smalltownboy

Hi there, The other day my niece was using my computer and attempted to download a game from Softonic, but as she is a non admin her access was blocked. However, a variant of opencandy still managed to make it onto my system as a Malwarebytes scan discovered. I have followed an online guide on how to remove opencandy which did help in regards to system performance but recently I have found that Google Chrome will sometimes not load a specific page and will take longer to load pages in general. This has lead me to believe that there are still traces of the malware present on the system - I have tried doing all the basics such as clearing the cache, history, DNS and resetting my internet connection, but this has been to no avail. Please see attached Farbar logs for further info. Any help would be greatly appreciated Addition.txt FRST.txt

Hey MrC, Thankyou so much for your help again!! It's been much appreciated! At least I'm all clear now, thats the main thing! I will take a look at the links supplied by you above and hopefully get to the bottom of the slowdowns. I may look into upgrading my RAM to 4 gigs as I currently only have 2 gigs installed. Once again, thanks for all your assistance! Kind regards Richard

Ah ok, thats odd....its was definitely the right log, anyway, the scan came back negative so thats all good! Richard

Hey MrC, Please find attached log from ESET Online Scanner below. Its really small....is that right? Kind regards Richard ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK

Hope they help

ATTACH Log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 20/09/2010 17:26:45 System Uptime: 20/04/2012 19:44:12 (4 hours ago) . Motherboard: TOSHIBA | | ISKAA Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | U2E1 | 2000/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 116 GiB total, 23.457 GiB free. D: is FIXED (NTFS) - 115 GiB total, 3.637 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: mbr Device ID: ROOT\LEGACY_MBR\0000 Manufacturer: Name: mbr PNP Device ID: ROOT\LEGACY_MBR\0000 Service: mbr . ==== System Restore Points =================== . RP340: 17/04/2012 20:34:22 - Free of Malware RP341: 17/04/2012 20:44:40 - Installed Java 6 Update 31 RP342: 19/04/2012 18:39:45 - Before CCleaner RP343: 20/04/2012 13:10:15 - Before Graphics Update RP344: 20/04/2012 13:18:09 - Installed TOSHIBA TEMPRO RP345: 20/04/2012 19:21:51 - Before Registry Fix RP346: 20/04/2012 21:28:07 - Before ComboFix . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.2) Adobe Shockwave Player 11.6 Advertising Center Akamai NetSession Interface Akamai NetSession Interface Service ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager µTorrent Avanquest update AVG 2012 AviSynth 2.5 BBC iPlayer Desktop BeebEm V4.13 Bonjour Broadcom High Definition Video Decoder 2.6.0.2 Camera Assistant Software for Toshiba Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista ccc-core-static ccc-utility CCC Help English CCleaner Cisco Packet Tracer 5.3.1 D3DX10 DVD Shrink 3.2 EA Download Manager EPSON Printer Software EZ Vinyl/Tape Converter 4.1 by MixMeister FinePixViewer Resource FinePixViewer Ver.5.5 FinePixViewer YTUPL Floppy Image 2.4 FrostWire 4.21.8 FUJIFILM USB Driver Garmin USB Drivers Garmin WebUpdater Google Earth Plug-in Google Talk Plugin Google Update Helper GrabIt 1.7.2 Beta 6 (build 1008) High-Definition Video Playback HiJackThis Hotspot Shield 2.53 HTC BMP USB Driver HTC Driver Installer HTC Sync iCloud ImagXpress ImgBurn iTunes Java Auto Updater Java DB 10.5.3.0 Java 6 Update 31 Java SE Development Kit 6 Update 23 Magic ISO Maker v5.4 (build 0239) Malwarebytes Anti-Malware version 1.61.0.1400 Media Go Microsoft .NET Framework 4 Client Profile Microsoft 3D Movie Maker 1.0 Microsoft Application Compatibility Toolkit 5.6 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project 2007 Service Pack 3 (SP3) Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio 2007 Service Pack 3 (SP3) Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime MobileMe Control Panel MotoHelper 2.1.40 Driver 5.5.0 MotoHelper MergeModules Motorola Mobile Drivers Installation 5.5.0 Motorola Phone Tools Mozilla Firefox 11.0 (x86 en-GB) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) MyPhoneExplorer Nero 11 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero Audio Pack 1 Nero BackItUp 11 Help (CHM) Nero Backup Drivers Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero Express 11 Nero Express 11 Help (CHM) Nero Installer Nero Kwik Media Help (CHM) Nero Recode 11 Nero Recode 11 Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) nero.prerequisites.msi neroxml NTREGOPT 1.1j OpenAL OpenDNS Updater 2.2.1 Oracle Data Provider for .NET Help Oracle Database 10g Express Edition Oracle VM VirtualBox 4.1.10 Paint.NET v3.5.10 Pando Media Booster PlayReady PC Runtime x86 PlayStation®Network Downloader PlayStation®Store QuickTime Rapport Realtek High Definition Audio Driver Retro Granny's Garden Revo Uninstaller 1.93 Seagate Dashboard Secure Download Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Shockwave Skins SkyPlayer for Windows Media Center Sony Ericsson PC Companion 2.02.002 Speccy SpeedFan (remove only) Spotify swMSM System Requirements Lab for Intel Texas Instruments PCIxx21/x515/xx12 drivers. The Adventures of Elmo in Grouchland TIPCI tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TOSHIBA TEMPRO Unity Web Player Unreal Media Player Plugin Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Project 2007 Help (KB963668) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Visio 2007 Help (KB963666) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 1.1.11 VMware Workstation VobSub v2.23 (Remove Only) welcome Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinImage WinPcap 4.1.2 WinRAR archiver WinUAE 2.3.3 Wireshark 1.4.6 WolfQuest World of Warcraft XviD MPEG4 Video Codec (remove only) . ==== Event Viewer Messages From Past Week ======== . 20/04/2012 22:49:56, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20/04/2012 21:33:05, Error: Service Control Manager [7034] - The OracleXETNSListener service terminated unexpectedly. It has done this 1 time(s). 20/04/2012 19:37:08, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 20/04/2012 18:15:11, Error: NetBT [4321] - The name "HOME :1d" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 20/04/2012 16:28:09, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 20/04/2012 12:07:51, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 19/04/2012 19:06:46, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect. 19/04/2012 19:06:46, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 19/04/2012 19:04:48, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 19/04/2012 19:04:48, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 19/04/2012 16:58:35, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 18/04/2012 23:31:17, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avgwd service. 15/04/2012 18:25:57, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. 15/04/2012 13:09:10, Error: NetBT [4321] - The name "HOME :1d" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer. 14/04/2012 15:57:41, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Gemplus USB Smart Card Reader 0' rejected IOCTL EJECT: The request is not supported. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX 13/04/2012 11:12:40, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 13/04/2012 11:12:34, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. . ==== End Of File ===========================

DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Richard Pugh at 23:01:31 on 2012-04-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.705 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe C:\Windows\system32\NLSSRV32.EXE c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Toshiba TEMPRO\TemproSvc.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\system32\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\vmnetdhcp.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Toshiba TEMPRO\TemproTray.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conhost.exe C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.co.uk/ig BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [\\LIVVY\EPSON Stylus DX4800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiade.exe /p34 "\\livvy\EPSON Stylus DX4800 Series" /M "Stylus DX4800" /EF "HKCU" uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: c:\program files\vmware\vmware workstation\vsocklib.dll DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{4EEF25BC-B697-4DBC-B3CA-E2B97BEAF13C} : DhcpNameServer = 82.132.254.2 82.132.254.3 TCP: Interfaces\{64B70A10-0FD4-4320-98BA-99139F78F39E} : DhcpNameServer = 192.168.42.129 TCP: Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18} : NameServer = 10.94.128.1 TCP: Interfaces\{D27A2E10-E5BE-4F04-9FA1-35CE9E42CDDF} : DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{D27A2E10-E5BE-4F04-9FA1-35CE9E42CDDF}\46C696E6B6 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{D27A2E10-E5BE-4F04-9FA1-35CE9E42CDDF}\84F647D235869647 : DhcpNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\richard pugh\appdata\roaming\mozilla\firefox\profiles\axfhndiz.