04e93f50d1305_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fff04bb6d47a1f4ee8cce349db6519db_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\HAGUE+Administrator.dat - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\HAGUE+John.Walker.dat - error opening [4]
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert _Template 1_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert 6 Template 3_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 4_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 5_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert _Template 1_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Template 3_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 4_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 5_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\Low Use\Firefox Setup 3.6.exe » 7ZIP » nonlocalized/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
C:\Users\John.Walker\Desktop\Low Use\Firefox Setup 3.6.exe » 7ZIP » nonlocalized/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Users\John.Walker\Documents\AAA Proposals\New Prop PC+\new1.zip » ZIP » new1.doc - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Documents\AAA Proposals\New Prop PC+\new1.zip » ZIP » - archive damaged
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Conservatives.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Conservatives.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW1.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW1.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW2.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW2.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague1.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague1.ALF - error opening [4]
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert _Template 1_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Template 3_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 4_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 5_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Data Files\Diabetes\DiabetesUK.zip » ZIP » GP.PRN - error - password-protected file
C:\Users\John.Walker\Documents\Data Files\Diabetes\DiabetesUK.zip » ZIP » CR.PRN - error - password-protected file
C:\Users\John.Walker\Downloads\7z465.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Users\John.Walker\Downloads\jre-6u19-windows-i586-iftw-rv.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Downloads\jre-6u19-windows-i586-iftw-rv.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Downloads\jre-6u19-windows-i586-iftw-rv.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Downloads\mbam-setup.exe » INNO » file0008.bin » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\ACT 4\ACT for Windows\Email\9\ActEmailMessageStore.mdf - error opening [4]
C:\Users\Public\Documents\ACT 4\ACT for Windows\Email\9\ActEmailMessageStoreLog.LDF - error opening [4]
C:\Users\Public\Documents\ACT 4\ACT for Windows 9\Databases\act9demo.adf - error opening [4]
C:\Users\Public\Documents\ACT 4\ACT for Windows 9\Databases\act9demo.alf - error opening [4]
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht1 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht2 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht11 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht21 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht5 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht6 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht7 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht8 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht9 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht01 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht12 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht13 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht14 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht15 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht16 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht17 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht18 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht19 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht20 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht3 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht22 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht23 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht10 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht4 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\PLA\System\System Diagnostics.xml - error opening [4]
C:\Windows\PLA\System\System Performance.xml - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c485cabc-e61d-11de-b650-00247ed755f8}.TM.blf - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c485cabc-e61d-11de-b650-00247ed755f8}.TMContainer00000000000000000001.regtrans-ms - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c485cabc-e61d-11de-b650-00247ed755f8}.TMContainer00000000000000000002.regtrans-ms - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\wbem\AutoRecover\10A9EB2C94277C0A1A6143B54809F210.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\8A20D7181B570E2E2142FB6261D170A2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof - error opening [4]
C:\Windows\System32\winevt\Logs\ActivIdentity.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Credential Manager.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Hewlett-Packard.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Media Center.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-API-Tracing%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppID%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCache%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSync%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DhcpNap%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapHost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-EventCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-FMS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Iphlpsvc%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MCT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NTLM%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PeopleNearMe%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoostDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-VDRVROOT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-VHDMP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\ODiag.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\OSession.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_d104e6cf97534cc4\dnary.xsd - error opening [4]
Number of scanned objects: 438774
Number of threats found: 0
Time of completion: 00:07:43 Total scanning time: 2982 sec (00:49:42)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.
 
#18 ·
Hello JohnJJ,

Well that scan didn't find anything but it did highlight some errors that suggest damage or corruption in some of your files.

Also some that could not be accessed that I would have thought should have been (there are always a number of system and password protected files that won't be accessed).

Were you using the computer at the same time as the scan perhaps?

In any event why don't you try this:

CHKDSK (short for Checkdisk) is a command on computers running DOS, OS/2 and Microsoft Windows operating systems that displays the file system integrity status of hard disks and floppy disk and can fix logical file system errors.

How to run Chkdsk using the Command Line:

Before running Chkdsk, be aware of the following:

* Chkdsk requires exclusive access to a volume while it is running. Chkdsk might display a prompt asking if you want to check the disk the next time you restart your computer.

* Chkdsk might take a long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

* Chkdsk might not accurately report information in read-only mode.

Now

Go to Start > Run and type:

chkdsk C: /f /r note the spaces. They are meant to be there.

Hit OK

If chkdsk does not start immediately reboot your computer. Chkdsk will run during the start up process. It can take a very long time... so be patient.

After that, try running that ESET scan again and post back the results.
 
