• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
welshden

How to turn off auto Scan when downloading a file

57 posts in this topic

Hi

I have only just downloaded ad aware and am having problems with downloading - when downloading an image the auto scan box pops up and then just completely freezes my machine the only way to get things working is by turning off and on again.

I have been through all the settings but cannot find out how to turn the auto scan off.

Thanks for any advice in advance :)

Share this post


Link to post
Share on other sites
Hi welshden,

The easy solution is, as megamind wrote, to turn off real-time protection, but I (and probably Lavasoft) is interested in why you get this problem.
Are you using another antivirus program than Ad-Aware?
Which Windows version do you have, including 32 or 64 bits?
Which web browser are you using?
How are you downloading an image?
1 person likes this

Share this post


Link to post
Share on other sites
sorry must be a bit dim - on real time protection settings - do I need to completely switch off real time or do I need to untick one of it's settings ?

CeciliaB
no other anti virus that I know of.
windows vista home premium 32 bit
firefox but also have IE installed
when I see an image I want I right click and save - it's when the download box pops up that it seems to be getting itself confused with downoading and checking for viruses - it's only the checking for viruses that I want to switch off - I have tried downloading images both in firefox and IE and happens in both.

Share this post


Link to post
Share on other sites
Is it possible to take a screen shot when the download box pops up or is it impossible since the computer freezes?

Does Ctrl+Alt+Del work when the computer freezes? Is it possible to end/finish the browser on the process tab?

Can you provide us with a link to a web page with one of these images?

Does it happen if you start the browser without its add-ons (Start menu - All programs - Accessories - System Tools - Internet Explorer (no add-ons)?

Share this post


Link to post
Share on other sites
Hi Cecilia
Comp completely freezes so can't do a screen dump and ctrl+alt+del dosen't work either only option is to hold finger on off switch :(

will check out without add on's bit a little later as just running a scan at the moment as it seems I also have a virus which could be the cause of this. Ad-aware keeps saying it's found trojan.win32.fakealert.cn - I have deleted them out of quarantine but it seems it keeps finding them and also random opening of new tabs on firefox and when I click to visit a site it takes me somewhere else. Grrrrrr.

Share this post


Link to post
Share on other sites
Hi welshden,

Please, to get help with cleaning your computer follow the instructions in the topic [url=http://www.lavasoftsupport.com/index.php?showtopic=30823]Read This Before You Post![/url] and I will move your topic to the forum [url=http://www.lavasoftsupport.com/index.php?showforum=36]Help with Stubborn Infections[/url].

Share this post


Link to post
Share on other sites
Thanks Cecilia - will go follow the instructions - just to let you know the downloading an image worked fine with ad on's removed but the random opening of a page still happend.
Will update again when I have done a clean.

Share this post


Link to post
Share on other sites
Hi Cecilia
Here is my DDS log - do you need the other log pasting into here or do you need me to attach it?
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_25
Run by Denise at 11:43:47 on 2012-04-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1652 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Share this post


Link to post
Share on other sites
Hi welshden,

That was only a part of DDS.txt, please try again. If you know how to attach a file, please attach Attach.txt, otherwise you can paste that file too.

Share this post


Link to post
Share on other sites
[quote name='welshden' timestamp='1333966195' post='134394']
I have deleted them out of quarantine but it seems it keeps finding them and also random opening of new tabs on firefox and when I click to visit a site it takes me somewhere else. Grrrrrr.
[/quote]

full scan your computer with ad-aware 10

Share this post


Link to post
Share on other sites
Hi Cecilia
Sorry have no idea how i manage to do that! anyhow here is the log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_25
Run by Denise at 16:12:39 on 2012-04-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1255 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\engine\SBRC.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\users\denise\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Append to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: 3slive.com
Trusted Zone: 3slive.com\www.logical
Trusted Zone: reflexive.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4026C108-D1AD-49DB-B261-C92CEEAB8CF0} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: primkhi - c:\windows\system32\config\systemprofile\appdata\local\primkhi.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\denise\appdata\roaming\mozilla\firefox\profiles\11wuhkp9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\users\denise\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\denise\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-19 218688]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_34302.sys [2012-3-11 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-6 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-6 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-10 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-8-17 518472]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2358656]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-10-25 6016]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2011-5-14 56352]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-6 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-6 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-23 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-9 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-7-19 21520]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-6 69208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-09 07:40:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-09 07:23:37 208896 ----a-w- c:\windows\MBR.exe
2012-04-09 07:22:53 -------- d-s---w- C:\ComboFix
2012-04-06 10:21:47 -------- d-----w- c:\users\denise\appdata\local\adaware
2012-04-06 10:21:02 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-06 10:20:59 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-06 10:19:56 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-06 10:19:56 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-06 10:19:52 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-06 10:17:51 -------- d-----w- c:\users\denise\appdata\local\adawarebp
2012-04-06 10:17:49 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-06 10:17:47 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-06 10:17:38 -------- d-----w- c:\program files\adawaretb
2012-04-06 10:07:51 -------- d-----w- c:\users\denise\appdata\roaming\Ad-Aware Antivirus
2012-04-06 07:47:31 -------- d-----w- c:\users\denise\appdata\roaming\f-secure
2012-04-06 07:46:28 -------- d-----w- c:\programdata\F-Secure
2012-04-06 06:36:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-22 07:53:30 -------- d-----w- c:\programdata\F4D55F3E0003FDDA0349FB90EEC1FB6E
2012-03-22 05:57:18 -------- d-----w- c:\programdata\F4D55F3E000435DB0349FB90EEC1FB6E
2012-03-21 20:29:59 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-20 07:14:54 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5b05430f-7d7a-4ead-960a-f12f1c9366ea}\mpengine.dll
2012-03-18 06:59:38 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 06:59:38 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-16 21:40:17 -------- d-----w- c:\program files\iPod
2012-03-16 21:40:13 -------- d-----w- c:\program files\iTunes
2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-04-06 06:50:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 16:13:51.23 ===============

can't quite see how to attach a file sorry - so here is the attach :)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/08/2008 17:01:56
System Uptime: 09/04/2012 14:25:18 (2 hours ago)
.
Motherboard: TOSHIBA | | Satellite P300
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 118 GiB total, 19.666 GiB free.
E: is FIXED (NTFS) - 114 GiB total, 105.641 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_USNJSVC_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_USNJSVC_XX
Service: usnjsvc
.
==== System Restore Points ===================
.
RP1392: 06/04/2012 04:57:24 - Scheduled Checkpoint
RP1394: 06/04/2012 07:38:48 - Installed Rapport
RP1395: 06/04/2012 11:20:00 - Device Driver Package Install: Sunbelt Software, Inc. Network Service
RP1396: 07/04/2012 19:11:11 - Scheduled Checkpoint
RP1397: 08/04/2012 10:07:43 - Scheduled Checkpoint
RP1398: 09/04/2012 03:51:38 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
BBC iPlayer Desktop
BBC iPlayer Download Manager
Big Fish Games: Game Manager
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cradle Of Rome
Cradle of Rome 2
DAEMON Tools Lite
DHTML Editing Component
DivX Setup
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
Facebook Plug-In
Facebook Video Calling 1.2.0.159
FileZilla Client 3.5.1
Free Ride Games Player
Google Earth
Google Update Helper
HandBrake 0.9.5
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel® Matrix Storage Manager
##nospam Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KaraFun 1.18
Karaoke Song List Creator Professional KJ Edition
KODAK Gallery Upload Software
LimeWire 4.13.2
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 en-GB)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
PDF Settings
Peggle Deluxe
Primo
QuickTime
Rapport
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Signal
Skins
Sky Anytime
Spelling Dictionaries Support For Adobe Reader 8
Splashtop Streamer
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TeamViewer 6
TextTwist 2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Immersion D'Fusion @Home Web Plug-In
TRDCReminder
TRORDCLauncher
Turbo Lister 2
UltraVNC v1.0.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
VNC 4.0
WavePad Sound Editor
Windows Driver Package - Chicony (usbvideo) Image (03/10/2009 6.3.251.0310)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
WinRAR archiver
WinZip 14.0
Wisdom-soft ScreenHunter 5.0 Free
Xvid 1.1.3 final uninstall
ZTE_1.2059.0.8
.
==== End Of File ===========================

Share this post


Link to post
Share on other sites
LimeWire 4.13.2
Note, that file sharing programs are a major source of infections. I recommend that you uninstall it.

