How to turn off auto Scan when downloading a file
Hi
I have only just downloaded ad aware and am having problems with downloading - when downloading an image the auto scan box pops up and then just completely freezes my machine the only way to get things working is by turning off and on again.
I have been through all the settings but cannot find out how to turn the auto scan off.
Thanks for any advice in advance /smile.png' class='bbc_emoticon' alt=':)' />
I have only just downloaded ad aware and am having problems with downloading - when downloading an image the auto scan box pops up and then just completely freezes my machine the only way to get things working is by turning off and on again.
I have been through all the settings but cannot find out how to turn the auto scan off.
Thanks for any advice in advance /smile.png' class='bbc_emoticon' alt=':)' />
0
-
Hi Cecilia
Results of Rouge Killer
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: [url="http://www.geekstogo.com/forum/files/file/413-roguekiller/"]http://www.geekstogo...13-roguekiller/[/url]
Blog: [url="http://tigzyrk.blogspot.com"]http://tigzyrk.blogspot.com[/url]
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Denise [Admin rights]
Mode: Scan -- Date: 04/09/2012 23:13:24
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] adawarebp.dll -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] tdx.sys : c:\windows\system32\drivers\tdx.sys --> CANNOT FIX
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[382] : NtCreateThreadEx @ 0x8401DF82 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys @ 0x9382C640)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 +++++
--- User ---
[MBR] ace090f5e9ac918493a8380ea87977f5
[BSP] 3fb687f0876b481538d25e4ce3b5dca9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 120360 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 249571328 | Size: 116614 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Results of OTL
OTL logfile created on: 09/04/2012 23:22:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Denise\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 63.38% Memory free
6.19 Gb Paging File | 5.17 Gb Available in Paging File | 83.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 20.03 Gb Free Space | 17.04% Space Free | Partition Type: NTFS
Drive E: | 113.88 Gb Total Space | 105.64 Gb Free Space | 92.76% Space Free | Partition Type: NTFS
Computer Name: DENISELAPTOP | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/04/09 23:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 07:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/11/03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/17 17:38:58 | 001,896,808 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2011/08/17 17:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/08/17 17:31:08 | 002,391,368 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/14 20:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/04/10 18:09:38 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 15:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/29 03:36:05 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/29 03:35:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/29 03:33:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/29 03:33:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/29 03:33:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/29 03:31:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/29 03:31:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/15 02:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/25 16:59:34 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2951.26938__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2951.27176__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2951.26891__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2951.26953__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2951.27166__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2951.27121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2951.26929__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2951.27066__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2951.26912__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:33 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2951.27206__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:27 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2951.27131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2951.27213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2951.27138__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:27 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2951.26905__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2951.27130__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:26 | 000,794,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2951.27078__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2951.27154__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:26 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2951.26961__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2951.27203__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2951.27098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2951.27077__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2951.27202__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2951.27168__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2951.26967__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2951.27069__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2951.26914__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2951.27113__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2951.27059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2951.26974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:25 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2951.27067__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2951.26973__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2951.27076__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2951.27097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2951.27111__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/08/25 16:59:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/25 16:59:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/08/25 16:59:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.2886.28835__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2886.28858__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/08/25 16:59:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/08/25 16:59:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2951.27229__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/08/25 16:59:21 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2951.27244__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/08/25 16:59:21 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2951.26878__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/08/25 16:59:20 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2951.26898__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/08/25 16:59:20 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2951.26922__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/08/25 16:59:20 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2951.27183__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/08/25 16:59:20 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2951.27193__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2951.26881__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/08/25 16:59:20 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2951.26882__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/08/25 16:59:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2951.27190__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2951.26880__90ba9c70f846762e\APM.Server.dll
MOD - [2008/08/25 16:59:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2951.26879__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/08/25 16:59:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2951.27192__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/08/25 16:59:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2886.28808__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/01/30 15:30:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/21 03:24:02 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/01/21 03:24:02 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/01/08 08:15:38 | 000,688,128 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2007/12/12 12:46:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\elosystemservice.dll -- (usnjsvc)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlsetupsvc.dll -- (sptisrv)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-integratedserver-appserver.dll -- (prevxdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntpr_nic_service2.dll -- (MagicTune)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amusbprt.dll -- (iviregmgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cam5603D.dll -- (alcaudsl)
SRV - [2012/04/06 07:50:23 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/10 07:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/11/03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/17 17:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/14 20:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03:23:43 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\System32\https-nassry.dll -- (s616mdm)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HDJMidi.sys -- (HDJMidi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\HDJBulk.sys -- (Bulk)
DRV - [2012/04/09 08:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/11 13:50:34 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/19 10:03:00 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/03/19 23:57:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/10 18:09:42 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/02/01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/30 16:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 03:24:53 | 000,071,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/04/09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncdrv.sys -- (vncdrv)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"]http://search.live.c...ferrer:source?}[/url]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AF 67 0E 05 F4 1C 79 4C 8D 1C 91 E4 4B F5 AF 57 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA_en-GB"]http://www.google.co...z=1I7TSEA_en-GB[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Denise\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Denise\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/20 18:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/20 18:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 07:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 16:39:20 | 000,000,000 | ---D | M]
[2010/01/09 11:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Extensions
[2012/04/06 18:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions
[2010/04/28 06:41:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/06 11:17:44 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/11/10 22:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/03/18 07:59:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 22:59:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 22:59:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 22:59:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 22:59:04 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 22:59:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: 3slive.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 3slive.com ([www.logical] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reflexive.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebo...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebo...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4026C108-D1AD-49DB-B261-C92CEEAB8CF0}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\primkhi: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\primkhi.dll) - C:\Windows\System32\config\systemprofile\AppData\Local\primkhi.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: sptisrv - %systemroot%\system32\wlsetupsvc.dll File not found
NetSvcs: prevxdriver - %systemroot%\system32\vaiomediaplatform-integratedserver-appserver.dll File not found
NetSvcs: alcaudsl - %systemroot%\system32\Cam5603D.dll File not found
NetSvcs: s616mdm - C:\Windows\System32\https-nassry.dll (Oak Technology Inc.)
NetSvcs: iviregmgr - %systemroot%\system32\amusbprt.dll File not found
NetSvcs: usnjsvc - %systemroot%\system32\elosystemservice.dll File not found
NetSvcs: MagicTune - %systemroot%\system32\ntpr_nic_service2.dll File not found
NetSvcs: mi-raysat_3dsmax9_32 - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/04/09 23:17:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/04/09 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Denise\Desktop\RK_Quarantine
[2012/04/09 11:42:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Denise\Desktop\dds.com
[2012/04/09 08:40:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/09 08:23:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/09 08:22:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/09 08:22:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\adaware
[2012/04/06 11:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/06 11:21:02 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012/04/06 11:20:59 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012/04/06 11:19:56 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012/04/06 11:19:56 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/04/06 11:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/06 11:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/04/06 11:17:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\adawarebp
[2012/04/06 11:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/06 11:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/04/06 11:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/04/06 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Ad-Aware Antivirus
[2012/04/06 08:47:31 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\f-secure
[2012/04/06 08:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/22 08:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E0003FDDA0349FB90EEC1FB6E
[2012/03/22 06:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000435DB0349FB90EEC1FB6E
[2012/03/22 06:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/03/16 22:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/16 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/16 22:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/11 13:48:50 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/04/09 23:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/04/09 23:12:37 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/09 23:12:37 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/09 23:05:25 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/09 23:05:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 23:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 23:04:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 23:04:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/09 23:04:53 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/09 23:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/09 23:04:41 | 3217,514,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 22:52:31 | 001,261,568 | ---- | M] () -- C:\Users\Denise\Desktop\RogueKiller.exe
[2012/04/09 22:49:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/09 21:36:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
[2012/04/09 21:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
[2012/04/09 18:14:35 | 000,002,543 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2012/04/09 17:30:13 | 000,005,149 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Palegreen.html
[2012/04/09 17:20:19 | 000,005,184 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Browncrystal.html
[2012/04/09 17:09:51 | 000,006,785 | ---- | M] () -- C:\Users\Denise\Documents\tree template - agate.html
[2012/04/09 17:02:04 | 000,006,785 | ---- | M] () -- C:\Users\Denise\Documents\tree template - flourite.html
[2012/04/09 16:31:13 | 000,005,171 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Blackcrystal.html
[2012/04/09 11:42:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Denise\Desktop\dds.com
[2012/04/09 11:05:06 | 000,006,615 | ---- | M] () -- C:\Users\Denise\Documents\tree template - tigers eye.html
[2012/04/09 08:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/08 12:00:09 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/05 11:19:53 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 10:28:25 | 311,843,187 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/16 22:53:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/16 22:53:31 | 000,001,854 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/16 22:42:07 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/04/09 22:51:48 | 001,261,568 | ---- | C] () -- C:\Users\Denise\Desktop\RogueKiller.exe
[2012/04/09 17:30:13 | 000,005,149 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Palegreen.html
[2012/04/09 17:11:29 | 000,005,184 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Browncrystal.html
[2012/04/09 17:09:51 | 000,006,785 | ---- | C] () -- C:\Users\Denise\Documents\tree template - agate.html
[2012/04/09 16:23:21 | 000,005,171 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Blackcrystal.html
[2012/04/09 12:27:35 | 000,006,785 | ---- | C] () -- C:\Users\Denise\Documents\tree template - flourite.html
[2012/04/09 08:23:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/09 08:23:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/06 17:11:04 | 000,006,615 | ---- | C] () -- C:\Users\Denise\Documents\tree template - tigers eye.html
[2012/04/06 11:26:01 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/06 11:21:10 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/06 07:36:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 14:43:58 | 3217,514,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/05 11:19:53 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/21 21:29:59 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/16 22:42:07 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/01 20:03:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/07/09 18:54:46 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/07/09 18:53:35 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2011/05/14 07:13:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/23 21:17:22 | 000,000,344 | ---- | C] () -- C:\ProgramData\yhhKHElns4DYqmD
[2011/02/20 11:50:17 | 000,000,336 | ---- | C] () -- C:\ProgramData\X6pQ1shcYjvuz0
[2011/02/20 10:59:13 | 000,000,392 | ---- | C] () -- C:\ProgramData\IlR9jxchz82u
[2011/02/20 10:24:37 | 000,000,731 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/13 12:57:23 | 000,000,264 | ---- | C] () -- C:\ProgramData\~t66q8BDK768
[2011/02/13 12:57:23 | 000,000,144 | ---- | C] () -- C:\ProgramData\~t66q8BDK768r
[2010/11/13 11:53:42 | 000,197,328 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[color=#E56717]========== LOP Check ==========[/color]
[2012/04/09 23:09:52 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ad-Aware Antivirus
[2008/10/25 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Alloysoft
[2008/10/12 10:33:59 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ancient Quest of Saqqarah__reflexive
[2012/02/09 20:30:22 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Awem
[2009/09/20 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/03/19 23:57:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DAEMON Tools Lite
[2011/05/14 08:17:50 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DeepVoyage
[2008/08/25 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DesktopSMS
[2009/11/22 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\EcoRescue
[2011/05/14 07:18:08 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Exent Technologies
[2012/04/06 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\f-secure
[2010/06/13 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Facebook
[2011/10/23 16:48:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FileZilla
[2009/10/17 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\GTM_Bodie
[2012/01/02 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\HandBrake
[2008/08/31 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\iWin
[2009/01/22 08:46:56 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\LimeWire
[2008/08/25 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\myphotobook
[2009/12/29 09:43:05 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\NCH Swift Sound
[2009/10/16 16:09:11 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Princess Isabella
[2009/01/04 12:39:55 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Reflexive
[2011/05/28 07:42:31 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\SpinTop
[2011/07/09 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TeamViewer
[2008/10/01 21:11:43 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TOSHIBA
[2011/06/18 08:13:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Total Immersion
[2010/02/07 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Trusteer
[2010/02/01 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\uTorrent
[2009/11/04 08:21:08 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\WinBatch
[2012/04/08 12:00:09 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/09 21:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
[2012/04/09 21:36:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
[2012/04/09 23:03:35 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]
[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]
[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]
[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]
[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.0.6001
Copyright © 1999-2007 Microsoft Corporation.
On computer: DENISELAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 G DVD-ROM 0 B No Media
Volume 2 C Vista NTFS Partition 118 GB Healthy System
Volume 3 E Data NTFS Partition 114 GB Healthy
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
< End of report >
Extras attached.0 -
Getting really desperate in needing to switch this off can anybody help? 0 -
click on realtime switch and antivirus and antispyware in home page of ad-aware 10 0 -
Hi welshden,
The easy solution is, as megamind wrote, to turn off real-time protection, but I (and probably Lavasoft) is interested in why you get this problem.
Are you using another antivirus program than Ad-Aware?
Which Windows version do you have, including 32 or 64 bits?
Which web browser are you using?
How are you downloading an image?0 -
sorry must be a bit dim - on real time protection settings - do I need to completely switch off real time or do I need to untick one of it's settings ?
CeciliaB
no other anti virus that I know of.
windows vista home premium 32 bit
firefox but also have IE installed
when I see an image I want I right click and save - it's when the download box pops up that it seems to be getting itself confused with downoading and checking for viruses - it's only the checking for viruses that I want to switch off - I have tried downloading images both in firefox and IE and happens in both.0 -
Is it possible to take a screen shot when the download box pops up or is it impossible since the computer freezes?
Does Ctrl+Alt+Del work when the computer freezes? Is it possible to end/finish the browser on the process tab?
Can you provide us with a link to a web page with one of these images?
Does it happen if you start the browser without its add-ons (Start menu - All programs - Accessories - System Tools - Internet Explorer (no add-ons)?0 -
Hi Cecilia
Comp completely freezes so can't do a screen dump and ctrl+alt+del dosen't work either only option is to hold finger on off switch /sad.png' class='bbc_emoticon' alt=':(' />
will check out without add on's bit a little later as just running a scan at the moment as it seems I also have a virus which could be the cause of this. Ad-aware keeps saying it's found trojan.win32.fakealert.cn - I have deleted them out of quarantine but it seems it keeps finding them and also random opening of new tabs on firefox and when I click to visit a site it takes me somewhere else. Grrrrrr.0 -
Hi welshden,
Please, to get help with cleaning your computer follow the instructions in the topic [url=http://www.lavasoftsupport.com/index.php?showtopic=30823]Read This Before You Post![/url] and I will move your topic to the forum [url=http://www.lavasoftsupport.com/index.php?showforum=36]Help with Stubborn Infections[/url].0 -
Thanks Cecilia - will go follow the instructions - just to let you know the downloading an image worked fine with ad on's removed but the random opening of a page still happend.
Will update again when I have done a clean.0 -
Hi Cecilia
Here is my DDS log - do you need the other log pasting into here or do you need me to attach it?
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_25
Run by Denise at 11:43:47 on 2012-04-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1652 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe0 -
Hi welshden,
That was only a part of DDS.txt, please try again. If you know how to attach a file, please attach Attach.txt, otherwise you can paste that file too.0 -
[quote name='welshden' timestamp='1333966195' post='134394']
I have deleted them out of quarantine but it seems it keeps finding them and also random opening of new tabs on firefox and when I click to visit a site it takes me somewhere else. Grrrrrr.