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk/ig FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npkanevapatch.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\program files\unrealmediaplayer5plugin\npUMediaPlayer5.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\richard pugh\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\users\richard pugh\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\users\richard pugh\appdata\roaming\mozilla\firefox\profiles\axfhndiz.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll FF - plugin: c:\users\richard pugh\appdata\roaming\mozilla\plugins\npatgpc.dll FF - plugin: c:\users\richard pugh\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\richard pugh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll FF - plugin: c:\windows\system32\wat\npWatWeb.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592] R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-3-18 56496] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-3-18 12464] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248] R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-4-11 542552] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-4 654408] R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-1 214896] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-9-23 641832] R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-2-24 70136] R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\oracle.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2011-2-10 112080] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-9-23 539248] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-4 22344] R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2012-3-5 6639616] R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-7-19 21520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-19 136176] S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\bin\TNSLSNR.EXE [2006-2-2 204800] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253600] S3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2011-7-21 437888] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-7-21 13352] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-19 136176] S3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;c:\windows\system32\drivers\hcwu2dtd.sys [2011-7-23 58880] S3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;c:\windows\system32\drivers\hcwu2dtl.sys [2011-7-23 18432] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432] S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2010-2-24 562464] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [2010-3-24 22016] S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [2010-3-24 28160] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-12-17 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-12-17 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-12-17 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-12-17 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-12-17 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-12-17 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-12-17 115752] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-12-17 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-12-17 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-12-17 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-12-17 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-12-17 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-12-17 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-12-17 109864] S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-4-6 155344] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-20 1343400] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe xe --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\extjob.exe XE [?] . =============== Created Last 30 ================ . 2012-04-20 21:55:53 -------- d-sh--w- C:\$RECYCLE.BIN 2012-04-20 20:59:57 -------- d-----w- c:\users\richard pugh\appdata\local\temp 2012-04-20 20:29:26 98816 ----a-w- c:\windows\sed.exe 2012-04-20 20:29:26 518144 ----a-w- c:\windows\SWREG.exe 2012-04-20 20:29:26 256000 ----a-w- c:\windows\PEV.exe 2012-04-20 20:29:26 208896 ----a-w- c:\windows\MBR.exe 2012-04-20 18:23:05 -------- d-----w- c:\program files\NT Registry Optimizer 2012-04-20 12:34:44 53248 ----a-w- c:\windows\system32\CSVer.dll 2012-04-20 12:30:58 -------- d-----w- c:\program files\SystemRequirementsLab 2012-04-20 12:20:45 -------- d-----w- c:\program files\Toshiba TEMPRO 2012-04-20 12:17:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-04-20 12:11:04 -------- d-----w- C:\AMD 2012-04-19 19:56:25 -------- d-----w- c:\program files\SpeedFan 2012-04-17 23:04:04 -------- d-----w- c:\users\richard pugh\appdata\roaming\OpenDNS Updater 2012-04-17 23:04:03 -------- d-----w- c:\program files\OpenDNS Updater 2012-04-17 19:46:23 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2012-04-17 18:12:30 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2012-04-11 09:30:05 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 09:30:05 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 09:30:05 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 09:30:05 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 09:29:43 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 09:29:43 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-10 13:27:22 561992 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor11.dll 2012-04-10 13:27:07 -------- d-----w- c:\programdata\Hotspot Shield 2012-04-06 13:49:11 -------- d-----w- c:\users\richard pugh\appdata\local\{DAF1686A-F414-423D-9240-65387AB54C38} 2012-04-06 11:29:20 388096 ----a-r- c:\users\richard pugh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-04-06 11:29:19 -------- d-----w- c:\program files\Trend Micro 2012-04-04 13:40:11 -------- d-----w- c:\users\richard pugh\appdata\roaming\Malwarebytes 2012-04-04 13:40:04 -------- d-----w- c:\programdata\Malwarebytes 2012-04-04 13:40:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-04 13:40:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-31 19:40:19 -------- d-----w- c:\users\richard pugh\appdata\local\BVRP Software 2012-03-31 19:38:52 -------- d-----w- c:\program files\Motorola Phone Tools 2012-03-31 18:58:16 -------- d-----w- c:\users\richard pugh\appdata\local\{5A2125D6-7B63-11E1-826D-B8AC6F996F26} 2012-03-31 18:52:58 -------- d-----w- c:\users\richard pugh\appdata\roaming\Motorola 2012-03-31 18:50:21 -------- d-----w- c:\program files\common files\Motorola Shared 2012-03-31 18:50:14 -------- d-----w- c:\program files\Motorola 2012-03-31 13:12:48 -------- d-----w- c:\program files\Paint.NET 2012-03-31 13:12:08 -------- d-----w- c:\users\richard pugh\appdata\local\Paint.NET 2012-03-30 21:38:41 -------- d-----w- c:\program files\iPod 2012-03-30 21:38:40 -------- d-----w- c:\program files\iTunes 2012-03-29 10:27:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-28 14:28:59 -------- d-----w- c:\users\richard pugh\appdata\local\XACT 2012-03-28 12:09:53 -------- d-----w- c:\users\richard pugh\appdata\local\e-academy Inc 2012-03-28 12:09:52 -------- d-----w- c:\users\richard pugh\appdata\roaming\e-academy Inc . ==================== Find3M ==================== . 2012-04-17 19:46:07 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-29 10:27:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-14 18:57:50 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-03-14 18:57:50 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-03-14 18:57:50 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-03-14 18:57:50 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-03-14 18:57:48 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-11 13:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-24 02:43:50 70136 ----a-w- c:\windows\system32\NLSSRV32.EXE 2012-02-24 02:43:08 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-24 02:43:06 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-07 10:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 12:57:48 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 23:02:28.72 ===============