#19 ·
Hi Emeraldnzl,

Initially had some roblems trying to run chkdsk. PC reported that I didn't have sufficient rights to run it. I checked in my user profile and I'm the administrator, so I rebooted and hit F8, started in Safe Mode and ran chkdsk from there. The the virus checker, here's the result:
Scan Log
Version of virus signature database: 5034 (20100416)
Date: 16/04/2010 Time: 22:47:54
Scanned disks, folders and files: Operating memory;C:\Boot sector;E:\Boot sector;C:\;E:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\hp\bin\BlockTracker.py » MIME - is OK (internal scanning not performed)
C:\Program Files\7-Zip\Uninstall.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht1 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht2 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht11 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht21 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht5 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht6 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht7 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht8 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht9 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht01 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht12 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht13 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht14 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht15 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht16 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht17 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht18 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht19 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht20 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht3 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht22 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht23 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht10 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » getting_started.mht4 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ara\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\chs\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\cht\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\csy\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\dan\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\deu\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ell\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\enu\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\esn\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\fin\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\fra\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\heb\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ita\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\jpn\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\kor\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\nld\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\nor\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\plk\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ptb\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\ptg\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\rus\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\sky\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\sve\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\trk\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\Lang\Storage\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Malwarebytes' Anti-Malware\license.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition - Customized.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Hiring Requisition.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\POLICIES.FDT » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Process Library.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\Track Issues.fdt » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Nitro PDF\PrimoPDF\PrimInstInfo.txt » MIME - is OK (internal scanning not performed)
C:\ProgramData\Microsoft\Crypto\Keys\03f5bbf2bb0a49fb9b82e49d64abceb2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03f7241a4c156545c8767f7da3fe1225_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\06ba276bd8807f52098aa20009a851dd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\08ced13fec488c4f52aae38ef9853652_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\091f773e3c6a5f7a329079ef96215b9e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0a41f072b1596fd672d816ac6b38f629_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d92423317cd3345b60c3b39a2e4ead3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e6951aac7644cdb699f4c86da9917c2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0e6aecf18a8b6d06fb763b0f00a43517_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1330ab20deef1c5bcb43c5e9cd3a8f51_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1386698a65ab1568407491318065f556_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\140c0e2afd095b30eba22f05d77a443b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\15bcb80a32fa19d5c028cec4bb10ff79_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\16dbb175c39910e169f27207cfe828a6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1bc6fb78c3234b35a7a1659d09c4e4bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c2b7f78b9e362bf43a68aa15a20f358_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1e8a36658cd9c5290c008bfad834454e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\20841c68fbfb05f657424d906e107cc4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\226b2aa00339bb018cbc235215125f0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\22d51536eedcfc5f7e7f6e2bdea355e7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27029c7fbdb730c108f79c11a88b4861_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a091b5764d5fff83533669848a1d581_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2a2897a095fee1b658ce2c97284e3683_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f412553af56ceddcf05cbb228e9e643_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\335a99d6c5e2b8b83cba344f4a4e4a4f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\33d5a3f30ae3af6a6f5d1a8fab3ff35e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3448e34b57fc5c353c8a45c8a893ae2f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3470eded03e4733eec8af33601963d49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\357a865994a36d845d099ad53a7f4384_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36075a8c6be6f8dcbec4b62f605901a9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\367983454718ff573421ee1a64f2b16a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\375567249410126dbc6e5448b69fe3c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\385383f9ea4f47a79f9243c24c148759_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\39f3e2711827b5cf4d45c83e82245074_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3a19091d32e22e4c06db753bf3ecdf20_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3c1eb17fca06012acb86e46017cf92ef_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ca0935b06a6b03fb05455cdacdd3d96_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3cad43e7bbea8ee20efbea72e1398157_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3d06c01c5f6a82668f4da6f338a956e0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3f15c05e8577466f80d64f0c3bf70110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ff2f027be15d4b722d7362edd1bfaf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ffd991e4a7a5382989c3227f4c2b9e6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43926f398e8618d6006e840673cbddc7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\439979385d3d0183cca065314fb02388_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\43f6cef6673b6003b9d28ce7e223484c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\44ddde698af0b3f3910fa798338b3563_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\472e430678f79d26c66be62ca34bf40d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\48724566bcaea40ae2c4ccbb4ba173a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a4cfb0445159a9f3771204c0ee6dc80_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4a75dad05677dfaa7dff9241057ff842_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c5b86a10621d9a447beaf9c1ec9b2c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4d34de200469af879e3a5ffcad1e2e31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4e41b111f5c9d00c1fc186ce4f9e7701_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55bd01926ed9bcc1289b77ee4af3863f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\56c38c1da57639a61f99bafaef6abfe2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\57b1612271a9b2b0ddbf69ae8b6e7a4d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\583460a683e4fa634a976744b87f9754_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5a0de0b572b080506246b19030e2f31a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b4bb6ab9d0deb4d9c912373381913bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c1d4db6ddfa708785c44820be76574b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cbfe929c76980947d319033f7001767_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cc7edbade5bdad31a813be78e32ca2c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5cf6df78a9114be4092cbf70ebb7d69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5f40c82627914b5fc6b68822b6abf83a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\615707758e380a94c597ecbea4e21b6b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\628ccb4b3bc28e47583e6d20da6e3b1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\637a9c48b3b8e4ccbdd7a82097a8a511_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63e79ecc74c907b5f5ba5a94df39f6cd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6500e5e710dfe12f57c93bfbd92025be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6544c32dbf1d240fc0eb00ec2a1d6d98_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\667e390eb6f27d1de38276a9de5eea5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\66ac81aed964c3400a2b8de4764a015c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6b036828283f000ccfd6c34f85db2923_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6bbcd73c9c9bd9b96638c3df04eb8db6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6bd7bf135d34aec4bd8780cf199a6845_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6e5c7e43fce2b67b7a38d941ab06f582_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\707a8420af20ddc638bdc7e492ca910d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\70e178fdec6f37d2219da87010a20ad0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7126a4d9c27b7279e30b71f8f02c3dae_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\71294cbb72af3de3aea0bdf14e629a3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\75d94810245c66e908562741fd239997_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78332a858a26548d61ad54c63682e3bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78f574342f1a837ca55b4086c7abfcf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\79d005295211868bd7480bde06b570d9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7a81daa8dcf406562ccadba26898c7fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ad5a35417c4b88a742247a39991464f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cc58272b0e87e07a18f20c3286cce0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7cdb42cfc56c0a303ef165d4c9652ea9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7ed39d5de80dee309bcf001709db4125_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7fa8c8a09bf5bd6add7fdc87f5c218fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\808314508f8eab716a0ad88bda018af0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\817c578703e242f1234b794389a3abf0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\821450bd6fc2525ab6e208b5d6dc5a99_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\84587f281c9e7a6e2524e6dd9ce3e97f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\89fd723ed2b4b862ca95ab64fc530127_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8ad187c5a3d078dd707a2fb0b28eed5b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b08c07440649293f29c5df7c59a509b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b471e73d01ace1a5a0b9cff43b83273_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8b78d102589ffcacfccfaa913a953ec0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8bf8ee440dedcd62b6fa9128b77ea01d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8c29b0ce50632aded0c9c0955e0e44f6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8eadf177ab2a3f64a82db103da99fb73_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\8f651e3cb534da1b9a0ae8d989397ca3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9136b619dcf326a2c50e730296d951c6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\928a08abac653f97fb1085b1b520f5e1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92b5f2dba1a7c6dac5efa2dd7af9fc5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92d3f043388c1a0db38a0b2778524ddc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\93b93942456a477d9fbe20f4738a843f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9564b191993d614b03f248c9b17ead10_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\97efc0af6693cf58c291f1d8c371de29_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\987a5445c0444f05d6f8218c9672c3aa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9883cdf087f370c5adc60789759fb440_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\98f666bfba7743eeff7781630f71d1d6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\99859e682da8c939bc194eb5119fd8df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\99cb3878e423aa6358b0878604f1c7be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9c5b308a9800e706c73047c6a5236721_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cb4c41e1f3a0e7be4f042cbbc5d73e5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9cfde5b5b009e3141de3a489a62a0703_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a002f5c50e688d0d8cb3042656a2beb6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a064ab2ef8e2faeca1037d81dde7488d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a08a461920b5122af26b6ef48191524d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a15654b16f267fe712cfaa81845f72ba_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2c699a6303f54f798912807feeb5797_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a2fc3c00d1ba0e225d958379fa5ca7c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a691c5b3487970d9f3d7427d66291498_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a9753c57db7db7b0b2c079cc5bda5e3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab046c3062993a476edc7b7461c883c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab823be7c36a3c57675903cf913f2ebe_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\abae8004335bb24dc2201b4b8f31dd1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ad606cb50856d35fdabbce08a1f62521_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\adc040b8d7ad7c6ac4aa11e201e7d443_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\adc60576d2afab7a9d834b40bd3d83cc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae709c024358de2ec045650d89adb780_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\aed10a19ac7657e064fc90e20bc3fa49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b22116d9fff71a9fe89a9fe6a5096cbc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b27d9888b44386bc5fb1129625d0b953_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3096d15eee7756b091e98a4069b98b7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b364201daa2113d4a9b104228d26f0b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b3f2c563b029cf0125ad9811dbbbbebd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b5d09ae4b449e5bd2d8ce7a199dab052_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b6ec3198374023122ba563831bdca914_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b76dda5a1fdc0751eee90c83c8a9db54_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