[/quote]
full scan your computer with ad-aware 100 -
Hi Cecilia
Sorry have no idea how i manage to do that! anyhow here is the log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_25
Run by Denise at 16:12:39 on 2012-04-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1255 [GMT 1:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
E:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - e:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\engine\SBRC.exe"
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
StartupFolder: c:\users\denise\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Append to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: 3slive.com
Trusted Zone: 3slive.com\www.logical
Trusted Zone: reflexive.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4026C108-D1AD-49DB-B261-C92CEEAB8CF0} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: primkhi - c:\windows\system32\config\systemprofile\appdata\local\primkhi.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\denise\appdata\roaming\mozilla\firefox\profiles\11wuhkp9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\users\denise\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\denise\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-19 218688]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_34302.sys [2012-3-11 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-6 221784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-6 78936]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-10 1153368]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-8-17 518472]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-11-3 2358656]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-10-25 6016]
R2 X4HSEx;X4HSEx;c:\program files\free ride games\X4HSEx.sys [2011-5-14 56352]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-6 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-6 94040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-23 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-9 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-7-19 21520]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-6 69208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-09 07:40:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-09 07:23:37 208896 ----a-w- c:\windows\MBR.exe
2012-04-09 07:22:53 -------- d-s---w- C:\ComboFix
2012-04-06 10:21:47 -------- d-----w- c:\users\denise\appdata\local\adaware
2012-04-06 10:21:02 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-06 10:20:59 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-06 10:19:56 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-06 10:19:56 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-06 10:19:52 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-06 10:17:51 -------- d-----w- c:\users\denise\appdata\local\adawarebp
2012-04-06 10:17:49 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-06 10:17:47 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-06 10:17:38 -------- d-----w- c:\program files\adawaretb
2012-04-06 10:07:51 -------- d-----w- c:\users\denise\appdata\roaming\Ad-Aware Antivirus
2012-04-06 07:47:31 -------- d-----w- c:\users\denise\appdata\roaming\f-secure
2012-04-06 07:46:28 -------- d-----w- c:\programdata\F-Secure
2012-04-06 06:36:43 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-22 07:53:30 -------- d-----w- c:\programdata\F4D55F3E0003FDDA0349FB90EEC1FB6E
2012-03-22 05:57:18 -------- d-----w- c:\programdata\F4D55F3E000435DB0349FB90EEC1FB6E
2012-03-21 20:29:59 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-20 07:14:54 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5b05430f-7d7a-4ead-960a-f12f1c9366ea}\mpengine.dll
2012-03-18 06:59:38 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 06:59:38 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-16 21:40:17 -------- d-----w- c:\program files\iPod
2012-03-16 21:40:13 -------- d-----w- c:\program files\iTunes
2012-03-11 12:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-04-06 06:50:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 16:13:51.23 ===============
can't quite see how to attach a file sorry - so here is the attach /smile.png' class='bbc_emoticon' alt=':)' />
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 25/08/2008 17:01:56
System Uptime: 09/04/2012 14:25:18 (2 hours ago)
.
Motherboard: TOSHIBA | | Satellite P300
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 118 GiB total, 19.666 GiB free.
E: is FIXED (NTFS) - 114 GiB total, 105.641 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_BEEP\XX_USNJSVC_XX
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_BEEP\XX_USNJSVC_XX
Service: usnjsvc
.
==== System Restore Points ===================
.
RP1392: 06/04/2012 04:57:24 - Scheduled Checkpoint
RP1394: 06/04/2012 07:38:48 - Installed Rapport
RP1395: 06/04/2012 11:20:00 - Device Driver Package Install: Sunbelt Software, Inc. Network Service
RP1396: 07/04/2012 19:11:11 - Scheduled Checkpoint
RP1397: 08/04/2012 10:07:43 - Scheduled Checkpoint
RP1398: 09/04/2012 03:51:38 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
BBC iPlayer Desktop
BBC iPlayer Download Manager
Big Fish Games: Game Manager
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Cradle Of Rome
Cradle of Rome 2
DAEMON Tools Lite
DHTML Editing Component
DivX Setup
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
Facebook Plug-In
Facebook Video Calling 1.2.0.159
FileZilla Client 3.5.1
Free Ride Games Player
Google Earth
Google Update Helper
HandBrake 0.9.5
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel® Matrix Storage Manager
##nospam Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KaraFun 1.18
Karaoke Song List Creator Professional KJ Edition
KODAK Gallery Upload Software
LimeWire 4.13.2
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
Marvell Miniport Driver
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 en-GB)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
PDF Settings
Peggle Deluxe
Primo
QuickTime
Rapport
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Signal
Skins
Sky Anytime
Spelling Dictionaries Support For Adobe Reader 8
Splashtop Streamer
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TeamViewer 6
TextTwist 2
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Immersion D'Fusion @Home Web Plug-In
TRDCReminder
TRORDCLauncher
Turbo Lister 2
UltraVNC v1.0.2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.5
VNC 4.0
WavePad Sound Editor
Windows Driver Package - Chicony (usbvideo) Image (03/10/2009 6.3.251.0310)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
WinRAR archiver
WinZip 14.0
Wisdom-soft ScreenHunter 5.0 Free
Xvid 1.1.3 final uninstall
ZTE_1.2059.0.8
.
==== End Of File ===========================0 -
LimeWire 4.13.2
Note, that file sharing programs are a major source of infections. I recommend that you uninstall it.
Please, uninstall the following programs since they are old with many vulnerabilities, which makes it easy to infect the computer from a web page:
Java™ 6 Update 25
Java™ 6 Update 3
Java™ 6 Update 7
Do you have any program from Symantec installed?
I found these programs:
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
They might be left-overs after an uninstallation of Norton/Symantec antivirus program, if you don't have any other Symantec program installed.
Upload this file to http://www.virustotal.com/ using the "Choose file" function (select reanalyze if asked) and post back the link to the scan report:
c:\windows\system32\config\systemprofile\appdata\local\primkhi.dll
Can you see what file that Ad-Aware finds during a scan, for example by double-clicking the threat on quarantine tab?
0 -
trojan.win32.generic!BT
trojan.win32.fakealert.cn
If you double-click on that information, I think you will get a pop-up that contains folder and file name of the threats.
Did MBAM find anything?
I see that you already have run ComboFix. You are not supposed to do that without guidance since ComboFix might destroy Windows if handled in the wrong way. Please, post C:\ComboFix.txt.0 -
Hi Cecilia - thanks for your help so far:
Limewire uninstalled haven't used it in years
Java updates uninstalled
Yes I had norton on a while ago and removed it these must have been left over - have uninstalled.
Upload results:
https://www.virustotal.com/file/f3c563da984d570ce21f09f9bb7bacd210c1cc7207137d8102bc2205a80ccc3e/analysis/1333991746/
There are two files mainly
trojan.win32.generic!BT
trojan.win32.fakealert.cn0 -
Hi Cecilia.
trojan.win32.generic!BT - C:\Windows\System32\Cam5603D.dll
trojan.win32.fakelaert.cn - C:\programdata\~7BUgnrIVzfM87i
MBAM? - is that mallaware Bytes if it is no nothing.
combo fix was recommended by a friend I dowloaded and ran it but comp crashed so didn't see anything from it - can't see a file called C:\combofix.txt ?0 -
Hi welshden,
1.
Please, save RougueKiller on the Desktop.
http://www.sur-la-toile.com/RogueKiller/
Turn off all running programs.
Start RougueKiller. If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.
Wait until "Prescan" has finished.
Click on "Scan" button in upper right corner.
Wait until the scan has finished.
A report with a name similar to RKreport.txt should have been created on the desktop.
Please, post it in your answer.
2.
Save OTL on the Desktop. [url=http://oldtimer.geekstogo.com/OTL.exe]http://oldtimer.geekstogo.com/OTL.exe[/url]
Close all programs.
Double-click OTL to run it.
In the box [b]Custom scan's and fixes[/b] paste the contents of this box:
[code]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
[/code]
Click on [b]Quick Scan[/b] and do not use the computer while the program runs.
When the program finishes two log files are created on the Desktop, OTL.txt och Extras.txt. Paste the contents of the log OTL.txt into your answer but attach Extras.txt (if you don't see how to attach files click the button "More Options" ).0 -
HI Cecilia
Just to make you aware I will be out at work all day so will not be able to catch up until later today.
Thanks for all your help so far /smile.png' class='bbc_emoticon' alt=':)' />0 -
Hi Cecilia
Just to let you know I have not been home all evening due to a bit of a family emergency it will be tommorrow now before I am able to do the above - will update as soon as I can0 -
Hi welshden,
You are welcome /smile.png' class='bbc_emoticon' alt=':)' />
1.
Save TDSSKiller on the Desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Turn off all programs.
Run the program TDSSKiller.
Click on [b]Start Scan[/b].
If any threats are found select [b]Cure [/b]and click [b]Continue[/b]. If [b]Cure [/b]isn't available select [b]Skip. [/b]Do NOT select Quarantine or Delete.
The computer might need a restart.
Paste the content of the TDSSKiller log which is located in the folder C:\ with the name TDSSKiller followed by version and time.
2.
Please, download aswMBR to your desktop. http://public.avast.com/~gmerek/aswMBR.exe
Double click it to start the program.
Allow it to download extra definitions.
Click the [b]Scan[/b] button to start the scan.
When the scan has finished click the [b]Save log[/b] button and save it to your desktop.
Post the log.0 -
I'm sorry to hear that. Kind of you to inform me /smile.png' class='bbc_emoticon' alt=':)' /> 0 -
Hi Cecilia
The TDS Killer didn't have a skip button so pressed continue and it popped up saying cleaning - sorry I don't know if it makes a difference.
Not sure where to find the verison and time from?
0:20:58.0916 8156 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:20:59.0181 8156 ============================================================
20:20:59.0181 8156 Current date / time: 2012/04/11 20:20:59.0181
20:20:59.0181 8156 SystemInfo:
20:20:59.0181 8156
20:20:59.0181 8156 OS Version: 6.0.6001 ServicePack: 1.0
20:20:59.0181 8156 Product type: Workstation
20:20:59.0181 8156 ComputerName: DENISELAPTOP
20:20:59.0181 8156 UserName: Denise
20:20:59.0181 8156 Windows directory: C:\Windows
20:20:59.0181 8156 System windows directory: C:\Windows
20:20:59.0181 8156 Processor architecture: Intel x86
20:20:59.0181 8156 Number of processors: 2
20:20:59.0181 8156 Page size: 0x1000
20:20:59.0181 8156 Boot type: Normal boot
20:20:59.0181 8156 ============================================================
20:21:00.0351 8156 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:21:00.0351 8156 \Device\Harddisk0\DR0:
20:21:00.0366 8156 MBR used
20:21:00.0366 8156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xEB14000
20:21:00.0366 8156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEE02800, BlocksNum 0xE3C3000
20:21:00.0476 8156 Initialize success
20:21:00.0476 8156 ============================================================
20:21:03.0128 6348 ============================================================
20:21:03.0128 6348 Scan started
20:21:03.0128 6348 Mode: Manual;
20:21:03.0128 6348 ============================================================
20:21:08.0244 6348 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
20:21:08.0276 6348 ACPI - ok
20:21:08.0510 6348 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
20:21:08.0510 6348 Ad-Aware Service - ok
20:21:08.0666 6348 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
20:21:08.0666 6348 Adobe Version Cue CS3 - ok
20:21:08.0822 6348 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:21:08.0822 6348 AdobeFlashPlayerUpdateSvc - ok
20:21:08.0962 6348 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:21:08.0993 6348 adp94xx - ok
20:21:09.0134 6348 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:21:09.0165 6348 adpahci - ok
20:21:09.0274 6348 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:21:09.0305 6348 adpu160m - ok
20:21:09.0368 6348 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:21:09.0399 6348 adpu320 - ok
20:21:09.0477 6348 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:21:09.0508 6348 AeLookupSvc - ok
20:21:09.0633 6348 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
20:21:09.0664 6348 AFD - ok
20:21:09.0789 6348 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:21:09.0820 6348 agp440 - ok
20:21:09.0976 6348 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:21:10.0007 6348 aic78xx - ok
20:21:10.0179 6348 alcaudsl - ok
20:21:10.0257 6348 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:21:10.0272 6348 ALG - ok
20:21:10.0350 6348 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:21:10.0350 6348 aliide - ok
20:21:10.0444 6348 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:21:10.0475 6348 amdagp - ok
20:21:10.0522 6348 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:21:10.0538 6348 amdide - ok
20:21:10.0584 6348 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:21:10.0600 6348 AmdK7 - ok
20:21:10.0725 6348 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:21:10.0740 6348 AmdK8 - ok
20:21:10.0818 6348 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:21:10.0850 6348 Appinfo - ok
20:21:10.0943 6348 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:21:10.0943 6348 Apple Mobile Device - ok
20:21:11.0099 6348 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:21:11.0115 6348 arc - ok
20:21:11.0193 6348 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:21:11.0224 6348 arcsas - ok
20:21:11.0318 6348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:11.0364 6348 AsyncMac - ok
20:21:11.0427 6348 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
20:21:11.0442 6348 atapi - ok
20:21:11.0567 6348 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
20:21:11.0614 6348 athr - ok
20:21:11.0723 6348 Ati External Event Utility (26757a5a06c37ef44be544eb7e98d9d3) C:\Windows\system32\Ati2evxx.exe
20:21:11.0739 6348 Ati External Event Utility - ok
20:21:11.0988 6348 atikmdag (d5ab32f003780f21325f1c1df613f867) C:\Windows\system32\DRIVERS\atikmdag.sys
20:21:12.0534 6348 atikmdag - ok
20:21:12.0737 6348 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
20:21:12.0768 6348 AudioEndpointBuilder - ok
20:21:12.0800 6348 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
20:21:12.0800 6348 Audiosrv - ok
20:21:12.0940 6348 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:21:12.0971 6348 Beep - ok
20:21:13.0096 6348 besclient (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\TPPWRIF.dll
20:21:13.0221 6348 Suspicious file (NoAccess): C:\Windows\system32\TPPWRIF.dll. md5: 11028c6a84a967070cb1286550f2058f
20:21:13.0221 6348 besclient ( Backdoor.Multi.ZAccess.gen ) - infected
20:21:13.0221 6348 besclient - detected Backdoor.Multi.ZAccess.gen (0)
20:21:13.0564 6348 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
20:21:13.0611 6348 BITS - ok
20:21:13.0736 6348 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:21:13.0767 6348 blbdrive - ok
20:21:13.0970 6348 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:21:13.0970 6348 Bonjour Service - ok
20:21:14.0157 6348 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
20:21:14.0157 6348 bowser - ok
20:21:14.0313 6348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:21:14.0344 6348 BrFiltLo - ok
20:21:14.0375 6348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:21:14.0391 6348 BrFiltUp - ok
20:21:14.0469 6348 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:21:14.0484 6348 Browser - ok
20:21:14.0656 6348 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:21:14.0781 6348 Brserid - ok
20:21:15.0046 6348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:21:15.0077 6348 BrSerWdm - ok
20:21:15.0280 6348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:21:15.0342 6348 BrUsbMdm - ok
20:21:15.0405 6348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:21:15.0452 6348 BrUsbSer - ok
20:21:15.0732 6348 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:21:15.0764 6348 BTHMODEM - ok
20:21:15.0935 6348 Bulk - ok
20:21:16.0169 6348 catchme - ok
20:21:16.0278 6348 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:16.0310 6348 cdfs - ok
20:21:16.0388 6348 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
20:21:16.0434 6348 cdrom - ok
20:21:16.0512 6348 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
20:21:16.0544 6348 CertPropSvc - ok
20:21:16.0637 6348 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:21:16.0653 6348 circlass - ok
20:21:16.0731 6348 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
20:21:16.0762 6348 CLFS - ok
20:21:16.0871 6348 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:21:16.0918 6348 clr_optimization_v2.0.50727_32 - ok
20:21:17.0074 6348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:21:17.0105 6348 clr_optimization_v4.0.30319_32 - ok
20:21:17.0246 6348 CLTNetCnService - ok
20:21:17.0448 6348 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:17.0464 6348 CmBatt - ok
20:21:17.0589 6348 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:21:17.0620 6348 cmdide - ok
20:21:17.0698 6348 CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
20:21:18.0057 6348 CnxtHdAudAddService - ok
20:21:18.0150 6348 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:18.0182 6348 Compbatt - ok
20:21:18.0213 6348 COMSysApp - ok
20:21:18.0322 6348 ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:21:18.0322 6348 ConfigFree Service - ok
20:21:18.0416 6348 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:21:18.0447 6348 crcdisk - ok
20:21:18.0509 6348 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:21:18.0509 6348 Crusoe - ok
20:21:18.0587 6348 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
20:21:18.0587 6348 CryptSvc - ok
20:21:18.0681 6348 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
20:21:18.0696 6348 DcomLaunch - ok
20:21:18.0806 6348 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
20:21:18.0837 6348 DfsC - ok
20:21:18.0977 6348 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
20:21:19.0024 6348 DFSR - ok
20:21:19.0133 6348 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