Please, uninstall the following programs since they are old with many vulnerabilities, which makes it easy to infect the computer from a web page:
Java™ 6 Update 25
Java™ 6 Update 3
Java™ 6 Update 7

Do you have any program from Symantec installed?
I found these programs:
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
They might be left-overs after an uninstallation of Norton/Symantec antivirus program, if you don't have any other Symantec program installed.

Upload this file to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:
c:\windows\system32\config\systemprofile\appdata\local\primkhi.dll

Can you see what file that Ad-Aware finds during a scan, for example by double-clicking the threat on quarantine tab?

Share this post


Link to post
Share on other sites
Hi Cecilia - thanks for your help so far:

Limewire uninstalled haven't used it in years
Java updates uninstalled
Yes I had norton on a while ago and removed it these must have been left over - have uninstalled.

Upload results:
https://www.virustotal.com/file/f3c563da984d570ce21f09f9bb7bacd210c1cc7207137d8102bc2205a80ccc3e/analysis/1333991746/

There are two files mainly
trojan.win32.generic!BT
trojan.win32.fakealert.cn

Share this post


Link to post
Share on other sites
trojan.win32.generic!BT
trojan.win32.fakealert.cn
If you double-click on that information, I think you will get a pop-up that contains folder and file name of the threats.

Did MBAM find anything?

I see that you already have run ComboFix. You are not supposed to do that without guidance since ComboFix might destroy Windows if handled in the wrong way. Please, post C:\ComboFix.txt.

Share this post


Link to post
Share on other sites
Hi Cecilia.
trojan.win32.generic!BT - C:\Windows\System32\Cam5603D.dll
trojan.win32.fakelaert.cn - C:\programdata\~7BUgnrIVzfM87i

MBAM? - is that mallaware Bytes if it is no nothing.

combo fix was recommended by a friend I dowloaded and ran it but comp crashed so didn't see anything from it - can't see a file called C:\combofix.txt ?

Share this post


Link to post
Share on other sites
Hi welshden,

1.
Please, save RougueKiller on the Desktop.
http://www.sur-la-toile.com/RogueKiller/
Turn off all running programs.

Start RougueKiller. If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

Wait until "Prescan" has finished.
Click on "Scan" button in upper right corner.
Wait until the scan has finished.

A report with a name similar to RKreport.txt should have been created on the desktop.
Please, post it in your answer.

2.
Save OTL on the Desktop. [url=http://oldtimer.geekstogo.com/OTL.exe]http://oldtimer.geekstogo.com/OTL.exe[/url]
Close all programs.
Double-click OTL to run it.

In the box [b]Custom scan's and fixes[/b] paste the contents of this box:
[code]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
[/code]

Click on [b]Quick Scan[/b] and do not use the computer while the program runs.

When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Options" ).

Share this post


Link to post
Share on other sites
Hi Cecilia

Results of Rouge Killer

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: [url="http://www.geekstogo.com/forum/files/file/413-roguekiller/"]http://www.geekstogo...13-roguekiller/[/url]
Blog: [url="http://tigzyrk.blogspot.com"]http://tigzyrk.blogspot.com[/url]

Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Denise [Admin rights]
Mode: Scan -- Date: 04/09/2012 23:13:24

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] adawarebp.dll -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] tdx.sys : c:\windows\system32\drivers\tdx.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[382] : NtCreateThreadEx @ 0x8401DF82 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys @ 0x9382C640)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 +++++
--- User ---
[MBR] ace090f5e9ac918493a8380ea87977f5
[BSP] 3fb687f0876b481538d25e4ce3b5dca9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 120360 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 249571328 | Size: 116614 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Results of OTL

OTL logfile created on: 09/04/2012 23:22:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Denise\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 63.38% Memory free
6.19 Gb Paging File | 5.17 Gb Available in Paging File | 83.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 20.03 Gb Free Space | 17.04% Space Free | Partition Type: NTFS
Drive E: | 113.88 Gb Total Space | 105.64 Gb Free Space | 92.76% Space Free | Partition Type: NTFS

Computer Name: DENISELAPTOP | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/04/09 23:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 07:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/11/03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/17 17:38:58 | 001,896,808 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2011/08/17 17:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/08/17 17:31:08 | 002,391,368 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/14 20:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/04/10 18:09:38 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 15:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/29 03:36:05 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/29 03:35:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/29 03:33:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/29 03:33:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/29 03:33:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/29 03:31:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/29 03:31:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/15 02:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/25 16:59:34 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2951.26938__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2951.27176__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2951.26891__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2951.26953__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2951.27166__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2951.27121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2951.26929__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2951.27066__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2951.26912__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:33 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2951.27206__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:27 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2951.27131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2951.27213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2951.27138__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:27 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2951.26905__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2951.27130__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:26 | 000,794,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2951.27078__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2951.27154__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:26 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2951.26961__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2951.27203__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2951.27098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2951.27077__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2951.27202__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2951.27168__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2951.26967__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2951.27069__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2951.26914__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2951.27113__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2951.27059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2951.26974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:25 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2951.27067__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2951.26973__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2951.27076__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2951.27097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2951.27111__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/08/25 16:59:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/25 16:59:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/08/25 16:59:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.2886.28835__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2886.28858__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/08/25 16:59:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/08/25 16:59:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2951.27229__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/08/25 16:59:21 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2951.27244__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/08/25 16:59:21 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2951.26878__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/08/25 16:59:20 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2951.26898__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/08/25 16:59:20 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2951.26922__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/08/25 16:59:20 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2951.27183__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/08/25 16:59:20 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2951.27193__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2951.26881__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/08/25 16:59:20 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2951.26882__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/08/25 16:59:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2951.27190__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2951.26880__90ba9c70f846762e\APM.Server.dll
MOD - [2008/08/25 16:59:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2951.26879__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/08/25 16:59:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2951.27192__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/08/25 16:59:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2886.28808__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/01/30 15:30:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/21 03:24:02 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/01/21 03:24:02 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/01/08 08:15:38 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2007/12/12 12:46:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elosystemservice.dll -- (usnjsvc)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlsetupsvc.dll -- (sptisrv)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-integratedserver-appserver.dll -- (prevxdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntpr_nic_service2.dll -- (MagicTune)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amusbprt.dll -- (iviregmgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cam5603D.dll -- (alcaudsl)
SRV - [2012/04/06 07:50:23 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/10 07:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/11/03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/17 17:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/14 20:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\https-nassry.dll -- (s616mdm)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HDJMidi.sys -- (HDJMidi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\HDJBulk.sys -- (Bulk)
DRV - [2012/04/09 08:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/11 13:50:34 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/19 10:03:00 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/03/19 23:57:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/10 18:09:42 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/02/01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/30 16:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 03:24:53 | 000,071,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/04/09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncdrv.sys -- (vncdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"]http://search.live.c...ferrer:source?}[/url]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AF 67 0E 05 F4 1C 79 4C 8D 1C 91 E4 4B F5 AF 57 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA_en-GB"]http://www.google.co...z=1I7TSEA_en-GB[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Denise\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Denise\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/20 18:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/20 18:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 07:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 16:39:20 | 000,000,000 | ---D | M]