ComboFix Log ComboFix 12-04-20.03 - Richard Pugh 20/04/2012 22:33:49.3.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.986 [GMT 1:00] Running from: c:\users\Richard Pugh\Desktop\ComboFix.exe Command switches used :: c:\users\Richard Pugh\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))) . . 2012-04-20 21:49 . 2012-04-20 21:49 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-04-20 21:49 . 2012-04-20 21:49 -------- d-----w- c:\users\Family\AppData\Local\temp 2012-04-20 21:49 . 2012-04-20 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-20 20:59 . 2012-04-20 21:49 -------- d-----w- c:\users\Richard Pugh\AppData\Local\temp 2012-04-20 18:23 . 2012-04-20 18:23 -------- d-----w- c:\program files\NT Registry Optimizer 2012-04-20 12:34 . 2011-02-28 07:09 53248 ----a-w- c:\windows\system32\CSVer.dll 2012-04-20 12:30 . 2012-04-20 12:30 -------- d-----w- c:\program files\SystemRequirementsLab 2012-04-20 12:20 . 2012-04-20 12:20 -------- d-----w- c:\program files\Toshiba TEMPRO 2012-04-20 12:17 . 2012-04-20 12:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-04-20 12:11 . 2012-04-20 12:11 -------- d-----w- C:\AMD 2012-04-19 19:56 . 2012-04-20 10:18 -------- d-----w- c:\program files\SpeedFan 2012-04-17 23:04 . 2012-04-17 23:04 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\OpenDNS Updater 2012-04-17 23:04 . 2012-04-17 23:04 -------- d-----w- c:\program files\OpenDNS Updater 2012-04-17 19:46 . 2012-04-17 19:46 -------- d-----w- c:\program files\Common Files\Java 2012-04-17 19:46 . 2012-04-17 19:46 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2012-04-17 18:12 . 2012-04-20 21:01 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2012-04-14 18:27 . 2012-04-14 19:26 -------- d-----w- c:\users\Family\AppData\Local\Paint.NET 2012-04-11 09:30 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 09:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 09:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 09:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 09:29 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 09:29 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-10 13:27 . 2012-04-10 13:27 561992 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor11.dll 2012-04-10 13:27 . 2012-04-10 13:27 -------- d-----w- c:\programdata\Hotspot Shield 2012-04-06 11:29 . 2012-04-06 11:29 388096 ----a-r- c:\users\Richard Pugh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-06 11:29 . 2012-04-06 11:29 -------- d-----w- c:\program files\Trend Micro 2012-04-04 13:40 . 2012-04-04 13:40 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\Malwarebytes 2012-04-04 13:40 . 2012-04-05 07:13 -------- d-----w- c:\programdata\Malwarebytes 2012-04-04 13:40 . 2012-04-13 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-04 13:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 22:47 . 2012-03-31 22:47 -------- d-----w- c:\users\Family\AppData\Roaming\Motorola 2012-03-31 19:40 . 2012-03-31 19:40 -------- d-----w- c:\users\Richard Pugh\AppData\Local\BVRP Software 2012-03-31 19:38 . 2012-03-31 19:39 -------- d-----w- c:\program files\Motorola Phone Tools 2012-03-31 18:58 . 2012-03-31 18:58 -------- d-----w- c:\users\Richard Pugh\AppData\Local\{5A2125D6-7B63-11E1-826D-B8AC6F996F26} 2012-03-31 18:52 . 2012-03-31 18:52 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\Motorola 2012-03-31 18:50 . 2012-03-31 18:50 -------- d-----w- c:\program files\Common Files\Motorola Shared 2012-03-31 18:50 . 2012-03-31 18:50 -------- d-----w- c:\program files\Motorola 2012-03-31 13:12 . 2012-03-31 13:13 -------- d-----w- c:\program files\Paint.NET 2012-03-31 13:12 . 2012-03-31 22:34 -------- d-----w- c:\users\Richard Pugh\AppData\Local\Paint.NET 2012-03-30 21:38 . 2012-03-30 21:38 -------- d-----w- c:\program files\iPod 2012-03-30 21:38 . 2012-03-30 21:39 -------- d-----w- c:\program files\iTunes 2012-03-30 21:30 . 2012-03-30 21:30 -------- d-----w- c:\users\Family\AppData\Local\Apple 2012-03-30 21:27 . 2012-03-30 21:27 -------- d-----w- c:\users\Family\AppData\Local\Apple Computer 2012-03-29 10:27 . 2012-03-29 10:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-28 14:28 . 2012-03-28 14:38 -------- d-----w- c:\users\Richard Pugh\AppData\Local\XACT 2012-03-28 12:09 . 2012-03-28 12:09 -------- d-----w- c:\users\Richard Pugh\AppData\Local\e-academy Inc 2012-03-28 12:09 . 2012-03-28 12:09 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\e-academy Inc . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-17 19:46 . 2010-09-27 09:34 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-29 10:27 . 2011-05-19 09:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-14 18:57 . 2012-03-17 20:12 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-03-14 18:57 . 2012-03-17 20:11 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-03-14 18:57 . 2012-03-14 18:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-03-14 18:57 . 2012-03-14 18:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-03-14 18:57 . 2012-03-14 18:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-02-26 00:18 . 2011-08-24 09:16 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-02-26 00:08 . 2011-03-04 11:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-02-24 02:43 . 2012-02-24 02:43 70136 ----a-w- c:\windows\system32\NLSSRV32.EXE 2012-02-24 02:43 . 2012-03-03 11:26 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-24 02:43 . 2012-03-03 11:26 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-17 05:34 . 2012-03-14 10:28 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14 . 2012-03-14 10:28 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13 . 2012-03-14 10:28 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-10 05:38 . 2012-03-14 10:28 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 03:54 . 2012-03-14 10:28 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 12:57 . 2012-01-25 12:57 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys 2012-01-25 05:32 . 2012-03-14 10:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32 . 2012-03-14 10:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27 . 2012-03-14 10:28 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-18 10:09 . 2011-03-21 19:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "\\LIVVY\EPSON Stylus DX4800 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-10-30 303104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2011-12-23 05:57 3334432 ----a-w- c:\users\Richard Pugh\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-06 00:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-04-10 15:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] 2011-12-20 13:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2011-10-21 14:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] 2011-09-23 20:45 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe . R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 136176] R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888] R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x] R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-09-25 13352] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 136176] R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;c:\windows\system32\Drivers\hcwu2dtd.sys [2009-01-11 58880] R3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;c:\windows\system32\DRIVERS\hcwu2dtl.sys [2009-01-11 18432] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432] R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2010-03-24 22016] R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2010-03-24 28160] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-20 1343400] R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-03-11 56208] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-20 691696] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-03-11 71440] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-03-11 164112] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-14 158512] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-14 91952] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-02-24 70136] S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-09-23 70768] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-09-23 539248] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616] S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-07-19 21520] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-14 116016] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 55793214 *NewlyCreated* - RAPPORTIASO *Deregistered* - 55793214 *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:27] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 14:11] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 14:11] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213263347-4281731233-2383071133-1000Core.job - c:\users\Richard Pugh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 11:22] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213263347-4281731233-2383071133-1000UA.job - c:\users\Richard Pugh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 11:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.co.uk/ig IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18}: NameServer = 10.94.128.1 DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB FF - ProfilePath - c:\users\Richard Pugh\AppData\Roaming\Mozilla\Firefox\Profiles\axfhndiz.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk/ig . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-20 22:58:07 ComboFix-quarantined-files.txt 2012-04-20 21:58 ComboFix2.txt 2012-04-20 20:59 . Pre-Run: 25,386,123,264 bytes free Post-Run: 25,104,470,016 bytes free . - - End Of File - - 2263371EED13610390617554EE56F0CF