20:21:19.0133 6348 Dhcp - ok
20:21:19.0227 6348 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
20:21:19.0242 6348 disk - ok
20:21:19.0352 6348 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
20:21:19.0383 6348 Dnscache - ok
20:21:19.0476 6348 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
20:21:19.0523 6348 dot3svc - ok
20:21:19.0726 6348 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:21:19.0726 6348 DPS - ok
20:21:19.0851 6348 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:21:19.0851 6348 drmkaud - ok
20:21:19.0976 6348 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:21:19.0991 6348 dtsoftbus01 - ok
20:21:20.0069 6348 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
20:21:20.0116 6348 DXGKrnl - ok
20:21:20.0225 6348 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:21:20.0241 6348 E1G60 - ok
20:21:20.0319 6348 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:21:20.0334 6348 EapHost - ok
20:21:20.0506 6348 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
20:21:20.0537 6348 Ecache - ok
20:21:20.0631 6348 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:21:20.0662 6348 ehRecvr - ok
20:21:20.0693 6348 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:21:20.0724 6348 ehSched - ok
20:21:20.0756 6348 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:21:20.0756 6348 ehstart - ok
20:21:20.0943 6348 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:21:20.0958 6348 elxstor - ok
20:21:21.0068 6348 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
20:21:21.0083 6348 EMDMgmt - ok
20:21:21.0224 6348 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:21:21.0224 6348 ErrDev - ok
20:21:21.0348 6348 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
20:21:21.0348 6348 EventSystem - ok
20:21:21.0458 6348 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
20:21:21.0504 6348 exfat - ok
20:21:21.0629 6348 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
20:21:21.0660 6348 fastfat - ok
20:21:21.0801 6348 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:21:21.0848 6348 fdc - ok
20:21:22.0035 6348 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:21:22.0050 6348 fdPHost - ok
20:21:22.0206 6348 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:21:22.0238 6348 FDResPub - ok
20:21:22.0347 6348 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:21:22.0362 6348 FileInfo - ok
20:21:22.0425 6348 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:21:22.0456 6348 Filetrace - ok
20:21:22.0581 6348 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:21:22.0581 6348 FLEXnet Licensing Service - ok
20:21:22.0706 6348 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:21:22.0721 6348 flpydisk - ok
20:21:22.0799 6348 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
20:21:22.0830 6348 FltMgr - ok
20:21:22.0908 6348 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:21:22.0908 6348 FontCache3.0.0.0 - ok
20:21:22.0986 6348 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:21:23.0018 6348 Fs_Rec - ok
20:21:23.0080 6348 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:21:23.0080 6348 gagp30kx - ok
20:21:23.0220 6348 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:21:23.0252 6348 GEARAspiWDM - ok
20:21:23.0330 6348 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
20:21:23.0376 6348 gpsvc - ok
20:21:23.0486 6348 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:21:23.0501 6348 gupdate - ok
20:21:23.0532 6348 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:21:23.0532 6348 gupdatem - ok
20:21:23.0657 6348 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:21:23.0688 6348 HdAudAddService - ok
20:21:23.0798 6348 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:21:23.0844 6348 HDAudBus - ok
20:21:23.0907 6348 HDJMidi - ok
20:21:23.0954 6348 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:21:23.0969 6348 HidBth - ok
20:21:24.0047 6348 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:21:24.0078 6348 HidIr - ok
20:21:24.0172 6348 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
20:21:24.0203 6348 hidserv - ok
20:21:24.0375 6348 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:21:24.0390 6348 HidUsb - ok
20:21:24.0531 6348 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:21:24.0531 6348 hkmsvc - ok
20:21:24.0593 6348 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:21:24.0609 6348 HpCISSs - ok
20:21:24.0749 6348 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:21:24.0780 6348 HSF_DPV - ok
20:21:24.0890 6348 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:21:24.0921 6348 HSXHWAZL - ok
20:21:25.0046 6348 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
20:21:25.0077 6348 HTTP - ok
20:21:25.0202 6348 hwdatacard - ok
20:21:25.0342 6348 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:21:25.0373 6348 i2omp - ok
20:21:25.0451 6348 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:21:25.0482 6348 i8042prt - ok
20:21:25.0607 6348 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
20:21:25.0623 6348 iaStor - ok
20:21:25.0732 6348 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:21:25.0763 6348 iaStorV - ok
20:21:25.0872 6348 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:21:25.0904 6348 IDriverT - ok
20:21:26.0028 6348 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:21:26.0075 6348 idsvc - ok
20:21:26.0169 6348 igfx - ok
20:21:26.0231 6348 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:21:26.0247 6348 iirsp - ok
20:21:26.0325 6348 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
20:21:26.0340 6348 IKEEXT - ok
20:21:26.0465 6348 IntcHdmiAddService - ok
20:21:26.0574 6348 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:21:26.0606 6348 intelide - ok
20:21:26.0808 6348 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:21:26.0840 6348 intelppm - ok
20:21:26.0933 6348 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:21:26.0964 6348 IPBusEnum - ok
20:21:27.0058 6348 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:21:27.0089 6348 IpFilterDriver - ok
20:21:27.0198 6348 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
20:21:27.0245 6348 iphlpsvc - ok
20:21:27.0292 6348 IpInIp - ok
20:21:27.0386 6348 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:21:27.0432 6348 IPMIDRV - ok
20:21:27.0479 6348 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:21:27.0510 6348 IPNAT - ok
20:21:27.0635 6348 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
20:21:27.0635 6348 iPod Service - ok
20:21:27.0744 6348 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:21:27.0791 6348 IRENUM - ok
20:21:27.0869 6348 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:21:27.0900 6348 isapnp - ok
20:21:27.0994 6348 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
20:21:28.0041 6348 iScsiPrt - ok
20:21:28.0103 6348 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:21:28.0134 6348 iteatapi - ok
20:21:28.0244 6348 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:21:28.0259 6348 iteraid - ok
20:21:28.0353 6348 iviregmgr - ok
20:21:28.0415 6348 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:21:28.0431 6348 kbdclass - ok
20:21:28.0462 6348 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:21:28.0493 6348 kbdhid - ok
20:21:28.0587 6348 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:28.0587 6348 KeyIso - ok
20:21:28.0665 6348 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
20:21:28.0696 6348 KSecDD - ok
20:21:28.0977 6348 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
20:21:29.0008 6348 KService - ok
20:21:29.0226 6348 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:21:29.0289 6348 KtmRm - ok
20:21:29.0367 6348 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
20:21:29.0429 6348 LanmanServer - ok
20:21:29.0523 6348 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
20:21:29.0538 6348 LanmanWorkstation - ok
20:21:29.0648 6348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:21:29.0663 6348 lltdio - ok
20:21:29.0710 6348 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:21:29.0726 6348 lltdsvc - ok
20:21:29.0804 6348 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:21:29.0850 6348 lmhosts - ok
20:21:29.0928 6348 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:21:29.0944 6348 LSI_FC - ok
20:21:30.0069 6348 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:21:30.0084 6348 LSI_SAS - ok
20:21:30.0162 6348 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:21:30.0162 6348 LSI_SCSI - ok
20:21:30.0303 6348 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:21:30.0350 6348 luafv - ok
20:21:30.0412 6348 MagicTune - ok
20:21:30.0443 6348 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
20:21:30.0662 6348 massfilter - ok
20:21:30.0740 6348 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
20:21:31.0161 6348 MBAMSwissArmy - ok
20:21:31.0254 6348 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:21:31.0286 6348 McComponentHostService - ok
20:21:31.0426 6348 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:21:31.0457 6348 Mcx2Svc - ok
20:21:31.0566 6348 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:21:31.0582 6348 mdmxsdk - ok
20:21:31.0676 6348 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:21:31.0691 6348 megasas - ok
20:21:31.0785 6348 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:21:31.0800 6348 MegaSR - ok
20:21:31.0925 6348 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:21:31.0941 6348 Microsoft Office Groove Audit Service - ok
20:21:32.0050 6348 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:21:32.0066 6348 MMCSS - ok
20:21:32.0159 6348 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:21:32.0190 6348 Modem - ok
20:21:32.0300 6348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:21:32.0315 6348 monitor - ok
20:21:32.0362 6348 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:21:32.0393 6348 mouclass - ok
20:21:32.0409 6348 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:21:32.0440 6348 mouhid - ok
20:21:32.0534 6348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:21:32.0565 6348 MountMgr - ok
20:21:32.0627 6348 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:21:32.0674 6348 mpio - ok
20:21:32.0768 6348 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:21:32.0799 6348 mpsdrv - ok
20:21:32.0877 6348 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:21:32.0877 6348 Mraid35x - ok
20:21:32.0986 6348 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
20:21:33.0002 6348 MRxDAV - ok
20:21:33.0080 6348 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:21:33.0080 6348 mrxsmb - ok
20:21:33.0189 6348 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:21:33.0220 6348 mrxsmb10 - ok
20:21:33.0298 6348 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:21:33.0314 6348 mrxsmb20 - ok
20:21:33.0438 6348 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:21:33.0470 6348 msahci - ok
20:21:33.0532 6348 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:21:33.0532 6348 msdsm - ok
20:21:33.0688 6348 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:21:33.0719 6348 MSDTC - ok
20:21:33.0875 6348 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:21:33.0906 6348 Msfs - ok
20:21:34.0031 6348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:21:34.0062 6348 msisadrv - ok
20:21:34.0125 6348 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:21:34.0172 6348 MSiSCSI - ok
20:21:34.0218 6348 msiserver - ok
20:21:34.0296 6348 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:21:34.0312 6348 MSKSSRV - ok
20:21:34.0406 6348 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:21:34.0421 6348 MSPCLOCK - ok
20:21:34.0499 6348 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:21:34.0530 6348 MSPQM - ok
20:21:34.0593 6348 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
20:21:34.0624 6348 MsRPC - ok
20:21:34.0718 6348 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:21:34.0749 6348 mssmbios - ok
20:21:34.0842 6348 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:21:34.0858 6348 MSTEE - ok
20:21:34.0952 6348 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
20:21:34.0967 6348 Mup - ok
20:21:35.0076 6348 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
20:21:35.0076 6348 napagent - ok
20:21:35.0248 6348 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
20:21:35.0279 6348 NativeWifiP - ok
20:21:35.0373 6348 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
20:21:35.0388 6348 NDIS - ok
20:21:35.0482 6348 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:21:35.0513 6348 NdisTapi - ok
20:21:35.0560 6348 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:21:35.0591 6348 Ndisuio - ok
20:21:35.0638 6348 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
20:21:35.0654 6348 NdisWan - ok
20:21:35.0747 6348 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:21:35.0747 6348 NDProxy - ok
20:21:35.0841 6348 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:21:35.0856 6348 NetBIOS - ok
20:21:35.0981 6348 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
20:21:36.0012 6348 netbt - ok
20:21:36.0137 6348 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:36.0137 6348 Netlogon - ok
20:21:36.0278 6348 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:21:36.0309 6348 Netman - ok
20:21:36.0402 6348 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:21:36.0418 6348 netprofm - ok
20:21:36.0512 6348 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:21:36.0543 6348 NetTcpPortSharing - ok
20:21:36.0730 6348 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:21:36.0855 6348 NETw3v32 - ok
20:21:37.0026 6348 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:21:37.0151 6348 NETw4v32 - ok
20:21:37.0276 6348 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:21:37.0292 6348 nfrd960 - ok
20:21:37.0354 6348 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:21:37.0354 6348 NlaSvc - ok
20:21:37.0448 6348 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
20:21:37.0463 6348 Npfs - ok
20:21:37.0510 6348 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:21:37.0526 6348 nsi - ok
20:21:37.0619 6348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:21:37.0650 6348 nsiproxy - ok
20:21:37.0744 6348 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
20:21:37.0791 6348 Ntfs - ok
20:21:37.0884 6348 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:21:37.0916 6348 ntrigdigi - ok
20:21:37.0962 6348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:21:37.0978 6348 Null - ok
20:21:38.0025 6348 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:21:38.0040 6348 nvraid - ok
20:21:38.0134 6348 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:21:38.0150 6348 nvstor - ok
20:21:38.0212 6348 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:21:38.0228 6348 nv_agp - ok
20:21:38.0243 6348 NwlnkFlt - ok
20:21:38.0259 6348 NwlnkFwd - ok
20:21:38.0384 6348 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
20:21:38.0384 6348 o2flash - ok
20:21:38.0540 6348 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
20:21:38.0555 6348 O2MDRDR - ok
20:21:38.0711 6348 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:21:38.0727 6348 odserv - ok
20:21:38.0836 6348 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:21:38.0867 6348 ohci1394 - ok
20:21:38.0961 6348 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:21:38.0992 6348 ose - ok
20:21:39.0117 6348 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:39.0164 6348 p2pimsvc - ok
20:21:39.0179 6348 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:39.0195 6348 p2psvc - ok
20:21:39.0304 6348 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:21:39.0320 6348 Parport - ok
20:21:39.0398 6348 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
20:21:39.0413 6348 partmgr - ok
20:21:39.0444 6348 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:21:39.0460 6348 Parvdm - ok
20:21:39.0507 6348 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:21:39.0538 6348 PcaSvc - ok
20:21:39.0647 6348 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
20:21:39.0663 6348 pci - ok
20:21:39.0725 6348 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
20:21:39.0725 6348 pciide - ok
20:21:39.0756 6348 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:21:39.0803 6348 pcmcia - ok
20:21:39.0928 6348 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:21:39.0959 6348 PEAUTH - ok
20:21:40.0100 6348 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:21:40.0146 6348 pla - ok
20:21:40.0287 6348 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
20:21:40.0349 6348 PlugPlay - ok
20:21:40.0427 6348 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:40.0427 6348 PNRPAutoReg - ok
20:21:40.0458 6348 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
20:21:40.0458 6348 PNRPsvc - ok
20:21:40.0583 6348 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
20:21:40.0646 6348 PolicyAgent - ok
20:21:40.0802 6348 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:21:40.0817 6348 PptpMiniport - ok
20:21:40.0864 6348 prevxdriver - ok
20:21:40.0895 6348 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:21:40.0911 6348 Processor - ok
20:21:41.0004 6348 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
20:21:41.0051 6348 ProfSvc - ok
20:21:41.0129 6348 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:41.0129 6348 ProtectedStorage - ok
20:21:41.0207 6348 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
20:21:41.0207 6348 PSched - ok
20:21:41.0270 6348 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
20:21:41.0285 6348 PxHelp20 - ok
20:21:41.0379 6348 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
20:21:41.0394 6348 QIOMem - ok
20:21:41.0535 6348 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:21:41.0566 6348 ql2300 - ok
20:21:41.0660 6348 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:21:41.0660 6348 ql40xx - ok
20:21:41.0706 6348 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:21:41.0722 6348 QWAVE - ok
20:21:41.0831 6348 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:21:41.0847 6348 QWAVEdrv - ok
20:21:42.0096 6348 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
20:21:42.0112 6348 RapportCerberus_34302 - ok
20:21:42.0237 6348 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:21:42.0252 6348 RapportEI - ok
20:21:42.0486 6348 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
20:21:42.0502 6348 RapportIaso - ok
20:21:42.0642 6348 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
20:21:42.0658 6348 RapportKELL - ok
20:21:43.0017 6348 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
20:21:43.0032 6348 RapportMgmtService - ok
20:21:43.0188 6348 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:21:43.0204 6348 RapportPG - ok
20:21:43.0360 6348 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:21:43.0391 6348 RasAcd - ok
20:21:43.0454 6348 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:21:43.0469 6348 RasAuto - ok
20:21:43.0594 6348 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:21:43.0610 6348 Rasl2tp - ok
20:21:43.0672 6348 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
20:21:43.0703 6348 RasMan - ok
20:21:43.0812 6348 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
20:21:43.0828 6348 RasPppoe - ok
20:21:43.0875 6348 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
20:21:43.0890 6348 RasSstp - ok
20:21:43.0922 6348 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
20:21:43.0937 6348 rdbss - ok
20:21:43.0984 6348 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:21:44.0046 6348 RDPCDD - ok
20:21:44.0124 6348 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:21:44.0171 6348 rdpdr - ok
20:21:44.0280 6348 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:21:44.0280 6348 RDPENCDD - ok
20:21:44.0343 6348 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
20:21:44.0358 6348 RDPWD - ok