b8d178637e1f123f2d7c650f3ce0b110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b95c5e6da9d0fdcf0ba09167335aebaf_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bb08727c02de124e7948b013695e2d3a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bcf618d7629c9d389d2873341e7036d5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf21b9742c109669f657c3ca5359b541_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bf7d5779e0da9a0e4b0a488894d43df0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c09621ea79900358311a9d4e4a37019f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c0cd219a4ccf28139467fdb1b4bbbc60_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3f10ef475304eb2e2465c5f6cb813df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c4092fd9e6f3e6b4257701cbd8a0401f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5239d146a02fd43694e76a0b7516f14_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c5bc7c1a3fc95aed7db451a634e162fa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c67018132c46ae58176b0c40d8a9f9b0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c7d068e56f41be9b1b6bc52f53003f67_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca2d0a58d7eb8273e4a62595585ade3e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca9ba30a478756cd6d01baeaafd9d6df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cca68962ddd4d35b335e780a9415b404_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cd7b7fb9233ea2906a91975ea002f0d3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d17b41902eba96d641599e126375d423_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d19f204c02ecfd320295ea1be84a4c31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3fd7e54362e825db941f2a5b31158b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d425b8d530dd2acce56bd46bd965f23d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d740ec60c58b69d0d7d331338edad97a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d8846f13a551dde6e1a5b410673b740e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d9c3f56e2740e96c53d665971888a08d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da2e1ea7c77b5a1cd29b55453b8b7452_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da95c6377065a89a3261042959ea3d24_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db0a9ed3297ee17d63053fdba02bb097_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dc8f25df9080e9435b1978e623a7705a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dcad7656b36e844e509b2e1de27dc69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\dd07a6bd15dae03f3529f074dd320fee_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\de4f08a11695a27529014c7ab0e84b7c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\df2118957ab5e5c2030db51ce5afec77_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e168751ae9be4511340a005fe6a81e53_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e2bc8faacb97f842f2d35892a1ebfe0d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e845f220a67364b45384472e357fe4f2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee2eae9d39474d943bdafdcf35457e9a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee8135e280660cf14a986e4e1d4a54bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef4a36e76a6c2b7dcfb4ca2cc63b10fc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ef8356cb0a4103fcbbcda1dde73ae820_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f047fdd3581d7f034de1219a44725e65_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4a56fa992168314591d0243250b803a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f4aa4a70ceadf207409d8e342e47cd74_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f528e4dd045752491a04ae92360a0aa4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f589a91a53ee846b38b543909fab9f45_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f8188ed161ad50e63641490f9c090655_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fac3627eda1273b511f92ae15ff91ca6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc42de0a2dd88d18a3b8b705dc5615f9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fde2a22e091296bd4d6ed1d9fac59e3d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe481e7f3d975644dbb04e93f50d1305_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fff04bb6d47a1f4ee8cce349db6519db_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\HAGUE+Administrator.dat - error opening [4]
C:\ProgramData\Microsoft\User Account Pictures\HAGUE+John.Walker.dat - error opening [4]
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Graphics\LANG\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel32Win7\Lang\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Graphics\LANG\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\Intel64Win7\Lang\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\INTELMSM\Lang\Storage\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Graphics\LANG\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\ESP\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\ITA\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\PTB\license.txt » MIME - is OK (internal scanning not performed)
C:\swsetup\sp45279\Lang\HDMI\PTG\license.txt » MIME - is OK (internal scanning not performed)
C:\SYSTEM.SAV\util\App.Evt - error opening [4]
C:\SYSTEM.SAV\util\Sec.Evt - error opening [4]
C:\SYSTEM.SAV\util\SecEvBk1.old - error opening [4]
C:\SYSTEM.SAV\util\Sys.Evt - error opening [4]
C:\SYSTEM.SAV\util\SysEvBk1.old - error opening [4]
C:\SYSTEM.SAV\util\USW732PR_App.Evt - error opening [4]
C:\SYSTEM.SAV\util\USW732PR_Sec.Evt - error opening [4]
C:\SYSTEM.SAV\util\USW732PR_Sys.Evt - error opening [4]
C:\Users\All Users\Microsoft\Crypto\Keys\03f5bbf2bb0a49fb9b82e49d64abceb2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\03f7241a4c156545c8767f7da3fe1225_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\06ba276bd8807f52098aa20009a851dd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\08ced13fec488c4f52aae38ef9853652_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\091f773e3c6a5f7a329079ef96215b9e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0a41f072b1596fd672d816ac6b38f629_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0d92423317cd3345b60c3b39a2e4ead3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0e6951aac7644cdb699f4c86da9917c2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\0e6aecf18a8b6d06fb763b0f00a43517_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1330ab20deef1c5bcb43c5e9cd3a8f51_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1386698a65ab1568407491318065f556_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\140c0e2afd095b30eba22f05d77a443b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\15bcb80a32fa19d5c028cec4bb10ff79_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\16dbb175c39910e169f27207cfe828a6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1bc6fb78c3234b35a7a1659d09c4e4bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1c2b7f78b9e362bf43a68aa15a20f358_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\1e8a36658cd9c5290c008bfad834454e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\20841c68fbfb05f657424d906e107cc4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\226b2aa00339bb018cbc235215125f0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\22d51536eedcfc5f7e7f6e2bdea355e7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\27029c7fbdb730c108f79c11a88b4861_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a091b5764d5fff83533669848a1d581_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2a2897a095fee1b658ce2c97284e3683_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2f412553af56ceddcf05cbb228e9e643_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\335a99d6c5e2b8b83cba344f4a4e4a4f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\33d5a3f30ae3af6a6f5d1a8fab3ff35e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3448e34b57fc5c353c8a45c8a893ae2f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3470eded03e4733eec8af33601963d49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\357a865994a36d845d099ad53a7f4384_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\36075a8c6be6f8dcbec4b62f605901a9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\367983454718ff573421ee1a64f2b16a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\375567249410126dbc6e5448b69fe3c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\385383f9ea4f47a79f9243c24c148759_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\39f3e2711827b5cf4d45c83e82245074_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3a19091d32e22e4c06db753bf3ecdf20_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3c1eb17fca06012acb86e46017cf92ef_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ca0935b06a6b03fb05455cdacdd3d96_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3cad43e7bbea8ee20efbea72e1398157_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3d06c01c5f6a82668f4da6f338a956e0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3f15c05e8577466f80d64f0c3bf70110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ff2f027be15d4b722d7362edd1bfaf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\3ffd991e4a7a5382989c3227f4c2b9e6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\43926f398e8618d6006e840673cbddc7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\439979385d3d0183cca065314fb02388_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\43f6cef6673b6003b9d28ce7e223484c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\44ddde698af0b3f3910fa798338b3563_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\472e430678f79d26c66be62ca34bf40d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\48724566bcaea40ae2c4ccbb4ba173a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a4cfb0445159a9f3771204c0ee6dc80_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4a75dad05677dfaa7dff9241057ff842_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4c5b86a10621d9a447beaf9c1ec9b2c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4d34de200469af879e3a5ffcad1e2e31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\4e41b111f5c9d00c1fc186ce4f9e7701_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\55bd01926ed9bcc1289b77ee4af3863f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\56c38c1da57639a61f99bafaef6abfe2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\57b1612271a9b2b0ddbf69ae8b6e7a4d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\583460a683e4fa634a976744b87f9754_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5a0de0b572b080506246b19030e2f31a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5b4bb6ab9d0deb4d9c912373381913bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5c1d4db6ddfa708785c44820be76574b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cbfe929c76980947d319033f7001767_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cc7edbade5bdad31a813be78e32ca2c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5cf6df78a9114be4092cbf70ebb7d69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5f40c82627914b5fc6b68822b6abf83a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\615707758e380a94c597ecbea4e21b6b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\628ccb4b3bc28e47583e6d20da6e3b1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\637a9c48b3b8e4ccbdd7a82097a8a511_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\63e79ecc74c907b5f5ba5a94df39f6cd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6500e5e710dfe12f57c93bfbd92025be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6544c32dbf1d240fc0eb00ec2a1d6d98_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\667e390eb6f27d1de38276a9de5eea5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\66ac81aed964c3400a2b8de4764a015c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6b036828283f000ccfd6c34f85db2923_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6bbcd73c9c9bd9b96638c3df04eb8db6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6bd7bf135d34aec4bd8780cf199a6845_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\6e5c7e43fce2b67b7a38d941ab06f582_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\707a8420af20ddc638bdc7e492ca910d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\70e178fdec6f37d2219da87010a20ad0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7126a4d9c27b7279e30b71f8f02c3dae_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\71294cbb72af3de3aea0bdf14e629a3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\75d94810245c66e908562741fd239997_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\78332a858a26548d61ad54c63682e3bb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\78f574342f1a837ca55b4086c7abfcf4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\79d005295211868bd7480bde06b570d9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7a81daa8dcf406562ccadba26898c7fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7ad5a35417c4b88a742247a39991464f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7cc58272b0e87e07a18f20c3286cce0e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7cdb42cfc56c0a303ef165d4c9652ea9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7ed39d5de80dee309bcf001709db4125_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7fa8c8a09bf5bd6add7fdc87f5c218fb_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\808314508f8eab716a0ad88bda018af0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\817c578703e242f1234b794389a3abf0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\821450bd6fc2525ab6e208b5d6dc5a99_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\84587f281c9e7a6e2524e6dd9ce3e97f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\89fd723ed2b4b862ca95ab64fc530127_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8ad187c5a3d078dd707a2fb0b28eed5b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b08c07440649293f29c5df7c59a509b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b471e73d01ace1a5a0b9cff43b83273_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8b78d102589ffcacfccfaa913a953ec0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8bf8ee440dedcd62b6fa9128b77ea01d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8c29b0ce50632aded0c9c0955e0e44f6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8eadf177ab2a3f64a82db103da99fb73_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\8f651e3cb534da1b9a0ae8d989397ca3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9136b619dcf326a2c50e730296d951c6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\928a08abac653f97fb1085b1b520f5e1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\92b5f2dba1a7c6dac5efa2dd7af9fc5a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\92d3f043388c1a0db38a0b2778524ddc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\93b93942456a477d9fbe20f4738a843f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9564b191993d614b03f248c9b17ead10_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\97efc0af6693cf58c291f1d8c371de29_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\987a5445c0444f05d6f8218c9672c3aa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9883cdf087f370c5adc60789759fb440_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\98f666bfba7743eeff7781630f71d1d6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\99859e682da8c939bc194eb5119fd8df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\99cb3878e423aa6358b0878604f1c7be_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9c5b308a9800e706c73047c6a5236721_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9cb4c41e1f3a0e7be4f042cbbc5d73e5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9cfde5b5b009e3141de3a489a62a0703_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a002f5c50e688d0d8cb3042656a2beb6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a064ab2ef8e2faeca1037d81dde7488d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a08a461920b5122af26b6ef48191524d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a15654b16f267fe712cfaa81845f72ba_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a2c699a6303f54f798912807feeb5797_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