Hey MrC, Please find attached ComboFix log below. Interestingly enough, it did delete some more files! Kind regards Richard ComboFix 12-04-20.03 - Richard Pugh 20/04/2012 21:33:35.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.1072 [GMT 1:00] Running from: c:\users\Richard Pugh\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Richard Pugh\AppData\Roaming\RIFT c:\users\Richard Pugh\AppData\Roaming\RIFT\rift.cfg c:\users\Richard Pugh\AppData\Roaming\RIFT\riftpatch.cfg c:\windows\desktop c:\windows\desktop\The Adventures of Elmo in Grouchland.lnk . . ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))) . . 2012-04-20 20:49 . 2012-04-20 20:50 -------- d-----w- c:\users\Richard Pugh\AppData\Local\temp 2012-04-20 20:49 . 2012-04-20 20:49 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-04-20 20:49 . 2012-04-20 20:49 -------- d-----w- c:\users\Family\AppData\Local\temp 2012-04-20 20:49 . 2012-04-20 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-20 18:23 . 2012-04-20 18:23 -------- d-----w- c:\program files\NT Registry Optimizer 2012-04-20 12:34 . 2011-02-28 07:09 53248 ----a-w- c:\windows\system32\CSVer.dll 2012-04-20 12:30 . 2012-04-20 12:30 -------- d-----w- c:\program files\SystemRequirementsLab 2012-04-20 12:20 . 2012-04-20 12:20 -------- d-----w- c:\program files\Toshiba TEMPRO 2012-04-20 12:17 . 2012-04-20 12:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-04-20 12:11 . 2012-04-20 12:11 -------- d-----w- C:\AMD 2012-04-19 19:56 . 2012-04-20 10:18 -------- d-----w- c:\program files\SpeedFan 2012-04-17 23:04 . 2012-04-17 23:04 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\OpenDNS Updater 2012-04-17 23:04 . 2012-04-17 23:04 -------- d-----w- c:\program files\OpenDNS Updater 2012-04-17 19:46 . 2012-04-17 19:46 -------- d-----w- c:\program files\Common Files\Java 2012-04-17 19:46 . 2012-04-17 19:46 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2012-04-17 18:12 . 2012-04-18 16:53 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2012-04-14 18:27 . 2012-04-14 19:26 -------- d-----w- c:\users\Family\AppData\Local\Paint.NET 2012-04-11 09:30 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 09:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 09:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 09:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 09:29 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 09:29 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-10 13:27 . 2012-04-10 13:27 561992 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor11.dll 2012-04-10 13:27 . 2012-04-10 13:27 -------- d-----w- c:\programdata\Hotspot Shield 2012-04-06 11:29 . 2012-04-06 11:29 388096 ----a-r- c:\users\Richard Pugh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-06 11:29 . 2012-04-06 11:29 -------- d-----w- c:\program files\Trend Micro 2012-04-04 13:40 . 2012-04-04 13:40 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\Malwarebytes 2012-04-04 13:40 . 2012-04-05 07:13 -------- d-----w- c:\programdata\Malwarebytes 2012-04-04 13:40 . 2012-04-13 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-04 13:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 22:47 . 2012-03-31 22:47 -------- d-----w- c:\users\Family\AppData\Roaming\Motorola 2012-03-31 19:40 . 2012-03-31 19:40 -------- d-----w- c:\users\Richard Pugh\AppData\Local\BVRP Software 2012-03-31 19:38 . 2012-03-31 19:39 -------- d-----w- c:\program files\Motorola Phone Tools 2012-03-31 18:58 . 2012-03-31 18:58 -------- d-----w- c:\users\Richard Pugh\AppData\Local\{5A2125D6-7B63-11E1-826D-B8AC6F996F26} 2012-03-31 18:52 . 2012-03-31 18:52 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\Motorola 2012-03-31 18:50 . 2012-03-31 18:50 -------- d-----w- c:\program files\Common Files\Motorola Shared 2012-03-31 18:50 . 2012-03-31 18:50 -------- d-----w- c:\program files\Motorola 2012-03-31 13:12 . 2012-03-31 13:13 -------- d-----w- c:\program files\Paint.NET 2012-03-31 13:12 . 2012-03-31 22:34 -------- d-----w- c:\users\Richard Pugh\AppData\Local\Paint.NET 2012-03-30 21:38 . 2012-03-30 21:38 -------- d-----w- c:\program files\iPod 2012-03-30 21:38 . 2012-03-30 21:39 -------- d-----w- c:\program files\iTunes 2012-03-30 21:30 . 2012-03-30 21:30 -------- d-----w- c:\users\Family\AppData\Local\Apple 2012-03-30 21:27 . 2012-03-30 21:27 -------- d-----w- c:\users\Family\AppData\Local\Apple Computer 2012-03-29 10:27 . 2012-03-29 10:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-28 14:28 . 2012-03-28 14:38 -------- d-----w- c:\users\Richard Pugh\AppData\Local\XACT 2012-03-28 12:09 . 2012-03-28 12:09 -------- d-----w- c:\users\Richard Pugh\AppData\Local\e-academy Inc 2012-03-28 12:09 . 2012-03-28 12:09 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\e-academy Inc . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-17 19:46 . 2010-09-27 09:34 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-29 10:27 . 2011-05-19 09:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-14 18:57 . 2012-03-17 20:12 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-03-14 18:57 . 2012-03-17 20:11 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-03-14 18:57 . 2012-03-14 18:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2012-03-14 18:57 . 2012-03-14 18:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-03-14 18:57 . 2012-03-14 18:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll 2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-02-26 00:18 . 2011-08-24 09:16 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-02-26 00:08 . 2011-03-04 11:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-02-24 02:43 . 2012-02-24 02:43 70136 ----a-w- c:\windows\system32\NLSSRV32.EXE 2012-02-24 02:43 . 2012-03-03 11:26 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-24 02:43 . 2012-03-03 11:26 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-17 05:34 . 2012-03-14 10:28 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14 . 2012-03-14 10:28 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13 . 2012-03-14 10:28 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-10 05:38 . 2012-03-14 10:28 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-02-03 03:54 . 2012-03-14 10:28 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 12:57 . 2012-01-25 12:57 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys 2012-01-25 05:32 . 2012-03-14 10:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32 . 2012-03-14 10:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27 . 2012-03-14 10:28 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-18 10:09 . 2011-03-21 19:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "\\LIVVY\EPSON Stylus DX4800 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-10-30 303104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2011-12-23 05:57 3334432 ----a-w- c:\users\Richard Pugh\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-06 00:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] 2007-04-10 15:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] 2011-12-20 13:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2011-10-21 14:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] 2011-09-23 20:45 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 136176] R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888] R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x] R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-09-25 13352] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 136176] R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;c:\windows\system32\Drivers\hcwu2dtd.sys [2009-01-11 58880] R3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;c:\windows\system32\DRIVERS\hcwu2dtl.sys [2009-01-11 18432] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432] R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2010-03-24 22016] R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2010-03-24 28160] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-20 1343400] R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-03-11 56208] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-20 691696] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-03-11 71440] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-03-11 164112] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-14 158512] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-14 91952] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-02-24 70136] S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-09-23 70768] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-09-23 539248] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616] S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-07-19 21520] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 104752] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-14 116016] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 55793214 *NewlyCreated* - RAPPORTIASO *Deregistered* - 55793214 *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:27] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 14:11] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 14:11] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213263347-4281731233-2383071133-1000Core.job - c:\users\Richard Pugh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 11:22] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213263347-4281731233-2383071133-1000UA.job - c:\users\Richard Pugh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 11:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.co.uk/ig uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;192.168.*.* IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18}: NameServer = 10.94.128.1 DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB FF - ProfilePath - c:\users\Richard Pugh\AppData\Roaming\Mozilla\Firefox\Profiles\axfhndiz.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk/ig . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-20 21:59:54 ComboFix-quarantined-files.txt 2012-04-20 20:59 . Pre-Run: 25,412,993,024 bytes free Post-Run: 25,324,515,328 bytes free . - - End Of File - - A2AAB3CC4EF771611A7EBFA5A565C23F