20:21:44.0405 6348 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:21:44.0421 6348 RemoteAccess - ok
20:21:44.0514 6348 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
20:21:44.0530 6348 RemoteRegistry - ok
20:21:44.0577 6348 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:21:44.0608 6348 RpcLocator - ok
20:21:44.0702 6348 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
20:21:44.0717 6348 RpcSs - ok
20:21:44.0780 6348 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:21:44.0780 6348 rspndr - ok
20:21:44.0920 6348 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
20:21:44.0920 6348 s115bus - ok
20:21:44.0998 6348 s616mdm - ok
20:21:45.0045 6348 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
20:21:45.0045 6348 SamSs - ok
20:21:45.0684 6348 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
20:21:45.0700 6348 SBAMSvc - ok
20:21:45.0872 6348 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
20:21:45.0887 6348 sbapifs - ok
20:21:46.0043 6348 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
20:21:46.0090 6348 SbFw - ok
20:21:46.0168 6348 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
20:21:46.0184 6348 SBFWIMCL - ok
20:21:46.0293 6348 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
20:21:46.0293 6348 SBFWIMCLMP - ok
20:21:46.0371 6348 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
20:21:46.0402 6348 sbhips - ok
20:21:46.0511 6348 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:21:46.0511 6348 sbp2port - ok
20:21:46.0605 6348 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
20:21:46.0652 6348 SBRE - ok
20:21:46.0761 6348 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:21:46.0776 6348 SBSDWSCService - ok
20:21:46.0917 6348 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
20:21:46.0932 6348 SbTis - ok
20:21:47.0042 6348 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
20:21:47.0073 6348 SCardSvr - ok
20:21:47.0151 6348 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
20:21:47.0151 6348 Schedule - ok
20:21:47.0276 6348 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
20:21:47.0276 6348 SCPolicySvc - ok
20:21:47.0338 6348 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:21:47.0354 6348 sdbus - ok
20:21:47.0369 6348 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:21:47.0400 6348 SDRSVC - ok
20:21:47.0510 6348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:21:47.0541 6348 secdrv - ok
20:21:47.0619 6348 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:21:47.0634 6348 seclogon - ok
20:21:47.0712 6348 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:21:47.0744 6348 SENS - ok
20:21:47.0837 6348 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:21:47.0868 6348 Serenum - ok
20:21:48.0040 6348 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:21:48.0087 6348 Serial - ok
20:21:48.0258 6348 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:21:48.0290 6348 sermouse - ok
20:21:48.0368 6348 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:21:48.0383 6348 SessionEnv - ok
20:21:48.0430 6348 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:21:48.0446 6348 sffdisk - ok
20:21:48.0555 6348 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:21:48.0586 6348 sffp_mmc - ok
20:21:48.0648 6348 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:21:48.0664 6348 sffp_sd - ok
20:21:48.0742 6348 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:21:48.0773 6348 sfloppy - ok
20:21:48.0836 6348 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:21:48.0851 6348 SharedAccess - ok
20:21:48.0914 6348 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
20:21:48.0945 6348 ShellHWDetection - ok
20:21:49.0023 6348 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:21:49.0054 6348 sisagp - ok
20:21:49.0179 6348 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:21:49.0179 6348 SiSRaid2 - ok
20:21:49.0241 6348 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:21:49.0257 6348 SiSRaid4 - ok
20:21:49.0366 6348 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
20:21:49.0382 6348 slsvc - ok
20:21:49.0491 6348 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
20:21:49.0538 6348 SLUINotify - ok
20:21:49.0600 6348 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
20:21:49.0631 6348 Smb - ok
20:21:49.0787 6348 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:21:49.0787 6348 SNMPTRAP - ok
20:21:49.0896 6348 SplashtopRemoteService (45e73e4bf21407c9297b7d625392c327) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
20:21:49.0896 6348 SplashtopRemoteService - ok
20:21:50.0021 6348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:21:50.0021 6348 spldr - ok
20:21:50.0146 6348 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
20:21:50.0146 6348 Spooler - ok
20:21:50.0240 6348 sptisrv - ok
20:21:50.0349 6348 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
20:21:50.0380 6348 srv - ok
20:21:50.0489 6348 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
20:21:50.0505 6348 srv2 - ok
20:21:50.0583 6348 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:50.0598 6348 srvnet - ok
20:21:50.0645 6348 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:21:50.0661 6348 SSDPSRV - ok
20:21:50.0754 6348 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:21:50.0786 6348 SstpSvc - ok
20:21:50.0879 6348 SSUService (16467d878ddd9d10f0e42cb81e0cf391) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
20:21:50.0879 6348 SSUService - ok
20:21:51.0004 6348 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
20:21:51.0020 6348 stisvc - ok
20:21:51.0066 6348 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:21:51.0098 6348 swenum - ok
20:21:51.0176 6348 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
20:21:51.0207 6348 swprv - ok
20:21:51.0300 6348 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:21:51.0316 6348 Symc8xx - ok
20:21:51.0425 6348 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:21:51.0441 6348 Sym_hi - ok
20:21:51.0488 6348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:21:51.0503 6348 Sym_u3 - ok
20:21:51.0550 6348 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
20:21:51.0566 6348 SynTP - ok
20:21:51.0628 6348 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
20:21:51.0659 6348 SysMain - ok
20:21:51.0737 6348 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:21:51.0768 6348 TabletInputService - ok
20:21:51.0815 6348 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
20:21:51.0831 6348 TapiSrv - ok
20:21:51.0909 6348 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:21:51.0940 6348 TBS - ok
20:21:52.0049 6348 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
20:21:52.0096 6348 Tcpip - ok
20:21:52.0236 6348 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:52.0236 6348 Tcpip6 - ok
20:21:52.0424 6348 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
20:21:52.0470 6348 tcpipreg - ok
20:21:52.0658 6348 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:21:52.0860 6348 tdcmdpst - ok
20:21:52.0970 6348 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:21:53.0001 6348 TDPIPE - ok
20:21:53.0032 6348 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:21:53.0063 6348 TDTCP - ok
20:21:53.0172 6348 tdx (61daf937afc4c7a3db1a3232c3d7e258) C:\Windows\system32\DRIVERS\tdx.sys
20:21:53.0250 6348 tdx ( Virus.Win32.ZAccess.c ) - infected
20:21:53.0250 6348 tdx - detected Virus.Win32.ZAccess.c (0)
20:21:53.0422 6348 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
20:21:53.0438 6348 TeamViewer6 - ok
20:21:53.0531 6348 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
20:21:53.0547 6348 TermDD - ok
20:21:53.0594 6348 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
20:21:53.0609 6348 TermService - ok
20:21:53.0687 6348 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
20:21:53.0687 6348 Themes - ok
20:21:53.0734 6348 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:21:53.0734 6348 THREADORDER - ok
20:21:53.0843 6348 TNaviSrv (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:21:53.0843 6348 TNaviSrv - ok
20:21:53.0968 6348 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
20:21:53.0984 6348 TODDSrv - ok
20:21:54.0093 6348 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
20:21:54.0093 6348 TosCoSrv - ok
20:21:54.0124 6348 TOSHIBA Bluetooth Service - ok
20:21:54.0155 6348 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
20:21:54.0155 6348 TOSHIBA SMART Log Service - ok
20:21:54.0218 6348 Tosrfcom - ok
20:21:54.0280 6348 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
20:21:54.0296 6348 tosrfec - ok
20:21:54.0358 6348 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:21:54.0608 6348 tos_sps32 - ok
20:21:54.0686 6348 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:21:54.0701 6348 TrkWks - ok
20:21:54.0748 6348 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
20:21:54.0748 6348 TrustedInstaller - ok
20:21:54.0966 6348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:54.0998 6348 tssecsrv - ok
20:21:55.0154 6348 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:21:55.0185 6348 tunmp - ok
20:21:55.0325 6348 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:55.0325 6348 tunnel - ok
20:21:55.0404 6348 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:21:55.0435 6348 TVALZ - ok
20:21:55.0513 6348 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:21:55.0513 6348 uagp35 - ok
20:21:55.0607 6348 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
20:21:55.0623 6348 udfs - ok
20:21:55.0685 6348 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:21:55.0732 6348 UI0Detect - ok
20:21:55.0825 6348 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:21:55.0825 6348 UleadBurningHelper - ok
20:21:55.0919 6348 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:21:55.0935 6348 uliagpkx - ok
20:21:55.0981 6348 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:21:56.0013 6348 uliahci - ok
20:21:56.0122 6348 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:21:56.0122 6348 UlSata - ok
20:21:56.0215 6348 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:21:56.0215 6348 ulsata2 - ok
20:21:56.0262 6348 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:21:56.0309 6348 umbus - ok
20:21:56.0371 6348 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:21:56.0403 6348 upnphost - ok
20:21:56.0512 6348 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
20:21:56.0527 6348 USBAAPL - ok
20:21:56.0637 6348 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
20:21:56.0652 6348 usbaudio - ok
20:21:56.0730 6348 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:56.0746 6348 usbccgp - ok
20:21:56.0839 6348 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:21:56.0871 6348 usbcir - ok
20:21:56.0933 6348 usbcm - ok
20:21:57.0058 6348 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
20:21:57.0058 6348 usbehci - ok
20:21:57.0105 6348 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:57.0120 6348 usbhub - ok
20:21:57.0167 6348 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:21:57.0214 6348 usbohci - ok
20:21:57.0370 6348 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:57.0385 6348 usbprint - ok
20:21:57.0557 6348 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:21:57.0573 6348 usbscan - ok
20:21:57.0635 6348 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:57.0635 6348 USBSTOR - ok
20:21:57.0760 6348 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:21:57.0791 6348 usbuhci - ok
20:21:57.0853 6348 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:21:57.0885 6348 usbvideo - ok
20:21:57.0931 6348 usnjsvc - ok
20:21:58.0009 6348 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:21:58.0041 6348 UVCFTR - ok
20:21:58.0119 6348 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
20:21:58.0134 6348 UxSms - ok
20:21:58.0243 6348 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
20:21:58.0259 6348 vds - ok
20:21:58.0337 6348 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:58.0353 6348 vga - ok
20:21:58.0431 6348 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:21:58.0431 6348 VgaSave - ok
20:21:58.0493 6348 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:21:58.0524 6348 viaagp - ok
20:21:58.0602 6348 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:21:58.0633 6348 ViaC7 - ok
20:21:58.0696 6348 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:21:58.0727 6348 viaide - ok
20:21:58.0805 6348 vnccom (b67632451f760797bb183e1fb99f4b39) C:\Windows\system32\Drivers\vnccom.SYS
20:21:58.0852 6348 vnccom - ok
20:21:58.0914 6348 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\Windows\system32\DRIVERS\vncdrv.sys
20:21:58.0930 6348 vncdrv - ok
20:21:59.0008 6348 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:21:59.0055 6348 volmgr - ok
20:21:59.0148 6348 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
20:21:59.0164 6348 volmgrx - ok
20:21:59.0273 6348 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
20:21:59.0320 6348 volsnap - ok
20:21:59.0429 6348 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:21:59.0445 6348 vsmraid - ok
20:21:59.0632 6348 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
20:21:59.0647 6348 VSS - ok
20:21:59.0788 6348 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
20:21:59.0835 6348 W32Time - ok
20:21:59.0944 6348 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:21:59.0959 6348 WacomPen - ok
20:21:59.0991 6348 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:00.0006 6348 Wanarp - ok
20:22:00.0006 6348 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:00.0006 6348 Wanarpv6 - ok
20:22:00.0069 6348 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
20:22:00.0100 6348 wcncsvc - ok
20:22:00.0193 6348 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:22:00.0209 6348 WcsPlugInService - ok
20:22:00.0287 6348 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:22:00.0318 6348 Wd - ok
20:22:00.0443 6348 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:22:00.0474 6348 Wdf01000 - ok
20:22:00.0537 6348 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:22:00.0583 6348 WdiServiceHost - ok
20:22:00.0583 6348 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:22:00.0583 6348 WdiSystemHost - ok
20:22:00.0693 6348 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
20:22:00.0739 6348 WebClient - ok
20:22:00.0802 6348 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:22:00.0833 6348 Wecsvc - ok
20:22:00.0895 6348 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:22:00.0942 6348 wercplsupport - ok
20:22:01.0051 6348 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
20:22:01.0223 6348 WerSvc - ok
20:22:01.0348 6348 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:22:01.0363 6348 winachsf - ok
20:22:01.0457 6348 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:22:01.0473 6348 WinDefend - ok
20:22:01.0488 6348 WinHttpAutoProxySvc - ok
20:22:01.0597 6348 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
20:22:01.0597 6348 Winmgmt - ok
20:22:01.0691 6348 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:22:01.0722 6348 WinRM - ok
20:22:01.0847 6348 WinVNC4 (7043ddf51d7135c1d1b83b4213dfed61) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
20:22:01.0847 6348 WinVNC4 - ok
20:22:02.0034 6348 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
20:22:02.0065 6348 Wlansvc - ok
20:22:02.0143 6348 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:22:02.0190 6348 WLSetupSvc - ok
20:22:02.0284 6348 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:22:02.0331 6348 WmiAcpi - ok
20:22:02.0409 6348 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
20:22:02.0424 6348 wmiApSrv - ok
20:22:02.0518 6348 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:22:02.0549 6348 WMPNetworkSvc - ok
20:22:02.0783 6348 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
20:22:02.0830 6348 WPCSvc - ok
20:22:02.0939 6348 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
20:22:02.0970 6348 WPDBusEnum - ok
20:22:03.0033 6348 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
20:22:03.0048 6348 WpdUsb - ok
20:22:03.0267 6348 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:22:03.0313 6348 WPFFontCache_v0400 - ok
20:22:03.0438 6348 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:03.0469 6348 ws2ifsl - ok
20:22:03.0547 6348 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
20:22:03.0594 6348 wscsvc - ok
20:22:03.0641 6348 WSearch - ok
20:22:03.0766 6348 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:22:03.0781 6348 wuauserv - ok
20:22:03.0875 6348 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:03.0906 6348 WUDFRd - ok
20:22:04.0078 6348 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:22:04.0125 6348 wudfsvc - ok
20:22:04.0218 6348 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys
20:22:04.0249 6348 X4HSEx - ok
20:22:04.0405 6348 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:22:04.0405 6348 XAudio - ok
20:22:04.0452 6348 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
20:22:04.0452 6348 XAudioService - ok
20:22:04.0639 6348 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
20:22:04.0639 6348 yukonwlh - ok
20:22:04.0717 6348 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
20:22:04.0920 6348 ZTEusbmdm6k - ok
20:22:05.0045 6348 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
20:22:05.0248 6348 ZTEusbnmea - ok
20:22:05.0310 6348 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
20:22:05.0529 6348 ZTEusbser6k - ok
20:22:05.0575 6348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:22:05.0638 6348 \Device\Harddisk0\DR0 - ok
20:22:05.0638 6348 Boot (0x1200) (0f2c39e9dd46ab8db6a4a27b29e73d30) \Device\Harddisk0\DR0\Partition0
20:22:05.0638 6348 \Device\Harddisk0\DR0\Partition0 - ok
20:22:05.0669 6348 Boot (0x1200) (d6616ce09c4b8d8957397596dcd4745d) \Device\Harddisk0\DR0\Partition1
20:22:05.0669 6348 \Device\Harddisk0\DR0\Partition1 - ok
20:22:05.0685 6348 ============================================================
20:22:05.0685 6348 Scan finished
20:22:05.0685 6348 ============================================================
20:22:05.0700 6488 Detected object count: 2
20:22:05.0700 6488 Actual detected object count: 2
20:22:39.0037 6488 C:\Windows\system32\TPPWRIF.dll - copied to quarantine
20:22:39.0100 6488 HKLM\SYSTEM\ControlSet001\services\besclient - will be deleted on reboot
20:22:39.0131 6488 C:\Windows\system32\TPPWRIF.dll - will be deleted on reboot
20:22:39.0131 6488 besclient ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:22:39.0225 6488 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
20:22:39.0256 6488 C:\Windows\$NtUninstallKB3248$\1944747866\@ - copied to quarantine
20:22:39.0271 6488 C:\Windows\$NtUninstallKB3248$\1944747866\cfg.ini - copied to quarantine
20:22:39.0303 6488 C:\Windows\$NtUninstallKB3248$\1944747866\Desktop.ini - copied to quarantine
20:22:39.0334 6488 C:\Windows\$NtUninstallKB3248$\1944747866\L\qnbwvoto - copied to quarantine
20:22:39.0349 6488 C:\Windows\$NtUninstallKB3248$\1944747866\oemid - copied to quarantine
20:22:39.0365 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000001.@ - copied to quarantine
20:22:39.0474 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000002.@ - copied to quarantine
20:22:39.0505 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000004.@ - copied to quarantine
20:22:39.0552 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000000.@ - copied to quarantine
20:22:39.0568 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000004.@ - copied to quarantine
20:22:39.0630 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000032.@ - copied to quarantine
20:22:39.0661 6488 C:\Windows\$NtUninstallKB3248$\1944747866\version - copied to quarantine
20:22:39.0755 6488 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\tdx.sys) error 1813
20:22:50.0488 6488 Backup copy found, using it..