a2fc3c00d1ba0e225d958379fa5ca7c7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a691c5b3487970d9f3d7427d66291498_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\a9753c57db7db7b0b2c079cc5bda5e3f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab046c3062993a476edc7b7461c883c9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ab823be7c36a3c57675903cf913f2ebe_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\abae8004335bb24dc2201b4b8f31dd1d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ad606cb50856d35fdabbce08a1f62521_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\adc040b8d7ad7c6ac4aa11e201e7d443_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\adc60576d2afab7a9d834b40bd3d83cc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ae709c024358de2ec045650d89adb780_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\aed10a19ac7657e064fc90e20bc3fa49_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b22116d9fff71a9fe89a9fe6a5096cbc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b27d9888b44386bc5fb1129625d0b953_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b3096d15eee7756b091e98a4069b98b7_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b364201daa2113d4a9b104228d26f0b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b3f2c563b029cf0125ad9811dbbbbebd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b5d09ae4b449e5bd2d8ce7a199dab052_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b6ec3198374023122ba563831bdca914_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b76dda5a1fdc0751eee90c83c8a9db54_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b8d178637e1f123f2d7c650f3ce0b110_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\b95c5e6da9d0fdcf0ba09167335aebaf_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bb08727c02de124e7948b013695e2d3a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bcf618d7629c9d389d2873341e7036d5_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf21b9742c109669f657c3ca5359b541_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bf7d5779e0da9a0e4b0a488894d43df0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c09621ea79900358311a9d4e4a37019f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c0cd219a4ccf28139467fdb1b4bbbc60_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c3f10ef475304eb2e2465c5f6cb813df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c4092fd9e6f3e6b4257701cbd8a0401f_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c5239d146a02fd43694e76a0b7516f14_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c5bc7c1a3fc95aed7db451a634e162fa_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c67018132c46ae58176b0c40d8a9f9b0_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c7d068e56f41be9b1b6bc52f53003f67_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca2d0a58d7eb8273e4a62595585ade3e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ca9ba30a478756cd6d01baeaafd9d6df_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cca68962ddd4d35b335e780a9415b404_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\cd7b7fb9233ea2906a91975ea002f0d3_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d17b41902eba96d641599e126375d423_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d19f204c02ecfd320295ea1be84a4c31_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d3fd7e54362e825db941f2a5b31158b8_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d425b8d530dd2acce56bd46bd965f23d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d740ec60c58b69d0d7d331338edad97a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d8846f13a551dde6e1a5b410673b740e_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d9c3f56e2740e96c53d665971888a08d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\da2e1ea7c77b5a1cd29b55453b8b7452_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\da95c6377065a89a3261042959ea3d24_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\db0a9ed3297ee17d63053fdba02bb097_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\dc8f25df9080e9435b1978e623a7705a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\dcad7656b36e844e509b2e1de27dc69b_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\dd07a6bd15dae03f3529f074dd320fee_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\de4f08a11695a27529014c7ab0e84b7c_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\df2118957ab5e5c2030db51ce5afec77_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e168751ae9be4511340a005fe6a81e53_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e2bc8faacb97f842f2d35892a1ebfe0d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\e845f220a67364b45384472e357fe4f2_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee2eae9d39474d943bdafdcf35457e9a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ee8135e280660cf14a986e4e1d4a54bd_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef4a36e76a6c2b7dcfb4ca2cc63b10fc_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ef8356cb0a4103fcbbcda1dde73ae820_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f047fdd3581d7f034de1219a44725e65_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f4a56fa992168314591d0243250b803a_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f4aa4a70ceadf207409d8e342e47cd74_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f528e4dd045752491a04ae92360a0aa4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f589a91a53ee846b38b543909fab9f45_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f8188ed161ad50e63641490f9c090655_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fac3627eda1273b511f92ae15ff91ca6_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc42de0a2dd88d18a3b8b705dc5615f9_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fde2a22e091296bd4d6ed1d9fac59e3d_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fe481e7f3d975644dbb04e93f50d1305_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fff04bb6d47a1f4ee8cce349db6519db_51dc4b11-6255-488a-9bb9-35a6b4840d90 - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\HAGUE+Administrator.dat - error opening [4]
C:\Users\All Users\Microsoft\User Account Pictures\HAGUE+John.Walker.dat - error opening [4]
C:\Users\John.Walker\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Users\John.Walker\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Users\John.Walker\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert _Template 1_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert 6 Template 3_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 4_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.exe » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 5_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert _Template 1_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Template 3_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 4_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 5_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Desktop\Low Use\Firefox Setup 3.6.exe » 7ZIP » nonlocalized/chrome/comm.manifest » MIME - is OK (internal scanning not performed)
C:\Users\John.Walker\Desktop\Low Use\Firefox Setup 3.6.exe » 7ZIP » nonlocalized/chrome/pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Users\John.Walker\Documents\AAA Proposals\New Prop PC+\new1.zip » ZIP » new1.doc - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Documents\AAA Proposals\New Prop PC+\new1.zip » ZIP » - archive damaged
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Conservatives.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Conservatives.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW1.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW1.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW2.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\ContactJW2.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague.ALF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague1.ADF - error opening [4]
C:\Users\John.Walker\Documents\ACT\ACT for Windows 9\Databases\Hague1.ALF - error opening [4]
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert _Template 1_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Template 3_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 4_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Adobe files\Proofs\AAA_UNIVERSITIES\IoE\Integrity Cert infill only\MAR2010 certs\MARCH 2010 Proofs.zip » ZIP » MARCH 2010 Proofs/IOE Cert 6 Templates 5_2 proofs.pdf - error - password-protected file
C:\Users\John.Walker\Documents\Data Files\Diabetes\DiabetesUK.zip » ZIP » GP.PRN - error - password-protected file
C:\Users\John.Walker\Documents\Data Files\Diabetes\DiabetesUK.zip » ZIP » CR.PRN - error - password-protected file
C:\Users\John.Walker\Downloads\7z465.exe » NSIS - incorrect CRC checksum, the file may be damaged
C:\Users\John.Walker\Downloads\jre-6u19-windows-i586-iftw-rv.exe » CAB » jusched - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Downloads\jre-6u19-windows-i586-iftw-rv.exe » CAB » task.xml - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Downloads\jre-6u19-windows-i586-iftw-rv.exe » CAB » task64.xml - archive damaged - the file could not be extracted.
C:\Users\John.Walker\Downloads\mbam-setup.exe » INNO » file0008.bin » MIME - is OK (internal scanning not performed)
C:\Users\Public\Documents\ACT 4\ACT for Windows\Email\9\ActEmailMessageStore.mdf - error opening [4]
C:\Users\Public\Documents\ACT 4\ACT for Windows\Email\9\ActEmailMessageStoreLog.LDF - error opening [4]
C:\Users\Public\Documents\ACT 4\ACT for Windows 9\Databases\act9demo.adf - error opening [4]
C:\Users\Public\Documents\ACT 4\ACT for Windows 9\Databases\act9demo.alf - error opening [4]
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht1 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht2 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht11 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht21 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht5 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht6 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht7 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht8 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht9 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht01 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht12 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht13 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht14 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht15 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht16 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht17 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht18 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht19 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht20 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht3 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht22 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht23 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht10 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\15b8c3.msi » MSI » Data1.cab » CAB » getting_started.mht4 » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/ffjcext.zip » ZIP » {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/deploy/jqs/ff/chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Windows\Installer\6469cf.msi » MSI » Data1.cab » CAB » core.zip » ZIP » lib/resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Windows\Logs\CBS\CBS.log - error opening [4]
C:\Windows\Logs\DPX\setupact.log - error opening [4]
C:\Windows\Logs\DPX\setuperr.log - error opening [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - error opening [4]
C:\Windows\PLA\System\System Diagnostics.xml - error opening [4]
C:\Windows\PLA\System\System Performance.xml - error opening [4]
C:\Windows\security\database\secedit.sdb - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c485cabc-e61d-11de-b650-00247ed755f8}.TM.blf - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c485cabc-e61d-11de-b650-00247ed755f8}.TMContainer00000000000000000001.regtrans-ms - error opening [4]
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c485cabc-e61d-11de-b650-00247ed755f8}.TMContainer00000000000000000002.regtrans-ms - error opening [4]
C:\Windows\System32\restore\MachineGuid.txt - error opening [4]
C:\Windows\System32\wbem\AutoRecover\10A9EB2C94277C0A1A6143B54809F210.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\21D7529435092A1DD242FD6ACF494493.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\8A20D7181B570E2E2142FB6261D170A2.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\B8F066315788F9A2DF744CF3A9F7F3D6.mof - error opening [4]
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof - error opening [4]
C:\Windows\System32\winevt\Logs\ActivIdentity.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Application.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Credential Manager.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Hewlett-Packard.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Key Management Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Media Center.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-API-Tracing%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppID%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Problem-Steps-Recorder.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Troubleshooter.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Inventory.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4CaptureMonitor.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Audio%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Authentication User Interface%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCache%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DeviceSync%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DhcpNap%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-EapHost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-EventCollector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Fault-Tolerant-Heap%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-FMS%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Folder Redirection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Control Panel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Listener Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-IKE%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International-RegionalOptionsControlPanel%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Iphlpsvc%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MCT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkLocationWizard%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NlaSvc%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NTLM%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PeopleNearMe%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-PrintService%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoostDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Recovery%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteApp and Desktop Connections%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-VDRVROOT%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-VHDMP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WFP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsSystemAssessmentTool%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-CompositeClassDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\ODiag.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\OSession.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Security.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Setup.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\System.evtx - error opening [4]
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx - error opening [4]
C:\Windows\Tasks\HPCeeScheduleForJohn.Walker.job - error opening [4]
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_d104e6cf97534cc4\dnary.xsd - error opening [4]
Number of scanned objects: 439072
Number of threats found: 0
Time of completion: 23:38:19 Total scanning time: 3025 sec (00:50:25)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