[2010/01/09 11:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Extensions
[2012/04/06 18:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions
[2010/04/28 06:41:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/06 11:17:44 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/11/10 22:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 07:59:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 22:59:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 22:59:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 22:59:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 22:59:04 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 22:59:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: 3slive.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 3slive.com ([www.logical] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reflexive.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebo...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebo...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4026C108-D1AD-49DB-B261-C92CEEAB8CF0}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\primkhi: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\primkhi.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\primkhi.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: sptisrv - %systemroot%\system32\wlsetupsvc.dll File not found
NetSvcs: prevxdriver - %systemroot%\system32\vaiomediaplatform-integratedserver-appserver.dll File not found
NetSvcs: alcaudsl - %systemroot%\system32\Cam5603D.dll File not found
NetSvcs: s616mdm - C:\Windows\System32\https-nassry.dll (Oak Technology Inc.)
NetSvcs: iviregmgr - %systemroot%\system32\amusbprt.dll File not found
NetSvcs: usnjsvc - %systemroot%\system32\elosystemservice.dll File not found
NetSvcs: MagicTune - %systemroot%\system32\ntpr_nic_service2.dll File not found
NetSvcs: mi-raysat_3dsmax9_32 - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/04/09 23:17:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/04/09 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Denise\Desktop\RK_Quarantine
[2012/04/09 11:42:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Denise\Desktop\dds.com
[2012/04/09 08:40:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/09 08:23:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/09 08:22:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/09 08:22:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\adaware
[2012/04/06 11:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/06 11:21:02 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012/04/06 11:20:59 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012/04/06 11:19:56 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012/04/06 11:19:56 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/04/06 11:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/06 11:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/04/06 11:17:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\adawarebp
[2012/04/06 11:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/06 11:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/04/06 11:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/04/06 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Ad-Aware Antivirus
[2012/04/06 08:47:31 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\f-secure
[2012/04/06 08:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/22 08:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E0003FDDA0349FB90EEC1FB6E
[2012/03/22 06:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000435DB0349FB90EEC1FB6E
[2012/03/22 06:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/03/16 22:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/16 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/16 22:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/11 13:48:50 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/04/09 23:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/04/09 23:12:37 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/09 23:12:37 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/09 23:05:25 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/09 23:05:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 23:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 23:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 23:04:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/09 23:04:53 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/09 23:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/09 23:04:41 | 3217,514,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 22:52:31 | 001,261,568 | ---- | M] () -- C:\Users\Denise\Desktop\RogueKiller.exe
[2012/04/09 22:49:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 21:36:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
[2012/04/09 21:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
[2012/04/09 18:14:35 | 000,002,543 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2012/04/09 17:30:13 | 000,005,149 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Palegreen.html
[2012/04/09 17:20:19 | 000,005,184 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Browncrystal.html
[2012/04/09 17:09:51 | 000,006,785 | ---- | M] () -- C:\Users\Denise\Documents\tree template - agate.html
[2012/04/09 17:02:04 | 000,006,785 | ---- | M] () -- C:\Users\Denise\Documents\tree template - flourite.html
[2012/04/09 16:31:13 | 000,005,171 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Blackcrystal.html
[2012/04/09 11:42:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Denise\Desktop\dds.com
[2012/04/09 11:05:06 | 000,006,615 | ---- | M] () -- C:\Users\Denise\Documents\tree template - tigers eye.html
[2012/04/09 08:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/08 12:00:09 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/05 11:19:53 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 10:28:25 | 311,843,187 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/16 22:53:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/16 22:53:31 | 000,001,854 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/16 22:42:07 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/04/09 22:51:48 | 001,261,568 | ---- | C] () -- C:\Users\Denise\Desktop\RogueKiller.exe
[2012/04/09 17:30:13 | 000,005,149 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Palegreen.html
[2012/04/09 17:11:29 | 000,005,184 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Browncrystal.html
[2012/04/09 17:09:51 | 000,006,785 | ---- | C] () -- C:\Users\Denise\Documents\tree template - agate.html
[2012/04/09 16:23:21 | 000,005,171 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Blackcrystal.html
[2012/04/09 12:27:35 | 000,006,785 | ---- | C] () -- C:\Users\Denise\Documents\tree template - flourite.html
[2012/04/09 08:23:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/09 08:23:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/06 17:11:04 | 000,006,615 | ---- | C] () -- C:\Users\Denise\Documents\tree template - tigers eye.html
[2012/04/06 11:26:01 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/06 11:21:10 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/06 07:36:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 14:43:58 | 3217,514,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/05 11:19:53 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/21 21:29:59 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/16 22:42:07 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/01 20:03:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/07/09 18:54:46 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/07/09 18:53:35 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2011/05/14 07:13:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/23 21:17:22 | 000,000,344 | ---- | C] () -- C:\ProgramData\yhhKHElns4DYqmD
[2011/02/20 11:50:17 | 000,000,336 | ---- | C] () -- C:\ProgramData\X6pQ1shcYjvuz0
[2011/02/20 10:59:13 | 000,000,392 | ---- | C] () -- C:\ProgramData\IlR9jxchz82u
[2011/02/20 10:24:37 | 000,000,731 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/13 12:57:23 | 000,000,264 | ---- | C] () -- C:\ProgramData\~t66q8BDK768
[2011/02/13 12:57:23 | 000,000,144 | ---- | C] () -- C:\ProgramData\~t66q8BDK768r
[2010/11/13 11:53:42 | 000,197,328 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012/04/09 23:09:52 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ad-Aware Antivirus
[2008/10/25 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Alloysoft
[2008/10/12 10:33:59 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ancient Quest of Saqqarah__reflexive
[2012/02/09 20:30:22 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Awem
[2009/09/20 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/03/19 23:57:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DAEMON Tools Lite
[2011/05/14 08:17:50 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DeepVoyage
[2008/08/25 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DesktopSMS
[2009/11/22 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\EcoRescue
[2011/05/14 07:18:08 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Exent Technologies
[2012/04/06 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\f-secure
[2010/06/13 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Facebook
[2011/10/23 16:48:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FileZilla
[2009/10/17 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\GTM_Bodie
[2012/01/02 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\HandBrake
[2008/08/31 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\iWin
[2009/01/22 08:46:56 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\LimeWire
[2008/08/25 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\myphotobook
[2009/12/29 09:43:05 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\NCH Swift Sound
[2009/10/16 16:09:11 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Princess Isabella
[2009/01/04 12:39:55 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Reflexive
[2011/05/28 07:42:31 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\SpinTop
[2011/07/09 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TeamViewer
[2008/10/01 21:11:43 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TOSHIBA
[2011/06/18 08:13:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Total Immersion
[2010/02/07 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Trusteer
[2010/02/01 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\uTorrent
[2009/11/04 08:21:08 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\WinBatch
[2012/04/08 12:00:09 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/09 21:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
[2012/04/09 21:36:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
[2012/04/09 23:03:35 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]

[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]

[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]

[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.0.6001
Copyright © 1999-2007 Microsoft Corporation.
On computer: DENISELAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 G DVD-ROM 0 B No Media
Volume 2 C Vista NTFS Partition 118 GB Healthy System
Volume 3 E Data NTFS Partition 114 GB Healthy

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD

< End of report >

Extras attached.

Share this post


Link to post
Share on other sites
HI Cecilia
Just to make you aware I will be out at work all day so will not be able to catch up until later today.

Thanks for all your help so far :)

Share this post


Link to post
Share on other sites
Hi welshden,

You are welcome :)

1.
Save TDSSKiller on the Desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Turn off all programs.
Run the program TDSSKiller.

Click on [b]Start Scan[/b].

If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.

Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.

2.
Please, download aswMBR to your desktop. http://public.avast.com/~gmerek/aswMBR.exe

Double click it to start the program.
Allow it to download extra definitions.
Click the [b]Scan[/b] button to start the scan.
When the scan has finished click the [b]Save log[/b] button and save it to your desktop.
Post the log.

Share this post


Link to post
Share on other sites
Hi Cecilia
Just to let you know I have not been home all evening due to a bit of a family emergency it will be tommorrow now before I am able to do the above - will update as soon as I can

Share this post


Link to post
Share on other sites
I'm sorry to hear that. Kind of you to inform me :)

Share this post


Link to post
Share on other sites
Hi Cecilia

The TDS Killer didn't have a skip button so pressed continue and it popped up saying cleaning - sorry I don't know if it makes a difference.
Not sure where to find the verison and time from?