20:22:50.0909 6488 C:\Windows\system32\DRIVERS\tdx.sys - will be cured on reboot
20:22:55.0932 6488 C:\Windows\$NtUninstallKB3248$\1650053464 - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\cfg.ini - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\Desktop.ini - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\oemid - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000001.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000002.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\00000004.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000000.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000004.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\U\80000032.@ - will be deleted on reboot
20:22:55.0948 6488 C:\Windows\$NtUninstallKB3248$\1944747866\version - will be deleted on reboot
20:22:55.0948 6488 tdx ( Virus.Win32.ZAccess.c ) - User select action: Cure
20:23:11.0049 7096 Deinitialize success
ASW LOG:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-11 20:33:52
-----------------------------
20:33:52.640 OS Version: Windows 6.0.6001 Service Pack 1
20:33:52.640 Number of processors: 2 586 0xF0D
20:33:52.640 ComputerName: DENISELAPTOP UserName: Denise
20:34:29.021 Initialize success
20:43:40.441 AVAST engine defs: 12041101
20:43:46.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:43:46.556 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
20:43:46.572 Disk 0 MBR read successfully
20:43:46.572 Disk 0 MBR scan
20:43:46.587 Disk 0 Windows 7 default MBR code
20:43:46.587 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:43:46.603 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 120360 MB offset 3074048
20:43:46.634 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 116614 MB offset 249571328
20:43:46.650 Disk 0 scanning sectors +488396800
20:43:46.790 Disk 0 scanning C:\Windows\system32\drivers
20:44:13.531 Service scanning
20:44:57.320 Modules scanning
20:45:14.168 Disk 0 trace - called modules:
20:45:14.199 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:45:14.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885adac8]
20:45:14.215 3 CLASSPNP.SYS[84f84745] -> nt!IofCallDriver -> [0x875273b0]
20:45:14.230 5 acpi.sys[806946a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87556028]
20:45:15.026 AVAST engine scan C:\Windows
20:45:18.395 AVAST engine scan C:\Windows\system32
20:54:19.000 AVAST engine scan C:\Windows\system32\drivers
20:54:43.555 AVAST engine scan C:\Users\Denise
21:04:02.466 Disk 0 MBR has been saved successfully to "C:\Users\Denise\Desktop\MBR.dat"
21:04:02.544 The log file has been saved successfully to "C:\Users\Denise\Desktop\aswMBR.txt"0 -
Good!
Run RogueKiller in the same way as before and post the log.
Please, follow the instructions on http://www.bleepingcomputer.com/combofix/how-to-use-combofix for installing and running ComboFix.
Read carefully and note the "Disclaimer of warranty"!
Paste the content of the log into your answer.0 -
Hi Cecilia
OK Rouge Killer
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User: Denise [Admin rights]
Mode: Scan -- Date: 04/12/2012 07:36:25
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] adawarebp.dll -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll -> UNLOADED
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[382] : NtCreateThreadEx @ 0x84047F82 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys @ 0x93827640)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
and Combo Fix
ComboFix 12-04-12.01 - Denise 12/04/2012 8:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1918 [GMT 1:00]
Running from: c:\users\Denise\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 07:12 . 2012-04-12 07:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-12 07:12 . 2012-04-12 07:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 19:22 . 2012-04-11 19:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 06:32 . 2012-04-10 06:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47853870-9478-447A-999C-010EADB49E97}\offreg.dll
2012-04-10 06:22 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47853870-9478-447A-999C-010EADB49E97}\mpengine.dll
2012-04-09 07:40 . 2012-04-09 07:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-06 10:21 . 2012-04-06 10:21 -------- d-----w- c:\users\Denise\AppData\Local\adaware
2012-04-06 10:21 . 2011-04-05 16:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-06 10:20 . 2011-04-05 16:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-06 10:19 . 2011-04-05 16:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-06 10:19 . 2011-02-08 08:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-06 10:19 . 2012-04-06 10:19 -------- d-----w- c:\programdata\Lavasoft
2012-04-06 10:19 . 2012-04-06 10:19 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-06 10:17 . 2012-04-06 10:21 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-06 10:17 . 2012-04-06 10:17 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-06 10:17 . 2012-04-06 10:17 -------- d-----w- c:\program files\adawaretb
2012-04-06 10:07 . 2012-04-12 06:45 -------- d-----w- c:\users\Denise\AppData\Roaming\Ad-Aware Antivirus
2012-04-06 07:47 . 2012-04-06 07:47 -------- d-----w- c:\users\Denise\AppData\Roaming\f-secure
2012-04-06 07:46 . 2012-04-06 07:46 -------- d-----w- c:\programdata\F-Secure
2012-04-06 06:36 . 2012-04-06 06:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-22 07:53 . 2012-03-22 18:40 -------- d-----w- c:\programdata\F4D55F3E0003FDDA0349FB90EEC1FB6E
2012-03-22 05:57 . 2012-04-06 06:32 -------- d-----w- c:\programdata\F4D55F3E000435DB0349FB90EEC1FB6E
2012-03-22 05:57 . 2012-03-22 05:57 -------- d-----w- c:\programdata\Local Settings
2012-03-18 06:59 . 2012-03-18 06:59 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 06:59 . 2012-03-18 06:59 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 21:40 . 2012-03-16 21:40 -------- d-----w- c:\program files\iPod
2012-03-16 21:40 . 2012-03-16 21:42 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 19:24 . 2008-01-21 02:24 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-06 06:50 . 2011-08-18 17:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-02-23 09:18 . 2009-10-03 17:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-03-18 06:59 . 2011-05-07 07:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-03-15 4804792]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 8.0"="e:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-03-15 4804792]
.
c:\users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\primkhi]
2012-04-08 11:51 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\primkhi.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sptisrv
prevxdriver
alcaudsl
s616mdm
usbcm
besclient
iviregmgr
MagicTune
mi-raysat_3dsmax9_32
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 11:44]
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 06:50]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
- c:\users\Denise\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:31]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
- c:\users\Denise\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:31]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:37]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: 3slive.com
Trusted Zone: 3slive.com\www.logical
Trusted Zone: reflexive.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02766534.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-12 08:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,1f,41,43,7c,87,12,4a,87,6a,3f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,1f,41,43,7c,87,12,4a,87,6a,3f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4116)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\TeamViewer\Version6\tv_w32.dll
c:\windows\system32\CRTDLL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Kontiki\KService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Splashtop\Splashtop Remote\Server\DataProxy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-04-12 08:24:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 07:24
ComboFix2.txt 1601-01-01 00:00
.
Pre-Run: 31,123,451,904 bytes free
Post-Run: 30,080,413,696 bytes free
.
- - End Of File - - 4B7B15E2784F548EB34B4D1A202830B7
off to work now but will check back later /smile.png' class='bbc_emoticon' alt=':)' />0 -
Hi welshden,
1.
Run TDSSKiller as before and post its log.
2.
Copy all lines in the box:
[code]
Killall::
Netsvc::
sptisrv
prevxdriver
alcaudsl
s616mdm
usbcm
besclient
iviregmgr
MagicTune
mi-raysat_3dsmax9_32
DDS::
Notify: primkhi - c:\windows\system32\config\systemprofile\appdata\local\primkhi.dll
[/code]
and paste into Notepad.
Save the file on the desktop with the name CFScript.
Prepare the computer according to the instructions for running ComboFix.
Drag CFScript with the mouse and drop it on top of the ComboFix icon on the Desktop, the program will start in a special way.
Paste the new ComboFix log into your answer.
3.
Run OTL as before and post its log.0 -
Hi Celia
TDS
18:09:08.0150 4412 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:09:08.0447 4412 ============================================================
18:09:08.0447 4412 Current date / time: 2012/04/12 18:09:08.0447
18:09:08.0447 4412 SystemInfo:
18:09:08.0447 4412
18:09:08.0447 4412 OS Version: 6.0.6001 ServicePack: 1.0
18:09:08.0447 4412 Product type: Workstation
18:09:08.0447 4412 ComputerName: DENISELAPTOP
18:09:08.0447 4412 UserName: Denise
18:09:08.0447 4412 Windows directory: C:\Windows
18:09:08.0447 4412 System windows directory: C:\Windows
18:09:08.0447 4412 Processor architecture: Intel x86
18:09:08.0447 4412 Number of processors: 2
18:09:08.0447 4412 Page size: 0x1000
18:09:08.0447 4412 Boot type: Normal boot
18:09:08.0447 4412 ============================================================
18:09:09.0133 4412 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:09:09.0149 4412 \Device\Harddisk0\DR0:
18:09:09.0149 4412 MBR used
18:09:09.0149 4412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xEB14000
18:09:09.0149 4412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEE02800, BlocksNum 0xE3C3000
18:09:09.0258 4412 Initialize success
18:09:09.0258 4412 ============================================================
18:09:13.0673 3880 ============================================================
18:09:13.0673 3880 Scan started
18:09:13.0673 3880 Mode: Manual;
18:09:13.0673 3880 ============================================================
18:09:14.0952 3880 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:09:14.0952 3880 ACPI - ok
18:09:15.0326 3880 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
18:09:15.0326 3880 Ad-Aware Service - ok
18:09:15.0716 3880 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
18:09:15.0748 3880 Adobe Version Cue CS3 - ok
18:09:15.0997 3880 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:09:15.0997 3880 AdobeFlashPlayerUpdateSvc - ok
18:09:16.0294 3880 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:09:16.0309 3880 adp94xx - ok
18:09:16.0886 3880 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:09:16.0902 3880 adpahci - ok
18:09:17.0011 3880 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:09:17.0011 3880 adpu160m - ok
18:09:17.0074 3880 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:09:17.0105 3880 adpu320 - ok
18:09:17.0276 3880 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:09:17.0292 3880 AeLookupSvc - ok
18:09:17.0479 3880 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
18:09:17.0510 3880 AFD - ok
18:09:17.0635 3880 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:09:17.0651 3880 agp440 - ok
18:09:17.0698 3880 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:09:17.0698 3880 aic78xx - ok
18:09:17.0776 3880 alcaudsl - ok
18:09:18.0010 3880 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:09:18.0010 3880 ALG - ok
18:09:18.0134 3880 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:09:18.0150 3880 aliide - ok
18:09:18.0197 3880 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:09:18.0197 3880 amdagp - ok
18:09:18.0228 3880 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:09:18.0228 3880 amdide - ok
18:09:18.0337 3880 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:09:18.0337 3880 AmdK7 - ok
18:09:18.0368 3880 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:09:18.0368 3880 AmdK8 - ok
18:09:18.0431 3880 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:09:18.0431 3880 Appinfo - ok
18:09:18.0540 3880 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:09:18.0540 3880 Apple Mobile Device - ok
18:09:18.0634 3880 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:09:18.0649 3880 arc - ok
18:09:18.0712 3880 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:09:18.0727 3880 arcsas - ok
18:09:18.0977 3880 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:09:18.0977 3880 AsyncMac - ok
18:09:19.0086 3880 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
18:09:19.0086 3880 atapi - ok
18:09:19.0164 3880 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
18:09:19.0195 3880 athr - ok
18:09:19.0336 3880 Ati External Event Utility (26757a5a06c37ef44be544eb7e98d9d3) C:\Windows\system32\Ati2evxx.exe
18:09:19.0336 3880 Ati External Event Utility - ok
18:09:20.0116 3880 atikmdag (d5ab32f003780f21325f1c1df613f867) C:\Windows\system32\DRIVERS\atikmdag.sys
18:09:20.0131 3880 atikmdag - ok
18:09:20.0272 3880 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
18:09:20.0272 3880 AudioEndpointBuilder - ok
18:09:20.0287 3880 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
18:09:20.0287 3880 Audiosrv - ok
18:09:20.0365 3880 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:09:20.0365 3880 Beep - ok
18:09:20.0521 3880 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
18:09:20.0537 3880 BFE - ok
18:09:20.0693 3880 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
18:09:20.0708 3880 BITS - ok
18:09:20.0958 3880 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:09:20.0989 3880 blbdrive - ok
18:09:21.0161 3880 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:09:21.0161 3880 Bonjour Service - ok
18:09:21.0410 3880 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
18:09:21.0442 3880 bowser - ok
18:09:21.0488 3880 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:09:21.0488 3880 BrFiltLo - ok
18:09:21.0598 3880 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:09:21.0613 3880 BrFiltUp - ok
18:09:21.0644 3880 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:09:21.0644 3880 Browser - ok
18:09:21.0769 3880 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:09:21.0800 3880 Brserid - ok
18:09:21.0847 3880 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:09:21.0847 3880 BrSerWdm - ok
18:09:22.0019 3880 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:09:22.0034 3880 BrUsbMdm - ok
18:09:22.0081 3880 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:09:22.0081 3880 BrUsbSer - ok
18:09:22.0190 3880 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:09:22.0190 3880 BTHMODEM - ok
18:09:22.0237 3880 Bulk - ok
18:09:22.0378 3880 catchme - ok
18:09:22.0502 3880 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:09:22.0518 3880 cdfs - ok
18:09:22.0627 3880 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:09:22.0627 3880 cdrom - ok
18:09:22.0674 3880 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
18:09:22.0674 3880 CertPropSvc - ok
18:09:22.0799 3880 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:09:22.0814 3880 circlass - ok
18:09:22.0846 3880 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
18:09:22.0861 3880 CLFS - ok
18:09:23.0017 3880 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:09:23.0033 3880 clr_optimization_v2.0.50727_32 - ok
18:09:23.0173 3880 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:09:23.0173 3880 clr_optimization_v4.0.30319_32 - ok
18:09:23.0251 3880 CLTNetCnService - ok
18:09:23.0392 3880 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:09:23.0392 3880 CmBatt - ok
18:09:23.0438 3880 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:09:23.0438 3880 cmdide - ok
18:09:23.0501 3880 CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
18:09:23.0516 3880 CnxtHdAudAddService - ok
18:09:23.0594 3880 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:09:23.0594 3880 Compbatt - ok
18:09:23.0610 3880 COMSysApp - ok
18:09:23.0719 3880 ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:09:23.0719 3880 ConfigFree Service - ok
18:09:24.0094 3880 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:09:24.0094 3880 crcdisk - ok
18:09:24.0343 3880 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:09:24.0390 3880 Crusoe - ok
18:09:24.0484 3880 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
18:09:24.0484 3880 CryptSvc - ok
18:09:24.0858 3880 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
18:09:24.0889 3880 DcomLaunch - ok
18:09:25.0092 3880 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
18:09:25.0092 3880 DfsC - ok
18:09:25.0451 3880 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
18:09:25.0498 3880 DFSR - ok
18:09:25.0810 3880 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
18:09:25.0810 3880 Dhcp - ok
18:09:26.0137 3880 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:09:26.0137 3880 disk - ok
18:09:26.0387 3880 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
18:09:26.0402 3880 Dnscache - ok
18:09:26.0590 3880 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
18:09:26.0605 3880 dot3svc - ok
18:09:26.0730 3880 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:09:26.0730 3880 DPS - ok
18:09:26.0792 3880 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:09:26.0824 3880 drmkaud - ok
18:09:27.0058 3880 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:09:27.0073 3880 dtsoftbus01 - ok
18:09:27.0182 3880 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:09:27.0214 3880 DXGKrnl - ok
18:09:27.0401 3880 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:09:27.0416 3880 E1G60 - ok
18:09:27.0650 3880 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:09:27.0666 3880 EapHost - ok
18:09:27.0791 3880 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:09:27.0822 3880 Ecache - ok
18:09:27.0869 3880 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:09:27.0884 3880 ehRecvr - ok
18:09:27.0916 3880 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:09:27.0916 3880 ehSched - ok
18:09:27.0931 3880 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:09:27.0931 3880 ehstart - ok
18:09:28.0103 3880 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:09:28.0134 3880 elxstor - ok
18:09:28.0337 3880 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
18:09:28.0337 3880 EMDMgmt - ok
18:09:28.0462 3880 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:09:28.0477 3880 ErrDev - ok
18:09:28.0555 3880 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
18:09:28.0571 3880 EventSystem - ok
18:09:28.0742 3880 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:09:28.0742 3880 exfat - ok
18:09:29.0117 3880 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:09:29.0148 3880 fastfat - ok
18:09:29.0273 3880 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:09:29.0273 3880 fdc - ok
18:09:29.0335 3880 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:09:29.0351 3880 fdPHost - ok
18:09:29.0444 3880 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:09:29.0444 3880 FDResPub - ok
18:09:29.0507 3880 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:09:29.0522 3880 FileInfo - ok
18:09:29.0616 3880 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:09:29.0616 3880 Filetrace - ok
18:09:29.0725 3880 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:09:29.0741 3880 FLEXnet Licensing Service - ok