Regards,
John
 
#20 ·
Something not quite right there. I am wondering if something is getting in the way.

Let's try this:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
 
#21 ·
Hello again,

Well, I hope this reply helps you (and me:)) - I have the report below as you will see, but the procedure differed from the instruction that you had given to me.

Here are some observations on the difficulties I had:

1. I could not save the ComboFix.exe to desktop. The download procedure seems to have changed - and this has been the case all the way through the help you have been providing. i.e. since the problem(s) first started. Previously the download procedure allowed me to opt for where I wanted to save the download, and the default was the desktop. Now I get no such option, and it is not saved to the desktop - so I have to run the *.exe from the download list (where the downloads arrive on a PC - the list that shows all your downloads until you opt to delete these).
2. when I double clicked the ComboFix.exe it immediately opened a DOS window and then went on to run the procedure - all in the DOS window. (I had previously turned my virus checker off.) So there wass no reference at al to MS Windows Recovery Console! I suppose this was because it is already installed?
3. When the DOS checking was finished I got a couple of warnings - one in the DOS window "Rebooting Windows. Warning do not manually reboot". Also a windows warning "Current Registry File Not Found - \device\harddisk volume1\boot\BDC" "Restore File?" - I clicked YES.
On reboot - DOS opened once more - after a while I got the Log which is copied below.

I have susspeted that the bluetooth thing is at fault fro some of the problems I have. I have tried to activate the bluetooth and did succeed at one tie then had a problem which resulted in not being able to use the bluetooth. ACT daatbase uses this for "modem connection - I think:confused: So the problem with ACT dbase may be related to this as It gives some error messagewhen I try to open ACT.

I note that the bluetooth is refered to in this LOG - other deletions. Maybe this is something to do with my dbase problem?

I hope my long winded post is helpful to you.

Thanks for your patience on this.