0:20:58.0916 8156 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:20:59.0181 8156 ============================================================
20:20:59.0181 8156 Current date / time: 2012/04/11 20:20:59.0181
20:20:59.0181 8156 SystemInfo:
20:20:59.0181 8156
20:20:59.0181 8156 OS Version: 6.0.6001 ServicePack: 1.0
20:20:59.0181 8156 Product type: Workstation
20:20:59.0181 8156 ComputerName: DENISELAPTOP
20:20:59.0181 8156 UserName: Denise
20:20:59.0181 8156 Windows directory: C:\Windows
20:20:59.0181 8156 System windows directory: C:\Windows
20:20:59.0181 8156 Processor architecture: Intel x86
20:20:59.0181 8156 Number of processors: 2
20:20:59.0181 8156 Page size: 0x1000
20:20:59.0181 8156 Boot type: Normal boot
20:20:59.0181 8156 ============================================================
20:21:00.0351 8156 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:21:00.0351 8156 \Device\Harddisk0\DR0:
20:21:00.0366 8156 MBR used
20:21:00.0366 8156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xEB14000
20:21:00.0366 8156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEE02800, BlocksNum 0xE3C3000
20:21:00.0476 8156 Initialize success
20:21:00.0476 8156 ============================================================
20:21:03.0128 6348 ============================================================
20:21:03.0128 6348 Scan started
20:21:03.0128 6348 Mode: Manual;
20:21:03.0128 6348 ============================================================
20:21:08.0244 6348 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:21:08.0276 6348 ACPI - ok
20:21:08.0510 6348 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
20:21:08.0510 6348 Ad-Aware Service - ok
20:21:08.0666 6348 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
20:21:08.0666 6348 Adobe Version Cue CS3 - ok
20:21:08.0822 6348 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:21:08.0822 6348 AdobeFlashPlayerUpdateSvc - ok
20:21:08.0962 6348 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:21:08.0993 6348 adp94xx - ok
20:21:09.0134 6348 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:21:09.0165 6348 adpahci - ok
20:21:09.0274 6348 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:21:09.0305 6348 adpu160m - ok
20:21:09.0368 6348 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:21:09.0399 6348 adpu320 - ok
20:21:09.0477 6348 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:21:09.0508 6348 AeLookupSvc - ok
20:21:09.0633 6348 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:21:09.0664 6348 AFD - ok
20:21:09.0789 6348 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:21:09.0820 6348 agp440 - ok
20:21:09.0976 6348 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:21:10.0007 6348 aic78xx - ok
20:21:10.0179 6348 alcaudsl - ok
20:21:10.0257 6348 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:21:10.0272 6348 ALG - ok
20:21:10.0350 6348 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:21:10.0350 6348 aliide - ok
20:21:10.0444 6348 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:21:10.0475 6348 amdagp - ok
20:21:10.0522 6348 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:21:10.0538 6348 amdide - ok
20:21:10.0584 6348 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:21:10.0600 6348 AmdK7 - ok
20:21:10.0725 6348 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:21:10.0740 6348 AmdK8 - ok
20:21:10.0818 6348 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:21:10.0850 6348 Appinfo - ok
20:21:10.0943 6348 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:21:10.0943 6348 Apple Mobile Device - ok
20:21:11.0099 6348 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:21:11.0115 6348 arc - ok
20:21:11.0193 6348 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:21:11.0224 6348 arcsas - ok
20:21:11.0318 6348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:11.0364 6348 AsyncMac - ok
20:21:11.0427 6348 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:21:11.0442 6348 atapi - ok
20:21:11.0567 6348 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
20:21:11.0614 6348 athr - ok
20:21:11.0723 6348 Ati External Event Utility (26757a5a06c37ef44be544eb7e98d9d3) C:\Windows\system32\Ati2evxx.exe
20:21:11.0739 6348 Ati External Event Utility - ok
20:21:11.0988 6348 atikmdag (d5ab32f003780f21325f1c1df613f867) C:\Windows\system32\DRIVERS\atikmdag.sys
20:21:12.0534 6348 atikmdag - ok
20:21:12.0737 6348 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
20:21:12.0768 6348 AudioEndpointBuilder - ok
20:21:12.0800 6348 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
20:21:12.0800 6348 Audiosrv - ok
20:21:12.0940 6348 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:21:12.0971 6348 Beep - ok
20:21:13.0096 6348 besclient (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\TPPWRIF.dll
20:21:13.0221 6348 Suspicious file (NoAccess): C:\Windows\system32\TPPWRIF.dll. md5: 11028c6a84a967070cb1286550f2058f
20:21:13.0221 6348 besclient ( Backdoor.Multi.ZAccess.gen ) - infected
20:21:13.0221 6348 besclient - detected Backdoor.Multi.ZAccess.gen (0)
20:21:13.0564 6348 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
20:21:13.0611 6348 BITS - ok
20:21:13.0736 6348 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:21:13.0767 6348 blbdrive - ok
20:21:13.0970 6348 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:21:13.0970 6348 Bonjour Service - ok
20:21:14.0157 6348 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:21:14.0157 6348 bowser - ok
20:21:14.0313 6348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:21:14.0344 6348 BrFiltLo - ok
20:21:14.0375 6348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:21:14.0391 6348 BrFiltUp - ok
20:21:14.0469 6348 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:21:14.0484 6348 Browser - ok
20:21:14.0656 6348 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:21:14.0781 6348 Brserid - ok
20:21:15.0046 6348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:21:15.0077 6348 BrSerWdm - ok
20:21:15.0280 6348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:21:15.0342 6348 BrUsbMdm - ok
20:21:15.0405 6348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:21:15.0452 6348 BrUsbSer - ok
20:21:15.0732 6348 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:21:15.0764 6348 BTHMODEM - ok
20:21:15.0935 6348 Bulk - ok
20:21:16.0169 6348 catchme - ok
20:21:16.0278 6348 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:16.0310 6348 cdfs - ok
20:21:16.0388 6348 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:21:16.0434 6348 cdrom - ok
20:21:16.0512 6348 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
20:21:16.0544 6348 CertPropSvc - ok
20:21:16.0637 6348 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:21:16.0653 6348 circlass - ok
20:21:16.0731 6348 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:21:16.0762 6348 CLFS - ok
20:21:16.0871 6348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:21:16.0918 6348 clr_optimization_v2.0.50727_32 - ok
20:21:17.0074 6348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:21:17.0105 6348 clr_optimization_v4.0.30319_32 - ok
20:21:17.0246 6348 CLTNetCnService - ok
20:21:17.0448 6348 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:17.0464 6348 CmBatt - ok
20:21:17.0589 6348 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:21:17.0620 6348 cmdide - ok
20:21:17.0698 6348 CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
20:21:18.0057 6348 CnxtHdAudAddService - ok
20:21:18.0150 6348 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:18.0182 6348 Compbatt - ok
20:21:18.0213 6348 COMSysApp - ok
20:21:18.0322 6348 ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:21:18.0322 6348 ConfigFree Service - ok
20:21:18.0416 6348 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:21:18.0447 6348 crcdisk - ok
20:21:18.0509 6348 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:21:18.0509 6348 Crusoe - ok
20:21:18.0587 6348 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
20:21:18.0587 6348 CryptSvc - ok
20:21:18.0681 6348 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
20:21:18.0696 6348 DcomLaunch - ok
20:21:18.0806 6348 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:21:18.0837 6348 DfsC - ok
20:21:18.0977 6348 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
20:21:19.0024 6348 DFSR - ok
20:21:19.0133 6348 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
20:21:19.0133 6348 Dhcp - ok
20:21:19.0227 6348 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:21:19.0242 6348 disk - ok
20:21:19.0352 6348 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
20:21:19.0383 6348 Dnscache - ok
20:21:19.0476 6348 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
20:21:19.0523 6348 dot3svc - ok
20:21:19.0726 6348 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:21:19.0726 6348 DPS - ok
20:21:19.0851 6348 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:21:19.0851 6348 drmkaud - ok
20:21:19.0976 6348 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:21:19.0991 6348 dtsoftbus01 - ok
20:21:20.0069 6348 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:21:20.0116 6348 DXGKrnl - ok
20:21:20.0225 6348 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:21:20.0241 6348 E1G60 - ok
20:21:20.0319 6348 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:21:20.0334 6348 EapHost - ok
20:21:20.0506 6348 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:21:20.0537 6348 Ecache - ok
20:21:20.0631 6348 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:21:20.0662 6348 ehRecvr - ok
20:21:20.0693 6348 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:21:20.0724 6348 ehSched - ok
20:21:20.0756 6348 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:21:20.0756 6348 ehstart - ok
20:21:20.0943 6348 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:21:20.0958 6348 elxstor - ok
20:21:21.0068 6348 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
20:21:21.0083 6348 EMDMgmt - ok
20:21:21.0224 6348 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:21:21.0224 6348 ErrDev - ok
20:21:21.0348 6348 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
20:21:21.0348 6348 EventSystem - ok