Please find attached TDSSKiller Report below. Richard 21:11:09.0026 6508 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31 21:11:09.0149 6508 ============================================================ 21:11:09.0149 6508 Current date / time: 2012/04/20 21:11:09.0149 21:11:09.0149 6508 SystemInfo: 21:11:09.0149 6508 21:11:09.0149 6508 OS Version: 6.1.7601 ServicePack: 1.0 21:11:09.0149 6508 Product type: Workstation 21:11:09.0149 6508 ComputerName: LAPPY-TOPPY 21:11:09.0150 6508 UserName: Richard Pugh 21:11:09.0150 6508 Windows directory: C:\Windows 21:11:09.0150 6508 System windows directory: C:\Windows 21:11:09.0150 6508 Processor architecture: Intel x86 21:11:09.0150 6508 Number of processors: 2 21:11:09.0150 6508 Page size: 0x1000 21:11:09.0150 6508 Boot type: Normal boot 21:11:09.0150 6508 ============================================================ 21:11:10.0914 6508 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:11:10.0934 6508 \Device\Harddisk0\DR0: 21:11:10.0935 6508 MBR partitions: 21:11:10.0935 6508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE8E2800 21:11:10.0935 6508 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEBD1000, BlocksNum 0xE5F4800 21:11:10.0971 6508 C: <-> \Device\Harddisk0\DR0\Partition0 21:11:11.0023 6508 D: <-> \Device\Harddisk0\DR0\Partition1 21:11:11.0024 6508 Initialize success 21:11:11.0024 6508 ============================================================ 21:11:29.0933 7792 ============================================================ 21:11:29.0934 7792 Scan started 21:11:29.0934 7792 Mode: Manual; SigCheck; TDLFS; 21:11:29.0934 7792 ============================================================ 21:11:30.0706 7792 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 21:11:30.0932 7792 1394ohci - ok 21:11:31.0043 7792 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 21:11:31.0075 7792 ACPI - ok 21:11:31.0124 7792 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 21:11:31.0216 7792 AcpiPmi - ok 21:11:31.0343 7792 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 21:11:31.0375 7792 AdobeARMservice - ok 21:11:31.0510 7792 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:11:31.0531 7792 AdobeFlashPlayerUpdateSvc - ok 21:11:31.0606 7792 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 21:11:31.0652 7792 adp94xx - ok 21:11:31.0735 7792 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 21:11:31.0760 7792 adpahci - ok 21:11:31.0822 7792 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 21:11:31.0860 7792 adpu320 - ok 21:11:31.0904 7792 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 21:11:31.0991 7792 AeLookupSvc - ok 21:11:32.0093 7792 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 21:11:32.0199 7792 AFD - ok 21:11:32.0303 7792 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 21:11:32.0338 7792 agp440 - ok 21:11:32.0376 7792 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 21:11:32.0399 7792 aic78xx - ok 21:11:32.0735 7792 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll 21:11:32.0735 7792 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7 21:11:32.0745 7792 Akamai ( HiddenFile.Multi.Generic ) - warning 21:11:32.0745 7792 Akamai - detected HiddenFile.Multi.Generic (1) 21:11:32.0857 7792 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 21:11:32.0953 7792 ALG - ok 21:11:33.0011 7792 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 21:11:33.0042 7792 aliide - ok 21:11:33.0156 7792 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe 21:11:33.0230 7792 AMD External Events Utility - ok 21:11:33.0302 7792 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 21:11:33.0346 7792 amdagp - ok 21:11:33.0422 7792 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 21:11:33.0464 7792 amdide - ok 21:11:33.0529 7792 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 21:11:33.0592 7792 AmdK8 - ok 21:11:33.0666 7792 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 21:11:33.0733 7792 AmdPPM - ok 21:11:33.0798 7792 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 21:11:33.0836 7792 amdsata - ok 21:11:33.0866 7792 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 21:11:33.0892 7792 amdsbs - ok 21:11:33.0973 7792 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 21:11:33.0998 7792 amdxata - ok 21:11:34.0064 7792 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys 21:11:34.0142 7792 ApfiltrService - ok 21:11:34.0231 7792 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 21:11:34.0380 7792 AppID - ok 21:11:34.0487 7792 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 21:11:34.0558 7792 AppIDSvc - ok 21:11:34.0607 7792 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 21:11:34.0652 7792 Appinfo - ok 21:11:34.0760 7792 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:11:34.0793 7792 Apple Mobile Device - ok 21:11:34.0908 7792 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 21:11:34.0973 7792 AppMgmt - ok 21:11:35.0028 7792 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 21:11:35.0051 7792 arc - ok 21:11:35.0160 7792 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 21:11:35.0205 7792 arcsas - ok 21:11:35.0231 7792 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 21:11:35.0369 7792 AsyncMac - ok 21:11:35.0475 7792 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 21:11:35.0515 7792 atapi - ok 21:11:35.0573 7792 Ati External Event Utility (74279ed618c00eb4c534ba2b21583cbb) C:\Windows\system32\Ati2evxx.exe 21:11:35.0659 7792 Ati External Event Utility - ok 21:11:35.0848 7792 atikmdag (d9527f4bde7e18077a33623f0bc8eb86) C:\Windows\system32\DRIVERS\atikmdag.sys 21:11:35.0924 7792 atikmdag - ok 21:11:36.0032 7792 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 21:11:36.0092 7792 AudioEndpointBuilder - ok 21:11:36.0104 7792 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 21:11:36.0141 7792 Audiosrv - ok 21:11:36.0260 7792 AVerFx2hbtv (f0a4e98f9af1a886eabf7f027069808b) C:\Windows\system32\drivers\AVerFx2hbtv.sys 21:11:36.0300 7792 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - warning 21:11:36.0300 7792 AVerFx2hbtv - detected UnsignedFile.Multi.Generic (1) 21:11:36.0525 7792 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 21:11:36.0612 7792 AVGIDSAgent - ok 21:11:36.0716 7792 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 21:11:36.0763 7792 AVGIDSDriver - ok 21:11:36.0806 7792 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 21:11:36.0820 7792 AVGIDSEH - ok 21:11:36.0852 7792 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 21:11:36.0867 7792 AVGIDSFilter - ok 21:11:36.0917 7792 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 21:11:36.0950 7792 AVGIDSShim - ok 21:11:37.0063 7792 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys 21:11:37.0102 7792 Avgldx86 - ok 21:11:37.0137 7792 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 21:11:37.0152 7792 Avgmfx86 - ok 21:11:37.0193 7792 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys 21:11:37.0223 7792 Avgrkx86 - ok 21:11:37.0318 7792 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 21:11:37.0365 7792 Avgtdix - ok 21:11:37.0469 7792 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 21:11:37.0502 7792 avgwd - ok 21:11:37.0610 7792 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 21:11:37.0709 7792 AxInstSV - ok 21:11:37.0825 7792 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 21:11:37.0893 7792 b06bdrv - ok 21:11:38.0002 7792 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 21:11:38.0067 7792 b57nd60x - ok 21:11:38.0127 7792 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 21:11:38.0212 7792 BDESVC - ok 21:11:38.0320 7792 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 21:11:38.0405 7792 Beep - ok 21:11:38.0458 7792 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 21:11:38.0512 7792 BFE - ok 21:11:38.0673 7792 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll 21:11:38.0779 7792 BITS - ok 21:11:38.0886 7792 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 21:11:38.0936 7792 blbdrive - ok 21:11:39.0032 7792 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 21:11:39.0064 7792 Bonjour Service - ok 21:11:39.0172 7792 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 21:11:39.0207 7792 bowser - ok 21:11:39.0251 7792 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:11:39.0333 7792 BrFiltLo - ok 21:11:39.0437 7792 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:11:39.0503 