Regards,
John

ComboFix 10-04-15.05 - John.Walker 17/04/2010 8:36.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3000.1377 [GMT 1:00]
Running from: c:\users\John.Walker\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1272700640-1412834500-738872766-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

.
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 07:44 . 2010-04-17 07:44 -------- d-----w- C:\Device
2010-04-16 06:08 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 06:32 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 06:32 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 06:23 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 06:23 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 06:23 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 06:23 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:02 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:02 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-11 09:19 . 2010-04-11 09:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-11 09:18 . 2010-04-16 06:07 -------- d-----w- c:\program files\Java
2010-04-09 08:53 . 2010-04-09 08:53 -------- d-----w- c:\users\John.Walker\AppData\Roaming\Malwarebytes
2010-04-09 08:53 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 08:52 . 2010-04-09 08:52 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 08:52 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 08:52 . 2010-04-09 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 08:02 . 2010-04-09 08:02 -------- d-----w- C:\MGADiagToolOutput
2010-04-06 08:23 . 2010-04-06 08:23 -------- d-----w- C:\_OTL
2010-04-05 12:12 . 2010-04-05 12:12 -------- d-----w- c:\program files\Trend Micro
2010-04-05 12:01 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-02 12:18 . 2010-04-02 12:18 -------- d-----w- c:\programdata\TomTom
2010-04-02 12:17 . 2010-04-02 12:17 -------- d-----w- c:\users\John.Walker\AppData\Roaming\TomTom
2010-04-02 12:17 . 2010-04-02 12:17 -------- d-----w- c:\users\John.Walker\AppData\Local\TomTom
2010-04-02 12:17 . 2010-04-05 11:55 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-02 12:14 . 2010-04-02 12:14 -------- d-----w- c:\program files\TomTom DesktopSuite
2010-03-18 09:57 . 2010-03-18 09:57 -------- d-----w- c:\users\John.Walker\AppData\Local\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 07:48 . 2009-12-23 00:17 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-17 07:45 . 2009-12-05 21:03 -------- d-----w- c:\programdata\hpqLog
2010-04-15 16:24 . 2009-09-17 03:58 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 11:47 . 2009-09-17 03:53 -------- d-----w- c:\programdata\PDFC
2010-03-15 16:21 . 2010-03-15 16:19 -------- d-----w- c:\users\John.Walker\AppData\Roaming\PrimoPDF
2010-03-15 16:17 . 2010-03-15 16:17 -------- d-----w- c:\program files\Nitro PDF
2010-03-15 14:04 . 2009-12-01 11:45 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-03-15 14:04 . 2009-12-01 11:45 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-03-15 14:04 . 2009-12-01 11:45 3870720 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-03-15 14:04 . 2009-12-01 11:45 3559424 ----a-w- c:\windows\system32\bcmihvui.dll
2010-03-15 14:04 . 2009-12-01 11:45 2702328 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-03-15 14:04 . 2009-12-01 12:06 -------- d-----w- c:\users\John.Walker\AppData\Roaming\hewlett-packard
2010-03-13 14:36 . 2009-09-17 03:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 14:36 . 2009-09-17 03:49 -------- d-----w- c:\programdata\Hewlett-Packard
2010-03-13 14:36 . 2009-09-17 03:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-13 14:33 . 2010-03-13 14:33 -------- d-----w- c:\programdata\{657095DF-DBDB-4B17-8245-B38845C97069}
2010-03-08 22:53 . 2010-03-02 17:14 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 14:06 . 2010-03-13 14:36 1125640 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
2010-03-04 14:06 . 2010-03-13 14:31 1125640 ----a-w- c:\programdata\Hewlett-Packard\HPSAUpgrade\HpSAUpgrade.exe
2010-03-03 17:30 . 2010-03-13 14:36 58632 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-03-02 17:19 . 2009-12-01 11:42 124272 ----a-w- c:\users\John.Walker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 17:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-03-02 17:13 . 2009-09-17 04:02 -------- d-----w- c:\program files\Microsoft.NET
2010-03-02 17:12 . 2010-03-02 17:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-27 00:34 . 2010-02-26 22:56 -------- d-----w- c:\program files\QuickTime
2010-02-26 23:05 . 2010-02-26 22:58 -------- d-----w- c:\users\John.Walker\AppData\Roaming\Apple Computer
2010-02-26 22:58 . 2010-02-26 22:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-26 22:58 . 2010-02-26 22:57 -------- d-----w- c:\program files\iTunes
2010-02-26 22:57 . 2010-02-26 22:57 -------- d-----w- c:\program files\iPod
2010-02-26 22:57 . 2010-02-26 22:56 -------- d-----w- c:\programdata\Apple Computer
2010-02-26 22:57 . 2010-02-26 22:55 -------- d-----w- c:\program files\Common Files\Apple
2010-02-26 22:56 . 2010-02-26 22:56 -------- d-----w- c:\program files\Bonjour
2010-02-26 22:56 . 2010-02-26 22:56 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 22:55 . 2010-02-26 22:55 -------- d-----w- c:\programdata\Apple
2010-02-25 16:00 . 2010-03-13 14:36 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_WindowsUpdateCheck.exe
2010-02-25 15:58 . 2010-03-13 14:36 18696 ----a-w- c:\windows\Help\OEM\Scripts\HC_HPHCImprove.exe
2010-02-24 10:16 . 2009-12-04 23:42 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 22:32 . 2009-12-06 22:19 -------- d-----w- c:\users\John.Walker\AppData\Roaming\Skype
2010-02-22 17:24 . 2010-01-02 18:48 -------- d-----w- c:\users\John.Walker\AppData\Roaming\skypePM
2010-02-19 16:13 . 2010-03-13 14:36 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_GuestEnabled.exe
2010-02-19 09:34 . 2010-03-13 14:36 40712 ----a-w- c:\windows\Help\OEM\Scripts\HPSACommander.exe
2010-02-18 13:41 . 2010-03-13 14:36 18184 ----a-w- c:\windows\Help\OEM\Scripts\HC_SREnable.exe
2010-02-15 18:41 . 2010-02-15 18:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-12 13:32 . 2010-03-13 14:36 17160 ----a-w- c:\windows\Help\OEM\Scripts\HC_HibernateEnable.exe
2010-02-11 15:58 . 2010-03-13 14:36 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_OpenProductPage.exe
2010-02-11 15:57 . 2010-03-13 14:36 18184 ----a-w- c:\windows\Help\OEM\Scripts\HC_Launch.exe
2010-02-11 07:10 . 2010-03-01 22:20 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-10 16:58 . 2010-03-13 14:36 23816 ----a-w- c:\windows\Help\OEM\Scripts\HPSAScript.exe
2010-02-02 07:45 . 2010-02-24 08:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-24 15:26 . 2009-12-28 20:54 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-01-24 15:25 . 2009-12-28 20:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-01-18 23:29 . 2010-02-10 06:58 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 06:58 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 06:58 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 06:58 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 06:58 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 06:58 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 06:58 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 06:58 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2010-01-01 17:11 . 2010-01-01 17:11 8 --sh--r- c:\windows\System32\2B33C0A001.sys
2009-12-23 00:17 . 2009-12-23 00:17 88 --sh--r- c:\windows\System32\C20235DC19.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-02 151064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ACT! Speed Loader.lnk - c:\program files\Symantec\ACT\ACTLDR.EXE [2009-12-11 34816]
SideACT!.lnk - c:\program files\Symantec\ACT\SideACT.exe [2009-12-11 176640]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\HPCeeScheduleForJohn.Walker.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 04:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.offerbox.com/en/?s=h&c=1002094007
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\John.Walker\AppData\Roaming\Mozilla\Firefox\Profiles\byica5f7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82C14000]<< >>UNKNOWN [0x8BA0C000]<< >>UNKNOWN [0x8C8A4000]<< >>UNKNOWN [0x8C869000]<< >>UNKNOWN [0x83024000]<< >>UNKNOWN [0x8B881000]<< >>UNKNOWN [0x8BB1B000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N]
"ImagePath"="\??\c:\program files\NewTech Infosystems\NTI Ripper\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2184)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2010-04-17 08:52:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 07:52

Pre-Run: 182,966,452,224 bytes free
Post-Run: 182,857,998,336 bytes free

- - End Of File - - 4765244B3FD66639F582D05E1836D846
 
#22 ·
Hello JohnJJ,

I note that the bluetooth is refered to in this LOG
I think that is a false postive.