20:21:21.0458 6348 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:21:21.0504 6348 exfat - ok
20:21:21.0629 6348 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:21:21.0660 6348 fastfat - ok
20:21:21.0801 6348 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:21:21.0848 6348 fdc - ok
20:21:22.0035 6348 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:21:22.0050 6348 fdPHost - ok
20:21:22.0206 6348 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:21:22.0238 6348 FDResPub - ok
20:21:22.0347 6348 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:21:22.0362 6348 FileInfo - ok
20:21:22.0425 6348 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:21:22.0456 6348 Filetrace - ok
20:21:22.0581 6348 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:21:22.0581 6348 FLEXnet Licensing Service - ok
20:21:22.0706 6348 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:21:22.0721 6348 flpydisk - ok
20:21:22.0799 6348 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:21:22.0830 6348 FltMgr - ok
20:21:22.0908 6348 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:21:22.0908 6348 FontCache3.0.0.0 - ok
20:21:22.0986 6348 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:21:23.0018 6348 Fs_Rec - ok
20:21:23.0080 6348 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:21:23.0080 6348 gagp30kx - ok
20:21:23.0220 6348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:21:23.0252 6348 GEARAspiWDM - ok
20:21:23.0330 6348 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
20:21:23.0376 6348 gpsvc - ok
20:21:23.0486 6348 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:21:23.0501 6348 gupdate - ok
20:21:23.0532 6348 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:21:23.0532 6348 gupdatem - ok
20:21:23.0657 6348 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:21:23.0688 6348 HdAudAddService - ok
20:21:23.0798 6348 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:21:23.0844 6348 HDAudBus - ok
20:21:23.0907 6348 HDJMidi - ok
20:21:23.0954 6348 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:21:23.0969 6348 HidBth - ok
20:21:24.0047 6348 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:21:24.0078 6348 HidIr - ok
20:21:24.0172 6348 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
20:21:24.0203 6348 hidserv - ok
20:21:24.0375 6348 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:21:24.0390 6348 HidUsb - ok
20:21:24.0531 6348 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:21:24.0531 6348 hkmsvc - ok
20:21:24.0593 6348 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:21:24.0609 6348 HpCISSs - ok
20:21:24.0749 6348 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:21:24.0780 6348 HSF_DPV - ok
20:21:24.0890 6348 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:21:24.0921 6348 HSXHWAZL - ok
20:21:25.0046 6348 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
20:21:25.0077 6348 HTTP - ok
20:21:25.0202 6348 hwdatacard - ok
20:21:25.0342 6348 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:21:25.0373 6348 i2omp - ok
20:21:25.0451 6348 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:21:25.0482 6348 i8042prt - ok
20:21:25.0607 6348 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
20:21:25.0623 6348 iaStor - ok
20:21:25.0732 6348 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:21:25.0763 6348 iaStorV - ok
20:21:25.0872 6348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:21:25.0904 6348 IDriverT - ok
20:21:26.0028 6348 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:21:26.0075 6348 idsvc - ok
20:21:26.0169 6348 igfx - ok
20:21:26.0231 6348 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:21:26.0247 6348 iirsp - ok
20:21:26.0325 6348 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
20:21:26.0340 6348 IKEEXT - ok
20:21:26.0465 6348 IntcHdmiAddService - ok
20:21:26.0574 6348 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:21:26.0606 6348 intelide - ok
20:21:26.0808 6348 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:21:26.0840 6348 intelppm - ok
20:21:26.0933 6348 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:21:26.0964 6348 IPBusEnum - ok
20:21:27.0058 6348 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:27.0089 6348 IpFilterDriver - ok
20:21:27.0198 6348 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
20:21:27.0245 6348 iphlpsvc - ok
20:21:27.0292 6348 IpInIp - ok
20:21:27.0386 6348 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:21:27.0432 6348 IPMIDRV - ok
20:21:27.0479 6348 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:21:27.0510 6348 IPNAT - ok
20:21:27.0635 6348 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
20:21:27.0635 6348 iPod Service - ok
20:21:27.0744 6348 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:21:27.0791 6348 IRENUM - ok
20:21:27.0869 6348 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:21:27.0900 6348 isapnp - ok
20:21:27.0994 6348 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:21:28.0041 6348 iScsiPrt - ok
20:21:28.0103 6348 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:21:28.0134 6348 iteatapi - ok
20:21:28.0244 6348 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:21:28.0259 6348 iteraid - ok
20:21:28.0353 6348 iviregmgr - ok
20:21:28.0415 6348 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:21:28.0431 6348 kbdclass - ok
20:21:28.0462 6348 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:21:28.0493 6348 kbdhid - ok
20:21:28.0587 6348 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:28.0587 6348 KeyIso - ok
20:21:28.0665 6348 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:21:28.0696 6348 KSecDD - ok
20:21:28.0977 6348 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
20:21:29.0008 6348 KService - ok
20:21:29.0226 6348 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:21:29.0289 6348 KtmRm - ok
20:21:29.0367 6348 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
20:21:29.0429 6348 LanmanServer - ok
20:21:29.0523 6348 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
20:21:29.0538 6348 LanmanWorkstation - ok
20:21:29.0648 6348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:21:29.0663 6348 lltdio - ok
20:21:29.0710 6348 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:21:29.0726 6348 lltdsvc - ok
20:21:29.0804 6348 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:21:29.0850 6348 lmhosts - ok
20:21:29.0928 6348 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:21:29.0944 6348 LSI_FC - ok
20:21:30.0069 6348 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:21:30.0084 6348 LSI_SAS - ok
20:21:30.0162 6348 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:21:30.0162 6348 LSI_SCSI - ok
20:21:30.0303 6348 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:21:30.0350 6348 luafv - ok
20:21:30.0412 6348 MagicTune - ok
20:21:30.0443 6348 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
20:21:30.0662 6348 massfilter - ok
20:21:30.0740 6348 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
20:21:31.0161 6348 MBAMSwissArmy - ok
20:21:31.0254 6348 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:21:31.0286 6348 McComponentHostService - ok
20:21:31.0426 6348 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:21:31.0457 6348 Mcx2Svc - ok
20:21:31.0566 6348 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:21:31.0582 6348 mdmxsdk - ok
20:21:31.0676 6348 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:21:31.0691 6348 megasas - ok
20:21:31.0785 6348 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:21:31.0800 6348 MegaSR - ok
20:21:31.0925 6348 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:21:31.0941 6348 Microsoft Office Groove Audit Service - ok
20:21:32.0050 6348 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:21:32.0066 6348 MMCSS - ok
20:21:32.0159 6348 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:21:32.0190 6348 Modem - ok
20:21:32.0300 6348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:21:32.0315 6348 monitor - ok
20:21:32.0362 6348 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:21:32.0393 6348 mouclass - ok
20:21:32.0409 6348 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:21:32.0440 6348 mouhid - ok
20:21:32.0534 6348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:21:32.0565 6348 MountMgr - ok
20:21:32.0627 6348 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:21:32.0674 6348 mpio - ok
20:21:32.0768 6348 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:21:32.0799 6348 mpsdrv - ok
20:21:32.0877 6348 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:21:32.0877 6348 Mraid35x - ok
20:21:32.0986 6348 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:21:33.0002 6348 MRxDAV - ok
20:21:33.0080 6348 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:33.0080 6348 mrxsmb - ok
20:21:33.0189 6348 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:33.0220 6348 mrxsmb10 - ok
20:21:33.0298 6348 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:33.0314 6348 mrxsmb20 - ok
20:21:33.0438 6348 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:21:33.0470 6348 msahci - ok
20:21:33.0532 6348 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:21:33.0532 6348 msdsm - ok
20:21:33.0688 6348 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:21:33.0719 6348 MSDTC - ok
20:21:33.0875 6348 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:21:33.0906 6348 Msfs - ok
20:21:34.0031 6348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:21:34.0062 6348 msisadrv - ok
20:21:34.0125 6348 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:21:34.0172 6348 MSiSCSI - ok
20:21:34.0218 6348 msiserver - ok
20:21:34.0296 6348 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:21:34.0312 6348 MSKSSRV - ok
20:21:34.0406 6348 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:34.0421 6348 MSPCLOCK - ok
20:21:34.0499 6348 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:21:34.0530 6348 MSPQM - ok
20:21:34.0593 6348 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:21:34.0624 6348 MsRPC - ok
20:21:34.0718 6348 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:21:34.0749 6348 mssmbios - ok