7792 BrFiltUp - ok 21:11:39.0533 7792 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 21:11:39.0599 7792 BridgeMP - ok 21:11:39.0702 7792 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 21:11:39.0783 7792 Browser - ok 21:11:39.0859 7792 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 21:11:39.0912 7792 Brserid - ok 21:11:39.0989 7792 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 21:11:40.0035 7792 BrSerWdm - ok 21:11:40.0086 7792 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:11:40.0134 7792 BrUsbMdm - ok 21:11:40.0194 7792 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 21:11:40.0245 7792 BrUsbSer - ok 21:11:40.0303 7792 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 21:11:40.0348 7792 BTHMODEM - ok 21:11:40.0441 7792 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 21:11:40.0500 7792 bthserv - ok 21:11:40.0574 7792 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 21:11:40.0640 7792 cdfs - ok 21:11:40.0746 7792 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 21:11:40.0781 7792 cdrom - ok 21:11:40.0845 7792 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 21:11:40.0898 7792 CertPropSvc - ok 21:11:40.0993 7792 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 21:11:41.0020 7792 circlass - ok 21:11:41.0123 7792 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 21:11:41.0145 7792 CLFS - ok 21:11:41.0235 7792 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:11:41.0258 7792 clr_optimization_v2.0.50727_32 - ok 21:11:41.0327 7792 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:11:41.0397 7792 clr_optimization_v4.0.30319_32 - ok 21:11:41.0502 7792 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 21:11:41.0566 7792 CmBatt - ok 21:11:41.0610 7792 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 21:11:41.0627 7792 cmdide - ok 21:11:41.0681 7792 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 21:11:41.0721 7792 CNG - ok 21:11:41.0848 7792 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 21:11:41.0878 7792 Compbatt - ok 21:11:41.0923 7792 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 21:11:41.0953 7792 CompositeBus - ok 21:11:41.0966 7792 COMSysApp - ok 21:11:41.0999 7792 cpuz134 - ok 21:11:42.0109 7792 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 21:11:42.0146 7792 crcdisk - ok 21:11:42.0202 7792 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 21:11:42.0260 7792 CryptSvc - ok 21:11:42.0384 7792 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 21:11:42.0475 7792 CSC - ok 21:11:42.0583 7792 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 21:11:42.0634 7792 CscService - ok 21:11:42.0754 7792 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 21:11:42.0839 7792 DcomLaunch - ok 21:11:42.0887 7792 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 21:11:42.0948 7792 defragsvc - ok 21:11:43.0059 7792 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 21:11:43.0123 7792 DfsC - ok 21:11:43.0201 7792 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 21:11:43.0294 7792 Dhcp - ok 21:11:43.0390 7792 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 21:11:43.0461 7792 discache - ok 21:11:43.0530 7792 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 21:11:43.0563 7792 Disk - ok 21:11:43.0645 7792 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 21:11:43.0707 7792 Dnscache - ok 21:11:43.0776 7792 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 21:11:43.0824 7792 dot3svc - ok 21:11:43.0931 7792 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys 21:11:43.0993 7792 dot4 - ok 21:11:44.0067 7792 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys 21:11:44.0124 7792 Dot4Print - ok 21:11:44.0203 7792 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys 21:11:44.0268 7792 dot4usb - ok 21:11:44.0334 7792 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 21:11:44.0388 7792 DPS - ok 21:11:44.0490 7792 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 21:11:44.0535 7792 drmkaud - ok 21:11:44.0607 7792 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 21:11:44.0636 7792 DXGKrnl - ok 21:11:44.0742 7792 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 21:11:44.0823 7792 EapHost - ok 21:11:44.0962 7792 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 21:11:45.0091 7792 ebdrv - ok 21:11:45.0196 7792 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 21:11:45.0274 7792 EFS - ok 21:11:45.0370 7792 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 21:11:45.0433 7792 ehRecvr - ok 21:11:45.0549 7792 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 21:11:45.0614 7792 ehSched - ok 21:11:45.0715 7792 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 21:11:45.0759 7792 elxstor - ok 21:11:45.0870 7792 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 21:11:45.0933 7792 ErrDev - ok 21:11:46.0017 7792 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 21:11:46.0087 7792 EventSystem - ok 21:11:46.0190 7792 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 21:11:46.0242 7792 exfat - ok 21:11:46.0269 7792 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 21:11:46.0320 7792 fastfat - ok 21:11:46.0443 7792 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 21:11:46.0521 7792 Fax - ok 21:11:46.0710 7792 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 21:11:46.0766 7792 fdc - ok 21:11:46.0864 7792 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 21:11:46.0909 7792 fdPHost - ok 21:11:46.0936 7792 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 21:11:46.0983 7792 FDResPub - ok 21:11:47.0050 7792 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 21:11:47.0092 7792 FileInfo - ok 21:11:47.0201 7792 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 21:11:47.0258 7792 Filetrace - ok 21:11:47.0295 7792 FINEPIX_PCC (4372398a6ae42586eb1c6533dd3b575d) C:\Windows\system32\Drivers\V4CB0115.SYS 21:11:47.0352 7792 FINEPIX_PCC - ok 21:11:47.0449 7792 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 21:11:47.0498 7792 flpydisk - ok 21:11:47.0602 7792 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 21:11:47.0627 7792 FltMgr - ok 21:11:47.0699 7792 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 21:11:47.0755 7792 FontCache - ok 21:11:47.0902 7792 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:11:47.0934 7792 FontCache3.0.0.0 - ok 21:11:48.0009 7792 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 21:11:48.0051 7792 FsDepends - ok 21:11:48.0133 7792 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 21:11:48.0151 7792 Fs_Rec - ok 21:11:48.0215 7792 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 21:11:48.0257 7792 fvevol - ok 21:11:48.0334 7792 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:11:48.0364 7792 gagp30kx - ok 21:11:48.0434 7792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:11:48.0460 7792 GEARAspiWDM - ok 21:11:48.0511 7792 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\Windows\system32\Drivers\GemCCID.sys 21:11:48.0557 7792 GemCCID - ok 21:11:48.0640 7792 ggflt (4b5fddbcb9407741f47818b8d1ee4a8e) C:\Windows\system32\DRIVERS\ggflt.sys 21:11:48.0663 7792 ggflt - ok 21:11:48.0708 7792 ggsemc (80bbcc9724b24a708ca9489c1e0a1e5f) C:\Windows\system32\DRIVERS\ggsemc.sys 21:11:48.0741 7792 ggsemc - ok 21:11:48.0776 7792 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys 21:11:48.0815 7792 giveio ( UnsignedFile.Multi.Generic ) - warning 21:11:48.0815 7792 giveio - detected UnsignedFile.Multi.Generic (1) 21:11:48.0903 7792 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 21:11:48.0984 7792 gpsvc - ok 21:11:49.0083 7792 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:11:49.0114 7792 gupdate - ok 21:11:49.0121 7792 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:11:49.0140 7792 gupdatem - ok 21:11:49.0246 7792 hcmon (700c2db7d9781d6001099f6c2b417aeb) C:\Windows\system32\drivers\hcmon.sys 21:11:49.0281 7792 hcmon - ok 21:11:49.0326 7792 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 21:11:49.0364 7792 hcw85cir - ok 21:11:49.0405 7792 HCWU2DTD (c19ef67beca82e6695766654a0f38665) C:\Windows\system32\Drivers\hcwu2dtd.sys 21:11:49.0454 7792 HCWU2DTD - ok 21:11:49.0561 7792 HCWU2DTL (7db1c2f9d494bab70b50610230af1abd) C:\Windows\system32\DRIVERS\hcwu2dtl.sys 21:11:49.0608 7792 HCWU2DTL - ok 21:11:49.0659 7792 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 21:11:49.0699 7792 HdAudAddService - ok 21:11:49.0803 7792 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 21:11:49.0848 7792 HDAudBus - ok 21:11:49.0888 7792 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 21:11:49.0916 7792 HidBatt - ok 21:11:50.0030 7792 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 21:11:50.0080 7792 HidBth - ok 21:11:50.0111 7792 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 21:11:50.0146 7792 HidIr - ok 21:11:50.0257 7792 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll 21:11:50.0341 7792 hidserv - ok 21:11:50.0414 7792 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 21:11:50.0449 7792 HidUsb - ok 21:11:50.0519 7792 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 21:11:50.0573 