Now


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DeQuarantine::
C:\Qoobox\Quarantine\c\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.vir

Quit::
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Next

CHKDSK (short for Checkdisk) is a command on computers running DOS, OS/2 and Microsoft Windows operating systems that displays the file system integrity status of hard disks and floppy disk and can fix logical file system errors.

How to run Chkdsk using the Command Line:

Before running Chkdsk, be aware of the following:

* Chkdsk requires exclusive access to a volume while it is running. Chkdsk might display a prompt asking if you want to check the disk the next time you restart your computer.

* Chkdsk might take a long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

* Chkdsk might not accurately report information in read-only mode.

Now

Go to Start > Run and type:

chkdsk C: /f /r note the spaces. They are meant to be there.

Hit OK

If chkdsk does not start immediately reboot your computer. Chkdsk will run during the start up process. It can take a very long time... so be patient.

After that

Please use the System File Checker tool (SFC.exe) to check your system and replace files where necessary.

To do this, follow these steps:
  • To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
  • Type the following command, and then press ENTER:
    sfc /scannow Please note that there is a single space between sfc and /scannow.
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Come back and post the ComboFix.txt and tell me if there has been any change in your machine.
 
#23 ·
Hello again,

Thanks for your reply. I hvae not followed your instructions as yet but will be doing immediately after posting tis log from COMBOFIX. The reason I ran this again rather than follow last instructions is that I had previously NOT managed to save ComboFix.exe to my desktop so woudl not have ben able to "save CFScript.txt to the same location" as depicted in your graphics. So... I repeated the ComboFix procedure, this time taking care (changing a setting in Firefox) to save to the desktop. As part of this procedure conbofix ran again n DOS resulting in this Log, which rather than ignore, I decided to post back to you for your information.

Now I will continue with the instructions that you last gave me.