20:21:34.0842 6348 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:21:34.0858 6348 MSTEE - ok
20:21:34.0952 6348 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:21:34.0967 6348 Mup - ok
20:21:35.0076 6348 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
20:21:35.0076 6348 napagent - ok
20:21:35.0248 6348 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:21:35.0279 6348 NativeWifiP - ok
20:21:35.0373 6348 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:21:35.0388 6348 NDIS - ok
20:21:35.0482 6348 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:35.0513 6348 NdisTapi - ok
20:21:35.0560 6348 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:35.0591 6348 Ndisuio - ok
20:21:35.0638 6348 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:35.0654 6348 NdisWan - ok
20:21:35.0747 6348 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:21:35.0747 6348 NDProxy - ok
20:21:35.0841 6348 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:21:35.0856 6348 NetBIOS - ok
20:21:35.0981 6348 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:21:36.0012 6348 netbt - ok
20:21:36.0137 6348 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:36.0137 6348 Netlogon - ok
20:21:36.0278 6348 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:21:36.0309 6348 Netman - ok
20:21:36.0402 6348 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:21:36.0418 6348 netprofm - ok
20:21:36.0512 6348 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:21:36.0543 6348 NetTcpPortSharing - ok
20:21:36.0730 6348 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:21:36.0855 6348 NETw3v32 - ok
20:21:37.0026 6348 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:21:37.0151 6348 NETw4v32 - ok
20:21:37.0276 6348 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:21:37.0292 6348 nfrd960 - ok
20:21:37.0354 6348 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:21:37.0354 6348 NlaSvc - ok
20:21:37.0448 6348 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:21:37.0463 6348 Npfs - ok
20:21:37.0510 6348 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:21:37.0526 6348 nsi - ok
20:21:37.0619 6348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:21:37.0650 6348 nsiproxy - ok
20:21:37.0744 6348 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:21:37.0791 6348 Ntfs - ok
20:21:37.0884 6348 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:21:37.0916 6348 ntrigdigi - ok
20:21:37.0962 6348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:21:37.0978 6348 Null - ok
20:21:38.0025 6348 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:21:38.0040 6348 nvraid - ok
20:21:38.0134 6348 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:21:38.0150 6348 nvstor - ok
20:21:38.0212 6348 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:21:38.0228 6348 nv_agp - ok
20:21:38.0243 6348 NwlnkFlt - ok
20:21:38.0259 6348 NwlnkFwd - ok
20:21:38.0384 6348 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
20:21:38.0384 6348 o2flash - ok
20:21:38.0540 6348 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
20:21:38.0555 6348 O2MDRDR - ok
20:21:38.0711 6348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:21:38.0727 6348 odserv - ok
20:21:38.0836 6348 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:21:38.0867 6348 ohci1394 - ok
20:21:38.0961 6348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:38.0992 6348 ose - ok
20:21:39.0117 6348 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:39.0164 6348 p2pimsvc - ok
20:21:39.0179 6348 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:39.0195 6348 p2psvc - ok
20:21:39.0304 6348 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:21:39.0320 6348 Parport - ok
20:21:39.0398 6348 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:21:39.0413 6348 partmgr - ok
20:21:39.0444 6348 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:21:39.0460 6348 Parvdm - ok
20:21:39.0507 6348 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:21:39.0538 6348 PcaSvc - ok
20:21:39.0647 6348 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:21:39.0663 6348 pci - ok
20:21:39.0725 6348 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:21:39.0725 6348 pciide - ok
20:21:39.0756 6348 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:21:39.0803 6348 pcmcia - ok
20:21:39.0928 6348 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:21:39.0959 6348 PEAUTH - ok
20:21:40.0100 6348 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:21:40.0146 6348 pla - ok
20:21:40.0287 6348 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
20:21:40.0349 6348 PlugPlay - ok
20:21:40.0427 6348 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:40.0427 6348 PNRPAutoReg - ok
20:21:40.0458 6348 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:40.0458 6348 PNRPsvc - ok
20:21:40.0583 6348 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
20:21:40.0646 6348 PolicyAgent - ok
20:21:40.0802 6348 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:40.0817 6348 PptpMiniport - ok
20:21:40.0864 6348 prevxdriver - ok
20:21:40.0895 6348 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:21:40.0911 6348 Processor - ok
20:21:41.0004 6348 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
20:21:41.0051 6348 ProfSvc - ok
20:21:41.0129 6348 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:41.0129 6348 ProtectedStorage - ok
20:21:41.0207 6348 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:21:41.0207 6348 PSched - ok
20:21:41.0270 6348 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:21:41.0285 6348 PxHelp20 - ok
20:21:41.0379 6348 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
20:21:41.0394 6348 QIOMem - ok
20:21:41.0535 6348 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:21:41.0566 6348 ql2300 - ok
20:21:41.0660 6348 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:21:41.0660 6348 ql40xx - ok
20:21:41.0706 6348 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:21:41.0722 6348 QWAVE - ok
20:21:41.0831 6348 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:21:41.0847 6348 QWAVEdrv - ok
20:21:42.0096 6348 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
20:21:42.0112 6348 RapportCerberus_34302 - ok
20:21:42.0237 6348 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:21:42.0252 6348 RapportEI - ok
20:21:42.0486 6348 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
20:21:42.0502 6348 RapportIaso - ok
20:21:42.0642 6348 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
20:21:42.0658 6348 RapportKELL - ok
20:21:43.0017 6348 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
20:21:43.0032 6348 RapportMgmtService - ok
20:21:43.0188 6348 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:21:43.0204 6348 RapportPG - ok
20:21:43.0360 6348 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:43.0391 6348 RasAcd - ok
20:21:43.0454 6348 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:21:43.0469 6348 RasAuto - ok
20:21:43.0594 6348 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:43.0610 6348 Rasl2tp - ok
20:21:43.0672 6348 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
20:21:43.0703 6348 RasMan - ok
20:21:43.0812 6348 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:43.0828 6348 RasPppoe - ok
20:21:43.0875 6348 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:43.0890 6348 RasSstp - ok
20:21:43.0922 6348 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:43.0937 6348 rdbss - ok
20:21:43.0984 6348 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:44.0046 6348 RDPCDD - ok
20:21:44.0124 6348 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:21:44.0171 6348 rdpdr - ok
20:21:44.0280 6348 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:21:44.0280 6348 RDPENCDD - ok
20:21:44.0343 6348 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:21:44.0358 6348 RDPWD - ok
20:21:44.0405 6348 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:21:44.0421 6348 RemoteAccess - ok
20:21:44.0514 6348 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
20:21:44.0530 6348 RemoteRegistry - ok
20:21:44.0577 6348 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:21:44.0608 6348 RpcLocator - ok
20:21:44.0702 6348 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
20:21:44.0717 6348 RpcSs - ok
20:21:44.0780 6348 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:44.0780 6348 rspndr - ok
20:21:44.0920 6348 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
20:21:44.0920 6348 s115bus - ok
20:21:44.0998 6348 s616mdm - ok
20:21:45.0045 6348 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:45.0045 6348 SamSs - ok
20:21:45.0684 6348 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
20:21:45.0700 6348 SBAMSvc - ok
20:21:45.0872 6348 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
20:21:45.0887 6348 sbapifs - ok
20:21:46.0043 6348 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
20:21:46.0090 6348 SbFw - ok
20:21:46.0168 6348 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
20:21:46.0184 6348 SBFWIMCL - ok
20:21:46.0293 6348 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
20:21:46.0293 6348 SBFWIMCLMP - ok
20:21:46.0371 6348 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
20:21:46.0402 6348 sbhips - ok
20:21:46.0511 6348 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:21:46.0511 6348 sbp2port - ok
20:21:46.0605 6348 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
20:21:46.0652 6348 SBRE - ok
20:21:46.0761 6348 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:21:46.0776 6348 SBSDWSCService - ok
20:21:46.0917 6348 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
20:21:46.0932 6348 SbTis - ok
20:21:47.0042 6348 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
20:21:47.0073 6348 SCardSvr - ok
20:21:47.0151 6348 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
20:21:47.0151 6348 Schedule - ok
20:21:47.0276 6348 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
20:21:47.0276 6348 SCPolicySvc - ok
20:21:47.0338 6348 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:21:47.0354 6348 sdbus - ok
20:21:47.0369 6348 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:21:47.0400 6348 SDRSVC - ok
20:21:47.0510 6348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:21:47.0541 6348 secdrv - ok