7792 hkmsvc - ok 21:11:50.0619 7792 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 21:11:50.0688 7792 HomeGroupListener - ok 21:11:50.0740 7792 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 21:11:50.0783 7792 HomeGroupProvider - ok 21:11:50.0893 7792 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 21:11:50.0933 7792 HpSAMD - ok 21:11:51.0069 7792 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files\Hotspot Shield\bin\openvpnas.exe 21:11:51.0117 7792 hshld - ok 21:11:51.0221 7792 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys 21:11:51.0237 7792 HssDrv - ok 21:11:51.0327 7792 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe 21:11:51.0359 7792 HssSrv - ok 21:11:51.0424 7792 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE 21:11:51.0460 7792 HssTrayService - ok 21:11:51.0490 7792 HssWd - ok 21:11:51.0589 7792 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys 21:11:51.0698 7792 HTCAND32 - ok 21:11:51.0752 7792 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys 21:11:51.0821 7792 htcnprot - ok 21:11:51.0925 7792 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 21:11:51.0978 7792 HTTP - ok 21:11:52.0048 7792 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 21:11:52.0064 7792 hwpolicy - ok 21:11:52.0116 7792 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 21:11:52.0155 7792 i8042prt - ok 21:11:52.0243 7792 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 21:11:52.0271 7792 iaStorV - ok 21:11:52.0373 7792 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:11:52.0413 7792 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:11:52.0413 7792 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:11:52.0580 7792 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:11:52.0617 7792 idsvc - ok 21:11:52.0720 7792 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 21:11:52.0762 7792 iirsp - ok 21:11:52.0818 7792 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 21:11:52.0865 7792 IKEEXT - ok 21:11:53.0037 7792 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\Windows\system32\drivers\RTKVHDA.sys 21:11:53.0273 7792 IntcAzAudAddService - ok 21:11:53.0381 7792 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 21:11:53.0408 7792 intelide - ok 21:11:53.0457 7792 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 21:11:53.0488 7792 intelppm - ok 21:11:53.0536 7792 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 21:11:53.0594 7792 IPBusEnum - ok 21:11:53.0696 7792 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:11:53.0759 7792 IpFilterDriver - ok 21:11:53.0817 7792 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 21:11:53.0876 7792 iphlpsvc - ok 21:11:53.0978 7792 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 21:11:54.0023 7792 IPMIDRV - ok 21:11:54.0066 7792 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 21:11:54.0115 7792 IPNAT - ok 21:11:54.0177 7792 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 21:11:54.0204 7792 iPod Service - ok 21:11:54.0312 7792 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 21:11:54.0372 7792 IRENUM - ok 21:11:54.0414 7792 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 21:11:54.0431 7792 isapnp - ok 21:11:54.0535 7792 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 21:11:54.0569 7792 iScsiPrt - ok 21:11:54.0632 7792 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys 21:11:54.0681 7792 k750bus - ok 21:11:54.0814 7792 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys 21:11:54.0864 7792 k750mdfl - ok 21:11:54.0906 7792 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys 21:11:54.0928 7792 k750mdm - ok 21:11:55.0022 7792 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\Windows\system32\DRIVERS\k750mgmt.sys 21:11:55.0083 7792 k750mgmt - ok 21:11:55.0154 7792 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\Windows\system32\DRIVERS\k750obex.sys 21:11:55.0218 7792 k750obex - ok 21:11:55.0319 7792 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 21:11:55.0351 7792 kbdclass - ok 21:11:55.0415 7792 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 21:11:55.0443 7792 kbdhid - ok 21:11:55.0541 7792 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:11:55.0569 7792 KeyIso - ok 21:11:55.0632 7792 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 21:11:55.0672 7792 KSecDD - ok 21:11:55.0697 7792 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 21:11:55.0716 7792 KSecPkg - ok 21:11:55.0844 7792 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 21:11:55.0897 7792 KtmRm - ok 21:11:55.0955 7792 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll 21:11:56.0017 7792 LanmanServer - ok 21:11:56.0111 7792 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 21:11:56.0185 7792 LanmanWorkstation - ok 21:11:56.0253 7792 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 21:11:56.0314 7792 lltdio - ok 21:11:56.0426 7792 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 21:11:56.0472 7792 lltdsvc - ok 21:11:56.0518 7792 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 21:11:56.0566 7792 lmhosts - ok 21:11:56.0669 7792 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:11:56.0704 7792 LSI_FC - ok 21:11:56.0747 7792 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:11:56.0767 7792 LSI_SAS - ok 21:11:56.0789 7792 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:11:56.0808 7792 LSI_SAS2 - ok 21:11:56.0905 7792 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:11:56.0938 7792 LSI_SCSI - ok 21:11:56.0986 7792 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 21:11:57.0035 7792 luafv - ok 21:11:57.0136 7792 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 21:11:57.0173 7792 MBAMProtector - ok 21:11:57.0298 7792 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 21:11:57.0335 7792 MBAMService - ok 21:11:57.0417 7792 mcdbus - ok 21:11:57.0481 7792 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 21:11:57.0503 7792 Mcx2Svc - ok 21:11:57.0581 7792 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 21:11:57.0613 7792 megasas - ok 21:11:57.0691 7792 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 21:11:57.0729 7792 MegaSR - ok 21:11:57.0806 7792 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 21:11:57.0874 7792 MMCSS - ok 21:11:57.0950 7792 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 21:11:58.0006 7792 Modem - ok 21:11:58.0074 7792 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 21:11:58.0125 7792 monitor - ok 21:11:58.0201 7792 motmodem (11b8118f538b579488e7645b2578e544) C:\Windows\system32\DRIVERS\motmodem.sys 21:11:58.0285 7792 motmodem - ok 21:11:58.0366 7792 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe 21:11:58.0403 7792 MotoHelper - ok 21:11:58.0518 7792 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 21:11:58.0536 7792 mouclass - ok 21:11:58.0574 7792 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 21:11:58.0601 7792 mouhid - ok 21:11:58.0645 7792 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 21:11:58.0663 7792 mountmgr - ok 21:11:58.0782 7792 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 21:11:58.0823 7792 mpio - ok 21:11:58.0868 7792 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 21:11:58.0900 7792 mpsdrv - ok 21:11:58.0960 7792 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 21:11:59.0010 7792 MpsSvc - ok 21:11:59.0123 7792 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 21:11:59.0176 7792 MRxDAV - ok 21:11:59.0220 7792 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:11:59.0266 7792 mrxsmb - ok 21:11:59.0380 7792 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:11:59.0424 7792 mrxsmb10 - ok 21:11:59.0468 7792 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:11:59.0502 7792 mrxsmb20 - ok 21:11:59.0549 7792 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 21:11:59.0567 7792 msahci - ok 21:11:59.0679 7792 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 21:11:59.0725 7792 msdsm - ok 21:11:59.0773 7792 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 21:11:59.0804 7792 MSDTC - ok 21:11:59.0925 7792 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 21:11:59.0982 7792 Msfs - ok 21:12:00.0064 7792 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 21:12:00.0132 7792 mshidkmdf - ok 21:12:00.0268 7792 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 21:12:00.0299 7792 msisadrv - ok 21:12:00.0401 7792 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 21:12:00.0458 7792 MSiSCSI - ok 21:12:00.0487 7792 msiserver - ok 21:12:00.0639 7792 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 21:12:00.0714 7792 MSKSSRV - ok 21:12:00.0783 7792 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 21:12:00.0842 7792 MSPCLOCK - ok 21:12:00.0944 7792 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 21:12:01.0005 7792 MSPQM - ok 21:12:01.0087 7792 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 21:12:01.0132 7792 MsRPC - ok 21:12:01.0241 7792 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 21:12:01.0267 7792 mssmbios - ok 21:12:01.0362 7792 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 21:12:01.0418 7792 MSTEE - ok 21:12:01.0530 