18:09:29.0834 3880 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:09:29.0834 3880 flpydisk - ok
18:09:29.0866 3880 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:09:29.0897 3880 FltMgr - ok
18:09:30.0006 3880 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:09:30.0006 3880 FontCache3.0.0.0 - ok
18:09:30.0256 3880 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:09:30.0271 3880 Fs_Rec - ok
18:09:30.0380 3880 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:09:30.0412 3880 gagp30kx - ok
18:09:30.0614 3880 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:09:30.0646 3880 GEARAspiWDM - ok
18:09:30.0848 3880 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
18:09:30.0895 3880 gpsvc - ok
18:09:31.0082 3880 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:09:31.0098 3880 gupdate - ok
18:09:31.0114 3880 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:09:31.0114 3880 gupdatem - ok
18:09:31.0254 3880 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:09:31.0270 3880 HdAudAddService - ok
18:09:31.0301 3880 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:09:31.0301 3880 HDAudBus - ok
18:09:31.0332 3880 HDJMidi - ok
18:09:31.0363 3880 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:09:31.0363 3880 HidBth - ok
18:09:31.0535 3880 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:09:31.0535 3880 HidIr - ok
18:09:31.0628 3880 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
18:09:31.0644 3880 hidserv - ok
18:09:31.0722 3880 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
18:09:31.0753 3880 HidUsb - ok
18:09:31.0909 3880 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:09:31.0909 3880 hkmsvc - ok
18:09:32.0081 3880 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:09:32.0096 3880 HpCISSs - ok
18:09:32.0252 3880 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:09:32.0268 3880 HSF_DPV - ok
18:09:32.0502 3880 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:09:32.0502 3880 HSXHWAZL - ok
18:09:32.0720 3880 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
18:09:32.0720 3880 HTTP - ok
18:09:32.0814 3880 hwdatacard - ok
18:09:32.0892 3880 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:09:32.0908 3880 i2omp - ok
18:09:32.0986 3880 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:09:32.0986 3880 i8042prt - ok
18:09:33.0173 3880 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
18:09:33.0173 3880 iaStor - ok
18:09:33.0344 3880 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:09:33.0360 3880 iaStorV - ok
18:09:33.0469 3880 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:09:33.0485 3880 IDriverT - ok
18:09:33.0625 3880 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:09:33.0672 3880 idsvc - ok
18:09:33.0750 3880 igfx - ok
18:09:34.0093 3880 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:09:34.0093 3880 iirsp - ok
18:09:34.0234 3880 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
18:09:34.0249 3880 IKEEXT - ok
18:09:34.0436 3880 IntcHdmiAddService - ok
18:09:34.0655 3880 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:09:34.0670 3880 intelide - ok
18:09:34.0998 3880 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:09:35.0014 3880 intelppm - ok
18:09:35.0123 3880 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:09:35.0154 3880 IPBusEnum - ok
18:09:35.0279 3880 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:09:35.0294 3880 IpFilterDriver - ok
18:09:35.0388 3880 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
18:09:35.0388 3880 iphlpsvc - ok
18:09:35.0544 3880 IpInIp - ok
18:09:35.0591 3880 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:09:35.0591 3880 IPMIDRV - ok
18:09:35.0622 3880 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:09:35.0638 3880 IPNAT - ok
18:09:35.0934 3880 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
18:09:35.0950 3880 iPod Service - ok
18:09:36.0308 3880 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:09:36.0308 3880 IRENUM - ok
18:09:36.0605 3880 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:09:36.0605 3880 isapnp - ok
18:09:36.0698 3880 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:09:36.0698 3880 iScsiPrt - ok
18:09:36.0730 3880 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:09:36.0730 3880 iteatapi - ok
18:09:36.0745 3880 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:09:36.0745 3880 iteraid - ok
18:09:36.0776 3880 iviregmgr - ok
18:09:36.0948 3880 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:09:36.0995 3880 kbdclass - ok
18:09:37.0135 3880 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:09:37.0198 3880 kbdhid - ok
18:09:37.0229 3880 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
18:09:37.0229 3880 KeyIso - ok
18:09:37.0541 3880 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:09:37.0572 3880 KSecDD - ok
18:09:38.0087 3880 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
18:09:38.0102 3880 KService - ok
18:09:38.0243 3880 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:09:38.0258 3880 KtmRm - ok
18:09:38.0305 3880 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
18:09:38.0321 3880 LanmanServer - ok
18:09:38.0446 3880 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
18:09:38.0461 3880 LanmanWorkstation - ok
18:09:38.0524 3880 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:09:38.0539 3880 lltdio - ok
18:09:38.0633 3880 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:09:38.0648 3880 lltdsvc - ok
18:09:38.0680 3880 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:09:38.0680 3880 lmhosts - ok
18:09:38.0773 3880 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:09:38.0789 3880 LSI_FC - ok
18:09:39.0288 3880 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:09:39.0288 3880 LSI_SAS - ok
18:09:39.0616 3880 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:09:39.0616 3880 LSI_SCSI - ok
18:09:39.0709 3880 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:09:39.0709 3880 luafv - ok
18:09:39.0740 3880 MagicTune - ok
18:09:39.0787 3880 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
18:09:39.0803 3880 massfilter - ok
18:09:39.0912 3880 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
18:09:39.0928 3880 MBAMSwissArmy - ok
18:09:40.0193 3880 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:09:40.0208 3880 McComponentHostService - ok
18:09:40.0286 3880 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:09:40.0286 3880 Mcx2Svc - ok
18:09:40.0349 3880 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:09:40.0364 3880 mdmxsdk - ok
18:09:40.0396 3880 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:09:40.0396 3880 megasas - ok
18:09:40.0505 3880 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:09:40.0505 3880 MegaSR - ok
18:09:40.0614 3880 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:09:40.0614 3880 Microsoft Office Groove Audit Service - ok
18:09:40.0848 3880 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:09:40.0864 3880 MMCSS - ok
18:09:41.0035 3880 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:09:41.0035 3880 Modem - ok
18:09:41.0160 3880 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:09:41.0176 3880 monitor - ok
18:09:41.0316 3880 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:09:41.0332 3880 mouclass - ok
18:09:41.0363 3880 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:09:41.0363 3880 mouhid - ok
18:09:41.0612 3880 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:09:41.0612 3880 MountMgr - ok
18:09:41.0815 3880 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:09:41.0831 3880 mpio - ok
18:09:41.0956 3880 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:09:41.0987 3880 mpsdrv - ok
18:09:42.0096 3880 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
18:09:42.0096 3880 MpsSvc - ok
18:09:42.0252 3880 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:09:42.0283 3880 Mraid35x - ok
18:09:42.0408 3880 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:09:42.0424 3880 MRxDAV - ok
18:09:42.0486 3880 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:09:42.0486 3880 mrxsmb - ok
18:09:42.0642 3880 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:09:42.0658 3880 mrxsmb10 - ok
18:09:42.0689 3880 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:09:42.0704 3880 mrxsmb20 - ok
18:09:42.0876 3880 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:09:42.0907 3880 msahci - ok
18:09:42.0938 3880 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:09:42.0954 3880 msdsm - ok
18:09:43.0110 3880 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:09:43.0126 3880 MSDTC - ok
18:09:43.0219 3880 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:09:43.0250 3880 Msfs - ok
18:09:43.0313 3880 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:09:43.0313 3880 msisadrv - ok
18:09:43.0375 3880 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:09:43.0391 3880 MSiSCSI - ok
18:09:43.0391 3880 msiserver - ok
18:09:43.0500 3880 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:09:43.0516 3880 MSKSSRV - ok
18:09:43.0656 3880 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:09:43.0656 3880 MSPCLOCK - ok
18:09:43.0687 3880 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:09:43.0687 3880 MSPQM - ok
18:09:43.0718 3880 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:09:43.0718 3880 MsRPC - ok
18:09:43.0828 3880 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:09:43.0828 3880 mssmbios - ok
18:09:43.0890 3880 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:09:43.0906 3880 MSTEE - ok
18:09:43.0921 3880 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:09:43.0921 3880 Mup - ok
18:09:44.0093 3880 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
18:09:44.0093 3880 napagent - ok
18:09:44.0249 3880 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:09:44.0264 3880 NativeWifiP - ok
18:09:44.0327 3880 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:09:44.0342 3880 NDIS - ok
18:09:44.0545 3880 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:09:44.0592 3880 NdisTapi - ok
18:09:44.0670 3880 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:09:44.0670 3880 Ndisuio - ok
18:09:44.0717 3880 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:09:44.0732 3880 NdisWan - ok
18:09:44.0764 3880 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:09:44.0764 3880 NDProxy - ok
18:09:44.0779 3880 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:09:44.0779 3880 NetBIOS - ok
18:09:45.0169 3880 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:09:45.0185 3880 netbt - ok
18:09:45.0310 3880 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
18:09:45.0310 3880 Netlogon - ok
18:09:45.0481 3880 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:09:45.0512 3880 Netman - ok
18:09:45.0559 3880 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:09:45.0575 3880 netprofm - ok
18:09:45.0731 3880 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:09:45.0731 3880 NetTcpPortSharing - ok
18:09:46.0433 3880 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:09:46.0495 3880 NETw3v32 - ok
18:09:46.0792 3880 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
18:09:46.0854 3880 NETw4v32 - ok
18:09:47.0150 3880 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:09:47.0197 3880 nfrd960 - ok
18:09:47.0322 3880 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:09:47.0338 3880 NlaSvc - ok
18:09:47.0416 3880 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:09:47.0416 3880 Npfs - ok
18:09:47.0618 3880 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:09:47.0634 3880 nsi - ok
18:09:47.0728 3880 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:09:47.0728 3880 nsiproxy - ok
18:09:47.0962 3880 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:09:47.0977 3880 Ntfs - ok
18:09:48.0320 3880 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:09:48.0367 3880 ntrigdigi - ok
18:09:48.0492 3880 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:09:48.0508 3880 Null - ok
18:09:48.0757 3880 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:09:48.0757 3880 nvraid - ok
18:09:49.0054 3880 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:09:49.0069 3880 nvstor - ok
18:09:49.0303 3880 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:09:49.0319 3880 nv_agp - ok
18:09:49.0397 3880 NwlnkFlt - ok
18:09:49.0428 3880 NwlnkFwd - ok
18:09:49.0522 3880 o2flash (d955d5de998db2476bf0892be3a96c26) C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
18:09:49.0522 3880 o2flash - ok
18:09:49.0802 3880 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
18:09:49.0802 3880 O2MDRDR - ok
18:09:50.0224 3880 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:09:50.0239 3880 odserv - ok
18:09:50.0364 3880 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:09:50.0364 3880 ohci1394 - ok
18:09:50.0458 3880 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:09:50.0458 3880 ose - ok
18:09:50.0660 3880 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
18:09:50.0676 3880 p2pimsvc - ok
18:09:50.0692 3880 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
18:09:50.0692 3880 p2psvc - ok
18:09:50.0801 3880 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:09:50.0801 3880 Parport - ok
18:09:50.0848 3880 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:09:50.0848 3880 partmgr - ok
18:09:50.0879 3880 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:09:50.0879 3880 Parvdm - ok
18:09:50.0910 3880 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:09:50.0910 3880 PcaSvc - ok
18:09:51.0050 3880 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:09:51.0050 3880 pci - ok
18:09:51.0394 3880 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:09:51.0409 3880 pciide - ok
18:09:51.0503 3880 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:09:51.0503 3880 pcmcia - ok
18:09:51.0565 3880 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:09:51.0581 3880 PEAUTH - ok
18:09:51.0799 3880 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:09:51.0815 3880 pla - ok
18:09:52.0049 3880 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
18:09:52.0080 3880 PlugPlay - ok
18:09:52.0345 3880 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
18:09:52.0345 3880 PNRPAutoReg - ok
18:09:52.0470 3880 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
18:09:52.0470 3880 PNRPsvc - ok
18:09:52.0782 3880 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
18:09:52.0782 3880 PolicyAgent - ok
18:09:53.0032 3880 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:09:53.0047 3880 PptpMiniport - ok
18:09:53.0125 3880 prevxdriver - ok
18:09:53.0234 3880 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:09:53.0234 3880 Processor - ok
18:09:53.0297 3880 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
18:09:53.0297 3880 ProfSvc - ok
18:09:53.0422 3880 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
18:09:53.0422 3880 ProtectedStorage - ok
18:09:53.0484 3880 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:09:53.0484 3880 PSched - ok
18:09:53.0593 3880 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
18:09:53.0609 3880 PxHelp20 - ok
18:09:53.0671 3880 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys
18:09:53.0671 3880 QIOMem - ok
18:09:53.0780 3880 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:09:53.0796 3880 ql2300 - ok
18:09:53.0921 3880 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:09:53.0921 3880 ql40xx - ok
18:09:53.0968 3880 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:09:53.0968 3880 QWAVE - ok
18:09:54.0155 3880 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:09:54.0186 3880 QWAVEdrv - ok
18:09:54.0482 3880 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys
18:09:54.0498 3880 RapportCerberus_34302 - ok
18:09:54.0592 3880 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
18:09:54.0592 3880 RapportEI - ok
18:09:54.0841 3880 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
18:09:54.0841 3880 RapportIaso - ok
18:09:54.0935 3880 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys
18:09:54.0950 3880 RapportKELL - ok
18:09:55.0387 3880 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
18:09:55.0387 3880 RapportMgmtService - ok
18:09:55.0684 3880 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
18:09:55.0730 3880 RapportPG - ok
18:09:55.0840 3880 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:09:55.0840 3880 RasAcd - ok
18:09:55.0886 3880 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:09:55.0902 3880 RasAuto - ok
18:09:56.0042 3880 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:09:56.0042 3880 Rasl2tp - ok
18:09:56.0448 3880 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
18:09:56.0479 3880 RasMan - ok
18:09:56.0635 3880 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:09:56.0651 3880 RasPppoe - ok
18:09:56.0760 3880 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:09:56.0776 3880 RasSstp - ok
18:09:56.0838 3880 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:09:56.0854 3880 rdbss - ok
18:09:56.0885 3880 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:09:56.0885 3880 RDPCDD - ok
18:09:56.0994 3880 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:09:57.0010 3880 rdpdr - ok
18:09:57.0275 3880 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:09:57.0290 3880 RDPENCDD - ok
18:09:57.0571 3880 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:09:57.0571 3880 RDPWD - ok
18:09:57.0680 3880 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:09:57.0680 3880 RemoteAccess - ok
18:09:57.0758 3880 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
18:09:57.0790 3880 RemoteRegistry - ok
18:09:57.0836 3880 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:09:57.0836 3880 RpcLocator - ok
18:09:57.0961 3880 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\System32\rpcss.dll
18:09:57.0961 3880 RpcSs - ok
18:09:58.0102 3880 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:09:58.0117 3880 rspndr - ok
18:09:58.0242 3880 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
18:09:58.0273 3880 s115bus - ok
18:09:58.0320 3880 s616mdm - ok
18:09:58.0398 3880 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
18:09:58.0398 3880 SamSs - ok
18:09:59.0038 3880 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
18:09:59.0053 3880 SBAMSvc - ok
18:09:59.0225 3880 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
18:09:59.0256 3880 sbapifs - ok
18:09:59.0412 3880 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
18:09:59.0412 3880 SbFw - ok
18:09:59.0584 3880 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
18:09:59.0584 3880 SBFWIMCL - ok
18:09:59.0802 3880 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
18:09:59.0802 3880 SBFWIMCLMP - ok
18:09:59.0958 3880 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
18:09:59.0974 3880 sbhips - ok
18:10:00.0052 3880 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:10:00.0052 3880 sbp2port - ok
18:10:00.0192 3880 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
18:10:00.0208 3880 SBRE - ok
18:10:00.0364 3880 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:10:00.0395 3880 SBSDWSCService - ok
18:10:00.0566 3880 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
18:10:00.0566 3880 SbTis - ok
18:10:00.0660 3880 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
18:10:00.0676 3880 SCardSvr - ok
18:10:00.0785 3880 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
18:10:00.0800 3880 Schedule - ok
18:10:00.0894 3880 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
18:10:00.0894 3880 SCPolicySvc - ok
18:10:00.0972 3880 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:10:00.0972 3880 sdbus - ok