20:21:47.0619 6348 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:21:47.0634 6348 seclogon - ok
20:21:47.0712 6348 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:21:47.0744 6348 SENS - ok
20:21:47.0837 6348 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:21:47.0868 6348 Serenum - ok
20:21:48.0040 6348 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:21:48.0087 6348 Serial - ok
20:21:48.0258 6348 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:21:48.0290 6348 sermouse - ok
20:21:48.0368 6348 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:21:48.0383 6348 SessionEnv - ok
20:21:48.0430 6348 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:48.0446 6348 sffdisk - ok
20:21:48.0555 6348 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:21:48.0586 6348 sffp_mmc - ok
20:21:48.0648 6348 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:48.0664 6348 sffp_sd - ok
20:21:48.0742 6348 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:21:48.0773 6348 sfloppy - ok
20:21:48.0836 6348 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:21:48.0851 6348 SharedAccess - ok
20:21:48.0914 6348 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
20:21:48.0945 6348 ShellHWDetection - ok
20:21:49.0023 6348 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:21:49.0054 6348 sisagp - ok
20:21:49.0179 6348 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:21:49.0179 6348 SiSRaid2 - ok
20:21:49.0241 6348 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:21:49.0257 6348 SiSRaid4 - ok
20:21:49.0366 6348 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
20:21:49.0382 6348 slsvc - ok
20:21:49.0491 6348 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
20:21:49.0538 6348 SLUINotify - ok
20:21:49.0600 6348 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:21:49.0631 6348 Smb - ok
20:21:49.0787 6348 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:21:49.0787 6348 SNMPTRAP - ok
20:21:49.0896 6348 SplashtopRemoteService (45e73e4bf21407c9297b7d625392c327) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
20:21:49.0896 6348 SplashtopRemoteService - ok
20:21:50.0021 6348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:21:50.0021 6348 spldr - ok
20:21:50.0146 6348 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
20:21:50.0146 6348 Spooler - ok
20:21:50.0240 6348 sptisrv - ok
20:21:50.0349 6348 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:21:50.0380 6348 srv - ok
20:21:50.0489 6348 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:21:50.0505 6348 srv2 - ok
20:21:50.0583 6348 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:50.0598 6348 srvnet - ok
20:21:50.0645 6348 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:21:50.0661 6348 SSDPSRV - ok
20:21:50.0754 6348 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:21:50.0786 6348 SstpSvc - ok
20:21:50.0879 6348 SSUService (16467d878ddd9d10f0e42cb81e0cf391) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
20:21:50.0879 6348 SSUService - ok
20:21:51.0004 6348 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
20:21:51.0020 6348 stisvc - ok
20:21:51.0066 6348 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:21:51.0098 6348 swenum - ok
20:21:51.0176 6348 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
20:21:51.0207 6348 swprv - ok
20:21:51.0300 6348 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:21:51.0316 6348 Symc8xx - ok
20:21:51.0425 6348 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:21:51.0441 6348 Sym_hi - ok
20:21:51.0488 6348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:21:51.0503 6348 Sym_u3 - ok
20:21:51.0550 6348 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
20:21:51.0566 6348 SynTP - ok
20:21:51.0628 6348 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
20:21:51.0659 6348 SysMain - ok
20:21:51.0737 6348 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:21:51.0768 6348 TabletInputService - ok
20:21:51.0815 6348 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
20:21:51.0831 6348 TapiSrv - ok
20:21:51.0909 6348 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:21:51.0940 6348 TBS - ok
20:21:52.0049 6348 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:21:52.0096 6348 Tcpip - ok
20:21:52.0236 6348 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:52.0236 6348 Tcpip6 - ok
20:21:52.0424 6348 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:21:52.0470 6348 tcpipreg - ok
20:21:52.0658 6348 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:21:52.0860 6348 tdcmdpst - ok
20:21:52.0970 6348 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:21:53.0001 6348 TDPIPE - ok
20:21:53.0032 6348 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:21:53.0063 6348 TDTCP - ok
20:21:53.0172 6348 tdx (61daf937afc4c7a3db1a3232c3d7e258) C:\Windows\system32\DRIVERS\tdx.sys
20:21:53.0250 6348 tdx ( Virus.Win32.ZAccess.c ) - infected
20:21:53.0250 6348 tdx - detected Virus.Win32.ZAccess.c (0)
20:21:53.0422 6348 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
20:21:53.0438 6348 TeamViewer6 - ok
20:21:53.0531 6348 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:21:53.0547 6348 TermDD - ok
20:21:53.0594 6348 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
20:21:53.0609 6348 TermService - ok
20:21:53.0687 6348 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
20:21:53.0687 6348 Themes - ok
20:21:53.0734 6348 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:21:53.0734 6348 THREADORDER - ok
20:21:53.0843 6348 TNaviSrv (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:21:53.0843 6348 TNaviSrv - ok
20:21:53.0968 6348 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
20:21:53.0984 6348 TODDSrv - ok
20:21:54.0093 6348 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
20:21:54.0093 6348 TosCoSrv - ok
20:21:54.0124 6348 TOSHIBA Bluetooth Service - ok
20:21:54.0155 6348 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
20:21:54.0155 6348 TOSHIBA SMART Log Service - ok
20:21:54.0218 6348 Tosrfcom - ok
20:21:54.0280 6348 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
20:21:54.0296 6348 tosrfec - ok
20:21:54.0358 6348 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:21:54.0608 6348 tos_sps32 - ok
20:21:54.0686 6348 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:21:54.0701 6348 TrkWks - ok
20:21:54.0748 6348 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
20:21:54.0748 6348 TrustedInstaller - ok
20:21:54.0966 6348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:54.0998 6348 tssecsrv - ok
20:21:55.0154 6348 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:21:55.0185 6348 tunmp - ok
20:21:55.0325 6348 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:55.0325 6348 tunnel - ok
20:21:55.0404 6348 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:21:55.0435 6348 TVALZ - ok
20:21:55.0513 6348 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:21:55.0513 6348 uagp35 - ok
20:21:55.0607 6348 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:21:55.0623 6348 udfs - ok
20:21:55.0685 6348 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:21:55.0732 6348 UI0Detect - ok
20:21:55.0825 6348 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:21:55.0825 6348 UleadBurningHelper - ok
20:21:55.0919 6348 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:21:55.0935 6348 uliagpkx - ok
20:21:55.0981 6348 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:21:56.0013 6348 uliahci - ok
20:21:56.0122 6348 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:21:56.0122 6348 UlSata - ok
20:21:56.0215 6348 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:21:56.0215 6348 ulsata2 - ok
20:21:56.0262 6348 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:21:56.0309 6348 umbus - ok
20:21:56.0371 6348 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:21:56.0403 6348 upnphost - ok
20:21:56.0512 6348 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:21:56.0527 6348 USBAAPL - ok
20:21:56.0637 6348 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
20:21:56.0652 6348 usbaudio - ok
20:21:56.0730 6348 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:56.0746 6348 usbccgp - ok
20:21:56.0839 6348 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:21:56.0871 6348 usbcir - ok
20:21:56.0933 6348 usbcm - ok
20:21:57.0058 6348 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:21:57.0058 6348 usbehci - ok
20:21:57.0105 6348 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:57.0120 6348 usbhub - ok
20:21:57.0167 6348 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:21:57.0214 6348 usbohci - ok
20:21:57.0370 6348 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:57.0385 6348 usbprint - ok
20:21:57.0557 6348 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:21:57.0573 6348 usbscan - ok
20:21:57.0635 6348 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:57.0635 6348 USBSTOR - ok
20:21:57.0760 6348 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:21:57.0791 6348 usbuhci - ok
20:21:57.0853 6348 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:21:57.0885 6348 usbvideo - ok
20:21:57.0931 6348 usnjsvc - ok
20:21:58.0009 6348 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:21:58.0041 6348 UVCFTR - ok
20:21:58.0119 6348 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
20:21:58.0134 6348 UxSms - ok
20:21:58.0243 6348 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
20:21:58.0259 6348 vds - ok
20:21:58.0337 6348 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:58.0353 6348 vga - ok
20:21:58.0431 6348 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:21:58.0431 6348 VgaSave - ok
20:21:58.0493 6348 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:21:58.0524 6348 viaagp - ok
20:21:58.0602 6348 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:21:58.0633 6348 ViaC7 - ok
20:21:58.0696 6348 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:21:58.0727 6348 viaide - ok
20:21:58.0805 6348 vnccom (b67632451f760797bb183e1fb99f4b39) C:\Windows\system32\Drivers\vnccom.SYS
20:21:58.0852 6348 vnccom - ok
20:21:58.0914 6348 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\Windows\system32\DRIVERS\vncdrv.sys