ComboFix 10-04-17.07 - John.Walker 19/04/2010 8:16.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.3000.1756 [GMT 1:00]
Running from: c:\users\John.Walker\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 07:22 . 2010-04-19 07:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-19 07:22 . 2010-04-19 07:22 -------- d-----w- c:\users\john.walker.HAGUE\AppData\Local\temp
2010-04-19 07:22 . 2010-04-19 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 07:22 . 2010-04-19 07:22 -------- d-----w- c:\users\administrator\AppData\Local\temp
2010-04-17 07:44 . 2010-04-17 07:44 -------- d-----w- C:\Device
2010-04-17 07:42 . 2010-04-19 07:22 -------- d-----w- c:\users\John.Walker\AppData\Local\temp
2010-04-16 06:08 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 06:32 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 06:32 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 06:23 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 06:23 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 06:23 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 06:23 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 16:02 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:02 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-11 09:19 . 2010-04-11 09:19 -------- d-----w- c:\program files\Common Files\Java
2010-04-11 09:18 . 2010-04-16 06:07 -------- d-----w- c:\program files\Java
2010-04-09 08:53 . 2010-04-09 08:53 -------- d-----w- c:\users\John.Walker\AppData\Roaming\Malwarebytes
2010-04-09 08:53 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-09 08:52 . 2010-04-09 08:52 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 08:52 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 08:52 . 2010-04-09 08:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 08:02 . 2010-04-09 08:02 -------- d-----w- C:\MGADiagToolOutput
2010-04-06 08:23 . 2010-04-06 08:23 -------- d-----w- C:\_OTL
2010-04-05 12:12 . 2010-04-05 12:12 -------- d-----w- c:\program files\Trend Micro
2010-04-05 12:01 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-04-02 12:18 . 2010-04-02 12:18 -------- d-----w- c:\programdata\TomTom
2010-04-02 12:17 . 2010-04-02 12:17 -------- d-----w- c:\users\John.Walker\AppData\Roaming\TomTom
2010-04-02 12:17 . 2010-04-02 12:17 -------- d-----w- c:\users\John.Walker\AppData\Local\TomTom
2010-04-02 12:17 . 2010-04-05 11:55 -------- d-----w- c:\program files\TomTom HOME 2
2010-04-02 12:14 . 2010-04-02 12:14 -------- d-----w- c:\program files\TomTom DesktopSuite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 05:38 . 2009-12-23 00:17 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-19 05:37 . 2009-12-05 21:03 -------- d-----w- c:\programdata\hpqLog
2010-04-15 16:24 . 2009-09-17 03:58 -------- d-----w- c:\programdata\Microsoft Help
2010-04-13 11:47 . 2009-09-17 03:53 -------- d-----w- c:\programdata\PDFC
2010-03-15 16:21 . 2010-03-15 16:19 -------- d-----w- c:\users\John.Walker\AppData\Roaming\PrimoPDF
2010-03-15 16:17 . 2010-03-15 16:17 -------- d-----w- c:\program files\Nitro PDF
2010-03-15 14:04 . 2009-12-01 11:45 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2010-03-15 14:04 . 2009-12-01 11:45 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-03-15 14:04 . 2009-12-01 11:45 3870720 ----a-w- c:\windows\system32\bcmihvsrv.dll
2010-03-15 14:04 . 2009-12-01 11:45 3559424 ----a-w- c:\windows\system32\bcmihvui.dll
2010-03-15 14:04 . 2009-12-01 11:45 2702328 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2010-03-15 14:04 . 2009-12-01 12:06 -------- d-----w- c:\users\John.Walker\AppData\Roaming\hewlett-packard
2010-03-13 14:36 . 2009-09-17 03:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 14:36 . 2009-09-17 03:49 -------- d-----w- c:\programdata\Hewlett-Packard
2010-03-13 14:36 . 2009-09-17 03:43 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-13 14:33 . 2010-03-13 14:33 -------- d-----w- c:\programdata\{657095DF-DBDB-4B17-8245-B38845C97069}
2010-03-08 22:53 . 2010-03-02 17:14 -------- d-----w- c:\program files\Microsoft Works
2010-03-04 14:06 . 2010-03-13 14:36 1125640 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
2010-03-04 14:06 . 2010-03-13 14:31 1125640 ----a-w- c:\programdata\Hewlett-Packard\HPSAUpgrade\HpSAUpgrade.exe
2010-03-03 17:30 . 2010-03-13 14:36 58632 ----a-w- c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
2010-03-02 17:19 . 2009-12-01 11:42 124272 ----a-w- c:\users\John.Walker\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 17:14 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-03-02 17:13 . 2009-09-17 04:02 -------- d-----w- c:\program files\Microsoft.NET
2010-03-02 17:12 . 2010-03-02 17:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-27 00:34 . 2010-02-26 22:56 -------- d-----w- c:\program files\QuickTime
2010-02-26 23:05 . 2010-02-26 22:58 -------- d-----w- c:\users\John.Walker\AppData\Roaming\Apple Computer
2010-02-26 22:58 . 2010-02-26 22:57 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-02-26 22:58 . 2010-02-26 22:57 -------- d-----w- c:\program files\iTunes
2010-02-26 22:57 . 2010-02-26 22:57 -------- d-----w- c:\program files\iPod
2010-02-26 22:57 . 2010-02-26 22:56 -------- d-----w- c:\programdata\Apple Computer
2010-02-26 22:57 . 2010-02-26 22:55 -------- d-----w- c:\program files\Common Files\Apple
2010-02-26 22:56 . 2010-02-26 22:56 -------- d-----w- c:\program files\Bonjour
2010-02-26 22:56 . 2010-02-26 22:56 -------- d-----w- c:\program files\Apple Software Update
2010-02-26 22:55 . 2010-02-26 22:55 -------- d-----w- c:\programdata\Apple
2010-02-25 16:00 . 2010-03-13 14:36 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_WindowsUpdateCheck.exe
2010-02-25 15:58 . 2010-03-13 14:36 18696 ----a-w- c:\windows\Help\OEM\Scripts\HC_HPHCImprove.exe
2010-02-24 10:16 . 2009-12-04 23:42 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 22:32 . 2009-12-06 22:19 -------- d-----w- c:\users\John.Walker\AppData\Roaming\Skype
2010-02-22 17:24 . 2010-01-02 18:48 -------- d-----w- c:\users\John.Walker\AppData\Roaming\skypePM
2010-02-19 16:13 . 2010-03-13 14:36 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_GuestEnabled.exe
2010-02-19 09:34 . 2010-03-13 14:36 40712 ----a-w- c:\windows\Help\OEM\Scripts\HPSACommander.exe
2010-02-18 13:41 . 2010-03-13 14:36 18184 ----a-w- c:\windows\Help\OEM\Scripts\HC_SREnable.exe
2010-02-15 18:41 . 2010-02-15 18:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-12 13:32 . 2010-03-13 14:36 17160 ----a-w- c:\windows\Help\OEM\Scripts\HC_HibernateEnable.exe
2010-02-11 15:58 . 2010-03-13 14:36 17672 ----a-w- c:\windows\Help\OEM\Scripts\HC_OpenProductPage.exe
2010-02-11 15:57 . 2010-03-13 14:36 18184 ----a-w- c:\windows\Help\OEM\Scripts\HC_Launch.exe
2010-02-11 07:10 . 2010-03-01 22:20 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-10 16:58 . 2010-03-13 14:36 23816 ----a-w- c:\windows\Help\OEM\Scripts\HPSAScript.exe
2010-02-02 07:45 . 2010-02-24 08:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-24 15:26 . 2009-12-28 20:54 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-01-24 15:25 . 2009-12-28 20:54 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2010-01-01 17:11 . 2010-01-01 17:11 8 --sh--r- c:\windows\System32\2B33C0A001.sys
2009-12-23 00:17 . 2009-12-23 00:17 88 --sh--r- c:\windows\System32\C20235DC19.sys
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-17_07.48.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-17 03:43 . 2010-04-19 05:39 47268 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-18 20:03 65246 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-04-16 15:20 65246 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-12-01 19:08 . 2010-04-17 07:47 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 19:08 . 2010-04-19 05:39 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 19:08 . 2010-04-19 05:39 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 19:08 . 2010-04-17 07:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-19 05:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-04-17 07:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 23:43 . 2010-04-17 07:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 23:43 . 2010-04-19 05:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 23:43 . 2010-04-19 05:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-04 23:43 . 2010-04-17 07:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-04 23:43 . 2010-04-19 05:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-04 23:43 . 2010-04-17 07:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 12:09 . 2010-04-19 05:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 12:09 . 2010-04-17 07:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-04 23:09 . 2010-04-19 07:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-04 23:09 . 2010-04-17 07:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-04 23:09 . 2010-04-17 07:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-04 23:09 . 2010-04-19 07:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-04 23:09 . 2010-04-17 07:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-04 23:09 . 2010-04-19 07:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-01 12:09 . 2010-04-19 07:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 12:09 . 2010-04-17 07:47 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 12:09 . 2010-04-19 05:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-01 12:09 . 2010-04-17 07:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 11:37 . 2010-04-18 20:03 7834 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2877129937-820309355-2557697650-1001_UserData.bin
+ 2009-12-01 19:07 . 2010-04-18 22:46 4662 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-04-16 16:28 . 2010-04-17 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-19 05:37 . 2010-04-19 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-04-16 16:28 . 2010-04-17 07:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-19 05:37 . 2010-04-19 05:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-01 15:21 . 2010-04-18 19:52 406448 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2010-04-19 05:41 669254 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-04-16 16:32 669254 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-04-19 05:41 125918 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-04-16 16:32 125918 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:03 . 2010-04-18 19:13 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-04-17 06:21 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-09-17 04:35 . 2010-04-16 15:20 1844032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-09-17 04:35 . 2010-04-18 22:46 1844032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"Act.Outlook.Service"="c:\program files\ACT\ACT for Windows\Act.Outlook.Service.exe" [2007-03-28 9728]
"Act! Preloader"="c:\program files\ACT\ACT for Windows\ActSage.exe" [2007-03-28 1015808]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-07-30 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-23 24848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-02 151064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-15 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ACT! Speed Loader.lnk - c:\program files\Symantec\ACT\ACTLDR.EXE [2009-12-11 34816]
SideACT!.lnk - c:\program files\Symantec\ACT\SideACT.exe [2009-12-11 176640]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-07-30 45056]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\HPCeeScheduleForJohn.Walker.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 04:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.offerbox.com/en/?s=h&c=1002094007
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\users\John.Walker\AppData\Roaming\Mozilla\Firefox\Profiles\byica5f7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x82C13000]<< >>UNKNOWN [0x8BA11000]<< >>UNKNOWN [0x8C8B6000]<< >>UNKNOWN [0x8C87B000]<< >>UNKNOWN [0x83023000]<< >>UNKNOWN [0x8B887000]<< >>UNKNOWN [0x8BB20000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N]
"ImagePath"="\??\c:\program files\NewTech Infosystems\NTI Ripper\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

- - - - - - - > 'lsass.exe'(584)
c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll

- - - - - - - > 'Explorer.exe'(3704)
c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll
.
Completion time: 2010-04-19 08:25:08
ComboFix-quarantined-files.txt 2010-04-19 07:25
ComboFix2.txt 2010-04-17 07:52

Pre-Run: 184,328,433,664 bytes free
Post-Run: 184,283,992,064 bytes free

- - End Of File - - ECD1BBEA79345FF3C07A79F4FFE9B5E9

Regards,
John
 
#24 ·
2nd Post today:

Hello once again,

Have created and dropped CFScripttxt onto ComboFix.exe on desktop. This resulted in the following Dequarantine.txt file:


C:\Qoobox\Quarantine\c\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.vir -> c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ( 892 bytes )


I have yet to run the chkdsk as I need access to my PC today.

Will run that tonight and post back any resuts.
Kind regards,
John
 
#25 ·
Hello JohnJJ,

Leave the chkdsk for now. Doesn't matter though if you have started it. Just let it run if you have and after that do this:

There are signs of a rootkit in your ComboFix logs. We need to see if we can find the source.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Extract the contents of the zipped file to desktop.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!



If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO then use the following settings for a more complete scan..
  • In the right of the panel, you will see a list of boxes that have been checked ... Ensure the following are un-checked.
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)


  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in GMER.txt
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
 
#26 ·
Good evening /morning Emeraldnzl,

I have downloaed gner.zip and extracted gmer.exe to the desktop. Tried twice and failed to run this scan.

First tine the scan started to run then it aburptly stopped - went to a blue/dos screen then restarted - all without any input from me. It had only been scannibg for a minute or two

Second time it stopped and I was presented with a windows error message, that the program had stopped running.

Not sure how to get past this:(. I will post this then re-try.

Thanks for your continued support on this.

Regards,
John
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top