18:10:01.0019 3880 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:10:01.0034 3880 SDRSVC - ok
18:10:01.0097 3880 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:10:01.0097 3880 secdrv - ok
18:10:01.0144 3880 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:10:01.0159 3880 seclogon - ok
18:10:01.0206 3880 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:10:01.0206 3880 SENS - ok
18:10:01.0300 3880 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:10:01.0331 3880 Serenum - ok
18:10:01.0362 3880 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:10:01.0378 3880 Serial - ok
18:10:01.0518 3880 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:10:01.0518 3880 sermouse - ok
18:10:01.0643 3880 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:10:01.0643 3880 SessionEnv - ok
18:10:01.0705 3880 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
18:10:01.0705 3880 sffdisk - ok
18:10:01.0752 3880 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:10:01.0752 3880 sffp_mmc - ok
18:10:01.0799 3880 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:10:01.0799 3880 sffp_sd - ok
18:10:01.0908 3880 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:10:01.0908 3880 sfloppy - ok
18:10:02.0095 3880 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:10:02.0095 3880 SharedAccess - ok
18:10:02.0204 3880 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
18:10:02.0220 3880 ShellHWDetection - ok
18:10:02.0360 3880 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:10:02.0376 3880 sisagp - ok
18:10:02.0548 3880 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:10:02.0563 3880 SiSRaid2 - ok
18:10:02.0704 3880 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:10:02.0719 3880 SiSRaid4 - ok
18:10:02.0984 3880 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
18:10:03.0000 3880 slsvc - ok
18:10:03.0094 3880 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
18:10:03.0094 3880 SLUINotify - ok
18:10:03.0172 3880 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
18:10:03.0172 3880 Smb - ok
18:10:03.0406 3880 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:10:03.0406 3880 SNMPTRAP - ok
18:10:03.0530 3880 SplashtopRemoteService (45e73e4bf21407c9297b7d625392c327) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
18:10:03.0530 3880 SplashtopRemoteService - ok
18:10:03.0655 3880 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:10:03.0655 3880 spldr - ok
18:10:03.0686 3880 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
18:10:03.0702 3880 Spooler - ok
18:10:03.0749 3880 sptisrv - ok
18:10:03.0905 3880 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
18:10:03.0920 3880 srv - ok
18:10:04.0108 3880 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
18:10:04.0123 3880 srv2 - ok
18:10:04.0248 3880 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
18:10:04.0264 3880 srvnet - ok
18:10:04.0451 3880 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:10:04.0451 3880 SSDPSRV - ok
18:10:04.0591 3880 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:10:04.0607 3880 SstpSvc - ok
18:10:04.0700 3880 SSUService (16467d878ddd9d10f0e42cb81e0cf391) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
18:10:04.0716 3880 SSUService - ok
18:10:04.0903 3880 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
18:10:04.0919 3880 stisvc - ok
18:10:05.0012 3880 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:10:05.0012 3880 swenum - ok
18:10:05.0090 3880 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
18:10:05.0090 3880 swprv - ok
18:10:05.0246 3880 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:10:05.0262 3880 Symc8xx - ok
18:10:05.0387 3880 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:10:05.0402 3880 Sym_hi - ok
18:10:05.0434 3880 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:10:05.0434 3880 Sym_u3 - ok
18:10:05.0652 3880 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
18:10:05.0652 3880 SynTP - ok
18:10:05.0746 3880 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
18:10:05.0761 3880 SysMain - ok
18:10:05.0933 3880 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:10:05.0933 3880 TabletInputService - ok
18:10:05.0980 3880 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
18:10:05.0980 3880 TapiSrv - ok
18:10:06.0073 3880 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:10:06.0073 3880 TBS - ok
18:10:06.0385 3880 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
18:10:06.0432 3880 Tcpip - ok
18:10:06.0682 3880 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
18:10:06.0697 3880 Tcpip6 - ok
18:10:06.0900 3880 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:10:06.0916 3880 tcpipreg - ok
18:10:07.0056 3880 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:10:07.0056 3880 tdcmdpst - ok
18:10:07.0181 3880 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:10:07.0181 3880 TDPIPE - ok
18:10:07.0290 3880 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:10:07.0321 3880 TDTCP - ok
18:10:07.0384 3880 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:10:07.0399 3880 tdx - ok
18:10:07.0680 3880 TeamViewer6 (01a402d34732ca3da91786adcc765069) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
18:10:07.0758 3880 TeamViewer6 - ok
18:10:07.0898 3880 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:10:07.0898 3880 TermDD - ok
18:10:07.0992 3880 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
18:10:08.0008 3880 TermService - ok
18:10:08.0117 3880 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
18:10:08.0132 3880 Themes - ok
18:10:08.0226 3880 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:10:08.0226 3880 THREADORDER - ok
18:10:08.0382 3880 TNaviSrv (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:10:08.0382 3880 TNaviSrv - ok
18:10:08.0460 3880 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
18:10:08.0460 3880 TODDSrv - ok
18:10:08.0600 3880 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:10:08.0600 3880 TosCoSrv - ok
18:10:08.0663 3880 TOSHIBA Bluetooth Service - ok
18:10:08.0710 3880 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
18:10:08.0710 3880 TOSHIBA SMART Log Service - ok
18:10:08.0803 3880 Tosrfcom - ok
18:10:08.0897 3880 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
18:10:08.0897 3880 tosrfec - ok
18:10:09.0022 3880 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:10:09.0022 3880 tos_sps32 - ok
18:10:09.0162 3880 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:10:09.0178 3880 TrkWks - ok
18:10:09.0240 3880 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
18:10:09.0240 3880 TrustedInstaller - ok
18:10:09.0318 3880 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:10:09.0334 3880 tssecsrv - ok
18:10:09.0380 3880 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:10:09.0380 3880 tunmp - ok
18:10:09.0412 3880 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
18:10:09.0412 3880 tunnel - ok
18:10:09.0505 3880 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:10:09.0521 3880 TVALZ - ok
18:10:09.0630 3880 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:10:09.0646 3880 uagp35 - ok
18:10:09.0786 3880 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:10:09.0786 3880 udfs - ok
18:10:09.0864 3880 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:10:09.0864 3880 UI0Detect - ok
18:10:10.0020 3880 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:10:10.0020 3880 UleadBurningHelper - ok
18:10:10.0129 3880 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:10:10.0145 3880 uliagpkx - ok
18:10:10.0192 3880 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:10:10.0192 3880 uliahci - ok
18:10:10.0285 3880 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:10:10.0301 3880 UlSata - ok
18:10:10.0348 3880 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:10:10.0348 3880 ulsata2 - ok
18:10:10.0394 3880 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:10:10.0410 3880 umbus - ok
18:10:10.0488 3880 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:10:10.0535 3880 upnphost - ok
18:10:10.0675 3880 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:10:10.0691 3880 USBAAPL - ok
18:10:10.0784 3880 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
18:10:10.0800 3880 usbaudio - ok
18:10:10.0894 3880 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:10:10.0909 3880 usbccgp - ok
18:10:11.0050 3880 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:10:11.0050 3880 usbcir - ok
18:10:11.0112 3880 usbcm - ok
18:10:11.0268 3880 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:10:11.0268 3880 usbehci - ok
18:10:11.0393 3880 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:10:11.0393 3880 usbhub - ok
18:10:11.0674 3880 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:10:11.0674 3880 usbohci - ok
18:10:11.0830 3880 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:10:11.0845 3880 usbprint - ok
18:10:11.0892 3880 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:10:11.0892 3880 usbscan - ok
18:10:11.0954 3880 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:10:11.0954 3880 USBSTOR - ok
18:10:12.0079 3880 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:10:12.0079 3880 usbuhci - ok
18:10:12.0126 3880 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:10:12.0126 3880 usbvideo - ok
18:10:12.0173 3880 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:10:12.0173 3880 UVCFTR - ok
18:10:12.0282 3880 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
18:10:12.0298 3880 UxSms - ok
18:10:12.0329 3880 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
18:10:12.0344 3880 vds - ok
18:10:12.0469 3880 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:10:12.0485 3880 vga - ok
18:10:12.0532 3880 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:10:12.0532 3880 VgaSave - ok
18:10:12.0594 3880 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:10:12.0610 3880 viaagp - ok
18:10:12.0656 3880 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:10:12.0656 3880 ViaC7 - ok
18:10:12.0703 3880 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:10:12.0703 3880 viaide - ok
18:10:12.0781 3880 vnccom (b67632451f760797bb183e1fb99f4b39) C:\Windows\system32\Drivers\vnccom.SYS
18:10:12.0781 3880 vnccom - ok
18:10:12.0844 3880 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\Windows\system32\DRIVERS\vncdrv.sys
18:10:12.0875 3880 vncdrv - ok
18:10:12.0937 3880 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:10:12.0953 3880 volmgr - ok
18:10:13.0031 3880 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:10:13.0046 3880 volmgrx - ok
18:10:13.0187 3880 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:10:13.0187 3880 volsnap - ok
18:10:13.0358 3880 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:10:13.0374 3880 vsmraid - ok
18:10:13.0514 3880 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
18:10:13.0514 3880 VSS - ok
18:10:13.0639 3880 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
18:10:13.0655 3880 W32Time - ok
18:10:13.0717 3880 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:10:13.0717 3880 WacomPen - ok
18:10:13.0858 3880 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:13.0889 3880 Wanarp - ok
18:10:13.0889 3880 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:10:13.0904 3880 Wanarpv6 - ok
18:10:14.0060 3880 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
18:10:14.0076 3880 wcncsvc - ok
18:10:14.0138 3880 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:10:14.0138 3880 WcsPlugInService - ok
18:10:14.0263 3880 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:10:14.0279 3880 Wd - ok
18:10:14.0326 3880 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:10:14.0326 3880 Wdf01000 - ok
18:10:14.0404 3880 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:10:14.0404 3880 WdiServiceHost - ok
18:10:14.0404 3880 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:10:14.0404 3880 WdiSystemHost - ok
18:10:14.0497 3880 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
18:10:14.0513 3880 WebClient - ok
18:10:14.0575 3880 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:10:14.0575 3880 Wecsvc - ok
18:10:14.0638 3880 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:10:14.0653 3880 wercplsupport - ok
18:10:14.0716 3880 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
18:10:14.0731 3880 WerSvc - ok
18:10:14.0903 3880 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:10:14.0903 3880 winachsf - ok
18:10:14.0996 3880 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:10:14.0996 3880 WinDefend - ok
18:10:15.0012 3880 WinHttpAutoProxySvc - ok
18:10:15.0121 3880 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
18:10:15.0121 3880 Winmgmt - ok
18:10:15.0246 3880 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:10:15.0277 3880 WinRM - ok
18:10:15.0371 3880 WinVNC4 (7043ddf51d7135c1d1b83b4213dfed61) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
18:10:15.0371 3880 WinVNC4 - ok
18:10:15.0511 3880 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
18:10:15.0527 3880 Wlansvc - ok
18:10:15.0652 3880 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:10:15.0667 3880 WLSetupSvc - ok
18:10:15.0792 3880 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:10:15.0792 3880 WmiAcpi - ok
18:10:15.0932 3880 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
18:10:15.0932 3880 wmiApSrv - ok
18:10:16.0026 3880 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:10:16.0042 3880 WMPNetworkSvc - ok
18:10:16.0151 3880 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
18:10:16.0151 3880 WPCSvc - ok
18:10:16.0213 3880 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
18:10:16.0229 3880 WPDBusEnum - ok
18:10:16.0322 3880 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:10:16.0322 3880 WpdUsb - ok
18:10:16.0572 3880 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:10:16.0588 3880 WPFFontCache_v0400 - ok
18:10:16.0744 3880 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:10:16.0759 3880 ws2ifsl - ok
18:10:16.0822 3880 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
18:10:16.0837 3880 wscsvc - ok
18:10:16.0853 3880 WSearch - ok
18:10:16.0993 3880 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:10:17.0009 3880 wuauserv - ok
18:10:17.0180 3880 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:10:17.0212 3880 WUDFRd - ok
18:10:17.0274 3880 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:10:17.0274 3880 wudfsvc - ok
18:10:17.0336 3880 X4HSEx (13cf1854fecc1b4d7490983b03cdbcd2) C:\Program Files\Free Ride Games\X4HSEx.Sys
18:10:17.0352 3880 X4HSEx - ok
18:10:17.0524 3880 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:10:17.0539 3880 XAudio - ok
18:10:17.0602 3880 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
18:10:17.0602 3880 XAudioService - ok
18:10:17.0836 3880 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
18:10:17.0836 3880 yukonwlh - ok
18:10:18.0023 3880 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:10:18.0023 3880 ZTEusbmdm6k - ok
18:10:18.0085 3880 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:10:18.0116 3880 ZTEusbnmea - ok
18:10:18.0210 3880 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:10:18.0241 3880 ZTEusbser6k - ok
18:10:18.0272 3880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:10:18.0335 3880 \Device\Harddisk0\DR0 - ok
18:10:18.0335 3880 Boot (0x1200) (0f2c39e9dd46ab8db6a4a27b29e73d30) \Device\Harddisk0\DR0\Partition0
18:10:18.0382 3880 \Device\Harddisk0\DR0\Partition0 - ok
18:10:18.0413 3880 Boot (0x1200) (d6616ce09c4b8d8957397596dcd4745d) \Device\Harddisk0\DR0\Partition1
18:10:18.0460 3880 \Device\Harddisk0\DR0\Partition1 - ok
18:10:18.0460 3880 ============================================================
18:10:18.0460 3880 Scan finished
18:10:18.0460 3880 ============================================================
18:10:18.0475 5584 Detected object count: 0
18:10:18.0475 5584 Actual detected object count: 0
18:14:47.0186 2752 Deinitialize success
COMBOFIX
ComboFix 12-04-12.01 - Denise 12/04/2012 18:19:28.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1685 [GMT 1:00]
Running from: c:\users\Denise\Desktop\ComboFix.exe
Command switches used :: c:\users\Denise\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\appdata\local\primkhi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 17:28 . 2012-04-12 17:34 -------- d-----w- c:\users\Denise\AppData\Local\temp
2012-04-12 17:28 . 2012-04-12 17:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-12 17:28 . 2012-04-12 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 19:22 . 2012-04-11 19:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-10 06:32 . 2012-04-10 06:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47853870-9478-447A-999C-010EADB49E97}\offreg.dll
2012-04-10 06:22 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47853870-9478-447A-999C-010EADB49E97}\mpengine.dll
2012-04-09 07:40 . 2012-04-09 07:42 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-06 10:21 . 2012-04-06 10:21 -------- d-----w- c:\users\Denise\AppData\Local\adaware
2012-04-06 10:21 . 2011-04-05 16:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-06 10:20 . 2011-04-05 16:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-06 10:19 . 2011-04-05 16:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-06 10:19 . 2011-02-08 08:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-06 10:19 . 2012-04-06 10:19 -------- d-----w- c:\programdata\Lavasoft
2012-04-06 10:19 . 2012-04-06 10:19 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-06 10:17 . 2012-04-06 10:21 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-06 10:17 . 2012-04-06 10:17 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-06 10:17 . 2012-04-06 10:17 -------- d-----w- c:\program files\adawaretb
2012-04-06 10:07 . 2012-04-12 06:45 -------- d-----w- c:\users\Denise\AppData\Roaming\Ad-Aware Antivirus
2012-04-06 07:47 . 2012-04-06 07:47 -------- d-----w- c:\users\Denise\AppData\Roaming\f-secure
2012-04-06 07:46 . 2012-04-06 07:46 -------- d-----w- c:\programdata\F-Secure
2012-04-06 06:36 . 2012-04-06 06:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-22 07:53 . 2012-03-22 18:40 -------- d-----w- c:\programdata\F4D55F3E0003FDDA0349FB90EEC1FB6E
2012-03-22 05:57 . 2012-04-06 06:32 -------- d-----w- c:\programdata\F4D55F3E000435DB0349FB90EEC1FB6E
2012-03-22 05:57 . 2012-03-22 05:57 -------- d-----w- c:\programdata\Local Settings
2012-03-18 06:59 . 2012-03-18 06:59 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 06:59 . 2012-03-18 06:59 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 21:40 . 2012-03-16 21:40 -------- d-----w- c:\program files\iPod
2012-03-16 21:40 . 2012-03-16 21:42 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 19:24 . 2008-01-21 02:24 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-06 06:50 . 2011-08-18 17:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-11 12:48 . 2012-03-11 12:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-02-23 09:18 . 2009-10-03 17:43 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-03-18 06:59 . 2011-05-07 07:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-03-06 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-03-15 4804792]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"kdx"="c:\program files\Kontiki\KHost.exe" [2009-01-02 1041960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 8.0"="e:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-04-10 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2011-03-15 4804792]
.
c:\users\Denise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 11:44]
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 06:50]
.
2012-04-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
- c:\users\Denise\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:31]
.