20:21:58.0930 6348 vncdrv - ok
20:21:59.0008 6348 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:21:59.0055 6348 volmgr - ok
20:21:59.0148 6348 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:21:59.0164 6348 volmgrx - ok
20:21:59.0273 6348 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:21:59.0320 6348 volsnap - ok
20:21:59.0429 6348 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:21:59.0445 6348 vsmraid - ok
20:21:59.0632 6348 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
20:21:59.0647 6348 VSS - ok
20:21:59.0788 6348 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
20:21:59.0835 6348 W32Time - ok
20:21:59.0944 6348 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:21:59.0959 6348 WacomPen - ok
20:21:59.0991 6348 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:00.0006 6348 Wanarp - ok
20:22:00.0006 6348 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:00.0006 6348 Wanarpv6 - ok
20:22:00.0069 6348 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
20:22:00.0100 6348 wcncsvc - ok
20:22:00.0193 6348 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:22:00.0209 6348 WcsPlugInService - ok
20:22:00.0287 6348 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:22:00.0318 6348 Wd - ok
20:22:00.0443 6348 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:22:00.0474 6348 Wdf01000 - ok
20:22:00.0537 6348 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:22:00.0583 6348 WdiServiceHost - ok
20:22:00.0583 6348 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:22:00.0583 6348 WdiSystemHost - ok
20:22:00.0693 6348 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
20:22:00.0739 6348 WebClient - ok
20:22:00.0802 6348 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:22:00.0833 6348 Wecsvc - ok
20:22:00.0895 6348 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:22:00.0942 6348 wercplsupport - ok
20:22:01.0051 6348 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
20:22:01.0223 6348 WerSvc - ok
20:22:01.0348 6348 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:22:01.0363 6348 winachsf - ok
20:22:01.0457 6348 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:22:01.0473 6348 WinDefend - ok
20:22:01.0488 6348 WinHttpAutoProxySvc - ok
20:22:01.0597 6348 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
20:22:01.0597 6348 Winmgmt - ok
20:22:01.0691 6348 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:22:01.0722 6348 WinRM - ok
20:22:01.0847 6348 WinVNC4 (7043ddf51d7135c1d1b83b4213dfed61) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
20:22:01.0847 6348 WinVNC4 - ok
20:22:02.0034 6348 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
20:22:02.0065 6348 Wlansvc - ok
20:22:02.0143 6348 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:22:02.0190 6348 WLSetupSvc - ok
20:22:02.0284 6348 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:22:02.0331 6348 WmiAcpi - ok
20:22:02.0409 6348 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
20:22:02.0424 6348 wmiApSrv - ok
20:22:02.0518 6348 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:22:02.0549 6348 WMPNetworkSvc - ok
20:22:02.0783 6348 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
20:22:02.0830 6348 WPCSvc - ok
20:22:02.0939 6348 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
20:22:02.0970 6348 WPDBusEnum - ok
20:22:03.0033 6348 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:22:03.0048 6348 WpdUsb - ok
20:22:03.0267 6348 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:22:03.0313 6348 WPFFontCache_v0400 - ok
20:22:03.0438 6348 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:03.0469 6348 ws2ifsl - ok
20:22:03.0547 6348 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
20:22:03.0594 6348 wscsvc - ok
20:22:03.0641 6348 WSearch - ok
20:22:03.0766 6348 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:22:03.0781 6348 wuauserv - ok
20:22:03.0875 6348 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:03.0906 6348 WUDFRd - ok
20:22:04.0078 6348 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:22:04.0125 6348 wudfsvc - ok
20:22:04.0218 6348 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys
20:22:04.0249 6348 X4HSEx - ok
20:22:04.0405 6348 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:22:04.0405 6348 XAudio - ok
20:22:04.0452 6348 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
20:22:04.0452 6348 XAudioService - ok
20:22:04.0639 6348 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
20:22:04.0639 6348 yukonwlh - ok
20:22:04.0717 6348 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:22:04.0920 6348 ZTEusbmdm6k - ok
20:22:05.0045 6348 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:22:05.0248 6348 ZTEusbnmea - ok
20:22:05.0310 6348 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:22:05.0529 6348 ZTEusbser6k - ok
20:22:05.0575 6348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:22:05.0638 6348 \Device\Harddisk0\DR0 - ok
20:22:05.0638 6348 Boot (0x1200) (0f2c39e9dd46ab8db6a4a27b29e73d30) \Device\Harddisk0\DR0\Partition0
20:22:05.0638 6348 \Device\Harddisk0\DR0\Partition0 - ok
20:22:05.0669 6348 Boot (0x1200) (d6616ce09c4b8d8957397596dcd4745d) \Device\Harddisk0\DR0\Partition1
20:22:05.0669 6348 \Device\Harddisk0\DR0\Partition1 - ok
20:22:05.0685 6348 ============================================================
20:22:05.0685 6348 Scan finished
20:22:05.0685 6348 ============================================================
20:22:05.0700 6488 Detected object count: 2
20:22:05.0700 6488 Actual detected object count: 2
20:22:39.0037 6488 C:\Windows\system32\TPPWRIF.dll - copied to quarantine
20:22:39.0100 6488 HKLM\SYSTEM\ControlSet001\services\besclient - will be deleted on reboot
20:22:39.0131 6488 C:\Windows\system32\TPPWRIF.dll - will be deleted on reboot
20:22:39.0131 6488 besclient ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:22:39.0225 6488 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
20:22:39.0256 6488 C:\Windows\$NtUninstallKB3248$\1944747866\@ - copied to quarantine
20:22:39.0271 6488 C:\Windows\$NtUninstallKB3248$\1944747866\cfg.ini - copied to quarantine
20:22:39.0303 6488 C:\Windows\$NtUninstallKB3248$\1944747866\Desktop.ini - copied to quarantine
20:22:39.0334 6488 C:\Windows\$NtUninstallKB3248$\1944747866\L\qnbwvoto - copied to quarantine
20:22:39.0349 6488 C:\Windows\$NtUninstallKB3248$\1944747866\oemid - copied to quarantine
20:22:39.0365 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000001.@ - copied to quarantine
20:22:39.0474 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000002.@ - copied to quarantine
20:22:39.0505 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000004.@ - copied to quarantine
20:22:39.0552 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000000.@ - copied to quarantine
20:22:39.0568 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000004.@ - copied to quarantine
20:22:39.0630 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000032.@ - copied to quarantine
20:22:39.0661 6488 C:\Windows\$NtUninstallKB3248$\1944747866\version - copied to quarantine
20:22:39.0755 6488 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
20:22:50.0488 6488 Backup copy found, using it..
20:22:50.0909 6488 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
20:22:55.0932 6488 C:\Windows\$NtUninstallKB3248$\1650053464 - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\cfg.ini - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\Desktop.ini - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\oemid - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000001.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000002.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000004.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000000.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000004.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000032.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\version - will be deleted on reboot
20:22:55.0948 6488 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
20:23:11.0049 7096 Deinitialize success
ASW LOG:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-11 20:33:52
-----------------------------
20:33:52.640 OS Version: Windows 6.0.6001 Service Pack 1
20:33:52.640 Number of processors: 2 586 0xF0D
20:33:52.640 ComputerName: DENISELAPTOP UserName: Denise
20:34:29.021 Initialize success
20:43:40.441 AVAST engine defs: 12041101
20:43:46.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:43:46.556 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
20:43:46.572 Disk 0 MBR read successfully
20:43:46.572 Disk 0 MBR scan
20:43:46.587 Disk 0 Windows 7 default MBR code
20:43:46.587 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:43:46.603 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 120360 MB offset 3074048
20:43:46.634 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 116614 MB offset 249571328
20:43:46.650 Disk 0 scanning sectors +488396800
20:43:46.790 Disk 0 scanning C:\Windows\system32\drivers
20:44:13.531 Service scanning
20:44:57.320 Modules scanning
20:45:14.168 Disk 0 trace - called modules:
20:45:14.199 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:45:14.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885adac8]
20:45:14.215 3 CLASSPNP.SYS[84f84745] -> nt!IofCallDriver -> [0x875273b0]
20:45:14.230 5 acpi.sys[806946a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87556028]
20:45:15.026 AVAST engine scan C:\Windows
20:45:18.395 AVAST engine scan C:\Windows\system32
20:54:19.000 AVAST engine scan C:\Windows\system32\drivers
20:54:43.555 AVAST engine scan C:\Users\Denise
21:04:02.466 Disk 0 MBR has been saved successfully to "C:\Users\Denise\Desktop\MBR.dat"
21:04:02.544 The log file has been saved successfully to "C:\Users\Denise\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites
Good!

Run RogueKiller in the same way as before and post the log.

Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.

Read carefully and note the "Disclaimer of warranty"!

Paste the content of the log into your answer.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0