2012-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
- c:\users\Denise\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 20:31]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:37]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Append to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: 3slive.com
Trusted Zone: 3slive.com\www.logical
Trusted Zone: reflexive.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Notify-primkhi - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2012-04-12 18:34
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,1f,41,43,7c,87,12,4a,87,6a,3f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cf,1f,41,43,7c,87,12,4a,87,6a,3f,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4536)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\TeamViewer\Version6\tv_w32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Kontiki\KService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe
c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe
c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Splashtop\Splashtop Remote\Server\DataProxy.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-04-12 18:38:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 17:38
ComboFix2.txt 1601-01-01 00:00
.
Pre-Run: 29,918,371,840 bytes free
Post-Run: 29,775,867,904 bytes free
.
- - End Of File - - AB388AF5446D8212BD3F14A38E51C343
OTL
OTL logfile created on: 12/04/2012 18:49:18 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Denise\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 55.90% Memory free
6.19 Gb Paging File | 4.94 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117.54 Gb Total Space | 27.78 Gb Free Space | 23.64% Space Free | Partition Type: NTFS
Drive E: | 113.88 Gb Total Space | 105.64 Gb Free Space | 92.76% Space Free | Partition Type: NTFS
Computer Name: DENISELAPTOP | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012/04/09 23:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/10 07:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2011/11/03 19:25:08 | 008,094,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/11/03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/11/03 18:55:50 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/10/21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/17 17:38:58 | 001,896,808 | ---- | M] () -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2011/08/17 17:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011/08/17 17:31:08 | 002,391,368 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/03/15 13:18:36 | 004,804,792 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\Free Ride Games\GPlayer.exe
PRC - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/14 20:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/04/10 18:09:38 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2009/01/02 13:05:40 | 001,041,960 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 15:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/29 03:36:05 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/29 03:35:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/29 03:33:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/29 03:33:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/29 03:33:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/29 03:31:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/29 03:31:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/15 02:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/02/15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/18 13:18:36 | 000,509,304 | ---- | M] () -- C:\Windows\Downloaded Program Files\ExentCtl.ocx
MOD - [2008/08/25 16:59:34 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2951.26938__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2951.27176__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2951.26891__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2951.26953__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2951.27166__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2951.27121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2951.26929__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:34 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2951.27066__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2951.26912__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:33 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2951.27206__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:27 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2951.27131__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2951.27213__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2951.27138__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:27 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2951.26905__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2951.27130__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:26 | 000,794,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2951.27078__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2951.27154__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:26 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2951.26961__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2951.27203__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2951.27098__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2951.27077__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2951.27202__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,901,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2951.27168__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2951.26967__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2951.27069__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2951.26914__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2951.27113__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2951.27059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/08/25 16:59:25 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2951.26974__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/08/25 16:59:25 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2951.27067__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2951.26973__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2951.27076__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2951.27097__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:25 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2951.27111__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/08/25 16:59:24 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/08/25 16:59:24 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/08/25 16:59:24 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/08/25 16:59:23 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2886.28859__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/08/25 16:59:23 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/08/25 16:59:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/08/25 16:59:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/08/25 16:59:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2951.27229__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/08/25 16:59:21 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2951.27244__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2008/08/25 16:59:21 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2951.26878__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/08/25 16:59:20 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2951.26898__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/08/25 16:59:20 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2951.26922__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/08/25 16:59:20 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2951.27183__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/08/25 16:59:20 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2951.27193__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2951.26881__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/08/25 16:59:20 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2951.26882__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/08/25 16:59:20 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2951.27190__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2951.26880__90ba9c70f846762e\APM.Server.dll
MOD - [2008/08/25 16:59:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2951.26879__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/08/25 16:59:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2951.27192__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/08/25 16:59:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/08/25 16:59:20 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/08/25 16:59:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2886.28808__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2008/01/30 15:30:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/12/12 12:46:04 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\patrol_scheduler.dll -- (usbcm)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlsetupsvc.dll -- (sptisrv)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-nassry.dll -- (s616mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-integratedserver-appserver.dll -- (prevxdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntpr_nic_service2.dll -- (MagicTune)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amusbprt.dll -- (iviregmgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cam5603D.dll -- (alcaudsl)
SRV - [2012/04/06 07:50:23 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/11/10 07:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2011/11/03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/17 17:31:36 | 000,518,472 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/14 20:58:49 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/21 16:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Denise\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HDJMidi.sys -- (HDJMidi)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\HDJBulk.sys -- (Bulk)
DRV - [2012/04/09 08:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/03/11 13:50:34 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/19 10:03:00 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/03/19 23:57:01 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/03/10 21:02:38 | 000,056,352 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/10 18:09:42 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/02/01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/30 16:24:00 | 003,483,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/21 15:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2007/04/09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vncdrv.sys -- (vncdrv)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"]http://search.live.c...ferrer:source?}[/url]
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"]http://www.google.co...g}&sourceid=ie7[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AF 67 0E 05 F4 1C 79 4C 8D 1C 91 E4 4B F5 AF 57 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA_en-GB"]http://www.google.co...z=1I7TSEA_en-GB[/url]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig?hl=en&source=iglk"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Denise\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Denise\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/20 18:10:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/20 18:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 07:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/29 16:39:20 | 000,000,000 | ---D | M]
[2010/01/09 11:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Extensions
[2012/04/12 07:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions
[2010/04/28 06:41:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/06 11:17:44 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Denise\AppData\Roaming\Mozilla\Firefox\Profiles\11wuhkp9.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/11/10 22:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DENISE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\11WUHKP9.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/03/18 07:59:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 22:59:04 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/12 22:59:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 22:59:04 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 22:59:04 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 22:59:04 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
O1 HOSTS File: ([2012/04/12 18:34:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 3slive.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 3slive.com ([www.logical] http in Trusted sites)
O15 - HKCU\..Trusted Domains: reflexive.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [url="http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab"]http://upload.facebo...toUploader5.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [url="http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab"]http://upload.facebo...oUploader55.cab[/url] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.ma...r/ultrashim.cab[/url] (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Amazing%20Adventures%20The%20Forgotten%20Dynasty/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.m...ash/swflash.cab[/url] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4026C108-D1AD-49DB-B261-C92CEEAB8CF0}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\primkhi: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012/04/12 18:38:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/12 18:37:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/12 18:28:13 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\temp
[2012/04/12 07:59:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/12 07:59:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/12 07:49:43 | 004,460,006 | R--- | C] (Swearware) -- C:\Users\Denise\Desktop\ComboFix.exe
[2012/04/11 20:30:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Denise\Desktop\aswMBR.exe
[2012/04/11 20:22:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/11 20:19:13 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Denise\Desktop\tdsskiller.exe
[2012/04/09 23:17:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/04/09 22:54:08 | 000,000,000 | ---D | C] -- C:\Users\Denise\Desktop\RK_Quarantine
[2012/04/09 11:42:55 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Denise\Desktop\dds.com
[2012/04/09 08:40:12 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/09 08:23:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/09 08:22:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/06 11:21:47 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\adaware
[2012/04/06 11:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/04/06 11:21:02 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012/04/06 11:20:59 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012/04/06 11:19:56 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012/04/06 11:19:56 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/04/06 11:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/04/06 11:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/04/06 11:17:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\adawarebp
[2012/04/06 11:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/04/06 11:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/04/06 11:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/04/06 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Ad-Aware Antivirus
[2012/04/06 08:47:31 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\f-secure
[2012/04/06 08:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/22 08:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E0003FDDA0349FB90EEC1FB6E
[2012/03/22 06:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000435DB0349FB90EEC1FB6E
[2012/03/22 06:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/03/16 22:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/16 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/16 22:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012/04/12 18:49:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 18:49:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/12 18:46:42 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/12 18:46:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/12 18:37:15 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 18:37:15 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/12 18:36:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
[2012/04/12 18:34:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/12 18:29:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 18:29:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/12 18:29:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/12 18:29:15 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/12 07:50:40 | 000,002,543 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2012/04/12 07:50:23 | 004,460,006 | R--- | M] (Swearware) -- C:\Users\Denise\Desktop\ComboFix.exe
[2012/04/11 21:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
[2012/04/11 21:04:02 | 000,000,512 | ---- | M] () -- C:\Users\Denise\Desktop\MBR.dat
[2012/04/11 20:31:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Denise\Desktop\aswMBR.exe
[2012/04/11 20:19:52 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Denise\Desktop\tdsskiller.exe
[2012/04/09 23:17:50 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Denise\Desktop\OTL.exe
[2012/04/09 22:52:31 | 001,261,568 | ---- | M] () -- C:\Users\Denise\Desktop\RogueKiller.exe
[2012/04/09 17:30:13 | 000,005,149 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Palegreen.html
[2012/04/09 17:20:19 | 000,005,184 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Browncrystal.html
[2012/04/09 17:09:51 | 000,006,785 | ---- | M] () -- C:\Users\Denise\Documents\tree template - agate.html
[2012/04/09 17:02:04 | 000,006,785 | ---- | M] () -- C:\Users\Denise\Documents\tree template - flourite.html
[2012/04/09 16:31:13 | 000,005,171 | ---- | M] () -- C:\Users\Denise\Documents\tree template - Blackcrystal.html
[2012/04/09 11:42:57 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Denise\Desktop\dds.com
[2012/04/09 11:05:06 | 000,006,615 | ---- | M] () -- C:\Users\Denise\Documents\tree template - tigers eye.html
[2012/04/09 08:42:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/04/08 12:00:09 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/05 11:19:53 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/05 10:28:25 | 311,843,187 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/16 22:53:31 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/16 22:53:31 | 000,001,854 | ---- | M] () -- C:\Users\Denise\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/16 22:42:07 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012/04/12 07:59:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/12 07:59:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/12 07:59:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/11 21:04:02 | 000,000,512 | ---- | C] () -- C:\Users\Denise\Desktop\MBR.dat
[2012/04/09 22:51:48 | 001,261,568 | ---- | C] () -- C:\Users\Denise\Desktop\RogueKiller.exe
[2012/04/09 17:30:13 | 000,005,149 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Palegreen.html
[2012/04/09 17:11:29 | 000,005,184 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Browncrystal.html
[2012/04/09 17:09:51 | 000,006,785 | ---- | C] () -- C:\Users\Denise\Documents\tree template - agate.html
[2012/04/09 16:23:21 | 000,005,171 | ---- | C] () -- C:\Users\Denise\Documents\tree template - Blackcrystal.html
[2012/04/09 12:27:35 | 000,006,785 | ---- | C] () -- C:\Users\Denise\Documents\tree template - flourite.html
[2012/04/09 08:23:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/09 08:23:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/06 17:11:04 | 000,006,615 | ---- | C] () -- C:\Users\Denise\Documents\tree template - tigers eye.html
[2012/04/06 11:26:01 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/06 11:21:10 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/04/06 07:36:49 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 14:43:58 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/05 11:19:53 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 22:42:07 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/01 20:03:46 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/07/09 18:54:46 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/07/09 18:53:35 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2011/05/14 07:13:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/23 21:17:22 | 000,000,344 | ---- | C] () -- C:\ProgramData\yhhKHElns4DYqmD
[2011/02/20 11:50:17 | 000,000,336 | ---- | C] () -- C:\ProgramData\X6pQ1shcYjvuz0
[2011/02/20 10:59:13 | 000,000,392 | ---- | C] () -- C:\ProgramData\IlR9jxchz82u
[2011/02/20 10:24:37 | 000,000,731 | ---- | C] () -- C:\Windows\wininit.ini
[2011/02/13 12:57:23 | 000,000,264 | ---- | C] () -- C:\ProgramData\~t66q8BDK768
[2011/02/13 12:57:23 | 000,000,144 | ---- | C] () -- C:\ProgramData\~t66q8BDK768r
[2010/11/13 11:53:42 | 000,197,328 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[color=#E56717]========== LOP Check ==========[/color]
[2012/04/12 07:45:37 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ad-Aware Antivirus
[2008/10/25 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Alloysoft
[2008/10/12 10:33:59 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ancient Quest of Saqqarah__reflexive
[2012/02/09 20:30:22 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Awem
[2009/09/20 14:08:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/03/19 23:57:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DAEMON Tools Lite
[2011/05/14 08:17:50 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DeepVoyage
[2008/08/25 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DesktopSMS
[2009/11/22 12:23:42 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\EcoRescue
[2011/05/14 07:18:08 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Exent Technologies
[2012/04/06 08:47:31 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\f-secure
[2010/06/13 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Facebook
[2011/10/23 16:48:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FileZilla
[2009/10/17 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\GTM_Bodie
[2012/01/02 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\HandBrake
[2008/08/31 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\iWin
[2009/01/22 08:46:56 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\LimeWire
[2008/08/25 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\myphotobook
[2009/12/29 09:43:05 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\NCH Swift Sound
[2009/10/16 16:09:11 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Princess Isabella
[2009/01/04 12:39:55 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Reflexive
[2011/05/28 07:42:31 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\SpinTop
[2011/07/09 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TeamViewer
[2008/10/01 21:11:43 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TOSHIBA
[2011/06/18 08:13:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Total Immersion
[2010/02/07 18:11:47 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Trusteer
[2010/02/01 11:42:53 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\uTorrent
[2009/11/04 08:21:08 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\WinBatch
[2012/04/08 12:00:09 | 000,000,946 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/04/11 21:36:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000Core.job
[2012/04/12 18:36:07 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-57852192-4207613211-3685920990-1000UA.job
[2012/04/12 18:28:23 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[color=#A23BEC]< C:\Windows\assembly\tmp\U\*.* /s >[/color]
[color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color]
[color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color]
[color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color]
[color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color]
[color=#A23BEC]< type c:\diskreport.txt /c >[/color]
Microsoft DiskPart version 6.0.6001
Copyright © 1999-2007 Microsoft Corporation.
On computer: DENISELAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 G DVD-ROM 0 B No Media
Volume 2 C Vista NTFS Partition 118 GB Healthy System
Volume 3 E Data NTFS Partition 114 GB Healthy
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
< End of report >
Celia I can't find the extras.txt this time? I can't see where OTL has saved it I can only see a shortcut when I do a search in c drive that takes me to the old txt file? do you need me to run OTL again?0 -
Hi welshden,
Extras.txt is usually only created the first time.
Close all programs including antivirus programs and other similar programs as TeaTimer of Spybot S&D. Otherwise they might stop OTL.
How? See http://www.bleepingcomputer.com/forums/topic114351.html
Start the program OTL.
Copy all the lines in the box:
[code]
:OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\patrol_scheduler.dll -- (usbcm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlsetupsvc.dll -- (sptisrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-nassry.dll -- (s616mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-integratedserver-appserver.dll -- (prevxdriver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ntpr_nic_service2.dll -- (MagicTune)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amusbprt.dll -- (iviregmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Cam5603D.dll -- (alcaudsl)
[2011/02/23 21:17:22 | 000,000,344 | ---- | C] () -- C:\ProgramData\yhhKHElns4DYqmD
[2011/02/20 11:50:17 | 000,000,336 | ---- | C] () -- C:\ProgramData\X6pQ1shcYjvuz0
[2011/02/20 10:59:13 | 000,000,392 | ---- | C] () -- C:\ProgramData\IlR9jxchz82u
[2011/02/13 12:57:23 | 000,000,264 | ---- | C] () -- C:\ProgramData\~t66q8BDK768
[2011/02/13 12:57:23 | 000,000,144 | ---- | C] () -- C:\ProgramData\~t66q8BDK768r
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:160ADF0B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
:Files
c:\windows\system32\drivers\tdx.sys
:Commands
[CREATERESTOREPOINT]
[REBOOT]
[/code]
Paste them into the field Custom Scans/Fixes.
Click on Run Fix.
If you are asked to restart the computer do that.
Notepad will pop-up with a log. Copy it and paste it into your answer.
If it is not pop-upped, you can find it in the folder c:\_OTL\Moved Files and its name contains the date and time for when OTL was run.
Be sure that antivirus programs etc. are active before connecting to internet.
2.
Run ComboFix and post the log.
Restart the computer.
3.
Run OTL as you did when you created the log in post #29 and post the log.0 -
Cecilia
I have run OTL and it was fine - it restarted but then said it couldn't due to a system error blue screen and a load of warnings - computer would only start in recover mode and then did a system restore but I am not sure to which point - things look to be working but not sure where I am now /sad.png' class='bbc_emoticon' alt=':(' />0 -
I'm sorry, Welshden.
Run ComboFix and OTL as you did when you created the log in post #29 and post their logs. Then I can see the current status.0
Please sign in to leave a comment.
Comments
48 comments