7792 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 21:12:01.0611 7792 MTConfig - ok 21:12:01.0761 7792 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 21:12:01.0789 7792 Mup - ok 21:12:01.0877 7792 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 21:12:01.0953 7792 napagent - ok 21:12:02.0077 7792 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 21:12:02.0122 7792 NativeWifiP - ok 21:12:02.0219 7792 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe 21:12:02.0261 7792 NAUpdate - ok 21:12:02.0400 7792 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys 21:12:02.0428 7792 NBVol - ok 21:12:02.0553 7792 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys 21:12:02.0623 7792 NBVolUp - ok 21:12:02.0700 7792 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 21:12:02.0728 7792 NDIS - ok 21:12:02.0922 7792 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 21:12:02.0990 7792 NdisCap - ok 21:12:03.0020 7792 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 21:12:03.0065 7792 NdisTapi - ok 21:12:03.0221 7792 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 21:12:03.0282 7792 Ndisuio - ok 21:12:03.0375 7792 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 21:12:03.0437 7792 NdisWan - ok 21:12:03.0547 7792 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 21:12:03.0610 7792 NDProxy - ok 21:12:03.0680 7792 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\Windows\system32\HPZinw12.dll 21:12:03.0701 7792 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 21:12:03.0701 7792 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 21:12:03.0795 7792 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys 21:12:03.0845 7792 Netaapl - ok 21:12:03.0935 7792 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 21:12:04.0010 7792 NetBIOS - ok 21:12:04.0122 7792 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 21:12:04.0190 7792 NetBT - ok 21:12:04.0275 7792 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:12:04.0315 7792 Netlogon - ok 21:12:04.0388 7792 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 21:12:04.0452 7792 Netman - ok 21:12:04.0544 7792 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 21:12:04.0595 7792 netprofm - ok 21:12:04.0691 7792 netr73 (00ebe302169c7b783a29b6df3c9e5b28) C:\Windows\system32\DRIVERS\netr73.sys 21:12:04.0744 7792 netr73 - ok 21:12:04.0892 7792 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:12:04.0921 7792 NetTcpPortSharing - ok 21:12:05.0102 7792 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 21:12:05.0205 7792 NETw4v32 - ok 21:12:05.0486 7792 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 21:12:05.0568 7792 netw5v32 - ok 21:12:05.0904 7792 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys 21:12:06.0026 7792 NETwLv32 - ok 21:12:06.0178 7792 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 21:12:06.0209 7792 nfrd960 - ok 21:12:06.0300 7792 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 21:12:06.0355 7792 NlaSvc - ok 21:12:06.0439 7792 nlsX86cc (d078127922b34c837fd0df903cf7ad24) C:\Windows\system32\NLSSRV32.EXE 21:12:06.0474 7792 nlsX86cc - ok 21:12:06.0586 7792 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys 21:12:06.0621 7792 NPF - ok 21:12:06.0734 7792 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 21:12:06.0802 7792 Npfs - ok 21:12:06.0897 7792 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 21:12:06.0951 7792 nsi - ok 21:12:07.0071 7792 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 21:12:07.0128 7792 nsiproxy - ok 21:12:07.0248 7792 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 21:12:07.0291 7792 Ntfs - ok 21:12:07.0437 7792 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 21:12:07.0495 7792 Null - ok 21:12:07.0572 7792 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 21:12:07.0614 7792 nvraid - ok 21:12:07.0724 7792 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 21:12:07.0765 7792 nvstor - ok 21:12:07.0848 7792 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 21:12:07.0867 7792 nv_agp - ok 21:12:07.0973 7792 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:12:08.0012 7792 odserv - ok 21:12:08.0162 7792 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 21:12:08.0216 7792 ohci1394 - ok 21:12:08.0291 7792 optousb (f7a2ad676a5c0c2ef2d6321c954e7b46) C:\Windows\system32\DRIVERS\optousb.sys 21:12:08.0338 7792 optousb - ok 21:12:08.0436 7792 optovcm (f82e3a2fbb48183a437c08d6b608f590) C:\Windows\system32\DRIVERS\optovcm.sys 21:12:08.0484 7792 optovcm - ok 21:12:08.0521 7792 OracleJobSchedulerXE - ok 21:12:08.0539 7792 OracleMTSRecoveryService - ok 21:12:08.0550 7792 OracleServiceXE - ok 21:12:08.0563 7792 OracleXEClrAgent - ok 21:12:08.0609 7792 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe 21:12:08.0661 7792 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - warning 21:12:08.0661 7792 OracleXETNSListener - detected UnsignedFile.Multi.Generic (1) 21:12:08.0751 7792 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:12:08.0785 7792 ose - ok 21:12:08.0912 7792 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 21:12:08.0969 7792 p2pimsvc - ok 21:12:08.0999 7792 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 21:12:09.0035 7792 p2psvc - ok 21:12:09.0181 7792 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 21:12:09.0214 7792 Parport - ok 21:12:09.0280 7792 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 21:12:09.0312 7792 partmgr - ok 21:12:09.0443 7792 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 21:12:09.0495 7792 Parvdm - ok 21:12:09.0575 7792 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe 21:12:09.0597 7792 PassThru Service ( UnsignedFile.Multi.Generic ) - warning 21:12:09.0597 7792 PassThru Service - detected UnsignedFile.Multi.Generic (1) 21:12:09.0727 7792 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 21:12:09.0776 7792 PcaSvc - ok 21:12:09.0862 7792 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 21:12:09.0892 7792 pci - ok 21:12:10.0038 7792 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 21:12:10.0075 7792 pciide - ok 21:12:10.0153 7792 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 21:12:10.0194 7792 pcmcia - ok 21:12:10.0300 7792 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 21:12:10.0343 7792 pcw - ok 21:12:10.0437 7792 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 21:12:10.0491 7792 PEAUTH - ok 21:12:10.0581 7792 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 21:12:10.0662 7792 PeerDistSvc - ok 21:12:10.0822 7792 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 21:12:10.0915 7792 pla - ok 21:12:11.0097 7792 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 21:12:11.0161 7792 PlugPlay - ok 21:12:11.0274 7792 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\Windows\system32\HPZipm12.dll 21:12:11.0295 7792 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 21:12:11.0295 7792 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 21:12:11.0340 7792 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 21:12:11.0378 7792 PNRPAutoReg - ok 21:12:11.0501 7792 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 21:12:11.0540 7792 PNRPsvc - ok 21:12:11.0590 7792 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 21:12:11.0639 7792 PolicyAgent - ok 21:12:11.0749 7792 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 21:12:11.0813 7792 Power - ok 21:12:11.0901 7792 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 21:12:11.0963 7792 PptpMiniport - ok 21:12:12.0129 7792 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 21:12:12.0181 7792 Processor - ok 21:12:12.0318 7792 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 21:12:12.0373 7792 ProfSvc - ok 21:12:12.0442 7792 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:12:12.0481 7792 ProtectedStorage - ok 21:12:12.0609 7792 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 21:12:12.0674 7792 Psched - ok 21:12:12.0831 7792 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 21:12:12.0894 7792 ql2300 - ok 21:12:13.0034 7792 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 21:12:13.0053 7792 ql40xx - ok 21:12:13.0129 7792 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 21:12:13.0193 7792 QWAVE - ok 21:12:13.0321 7792 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 21:12:13.0357 7792 QWAVEdrv - ok 21:12:13.0498 7792 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 21:12:13.0534 7792 RapportCerberus_34302 - ok 21:12:13.0638 7792 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 21:12:13.0674 7792 RapportEI - ok 21:12:13.0800 7792 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys 21:12:13.0830 7792 RapportIaso - ok 21:12:13.0971 7792 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys 21:12:14.0004 7792 RapportKELL - ok 21:12:14.0119 7792 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 21:12:14.0166 7792 RapportMgmtService - ok 21:12:14.0260 7792 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 21:12:14.0306 7792 RapportPG - ok 21:12:14.0470 7792 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 21:12:14.0527 7792 RasAcd - ok 21:12:14.0608 7792 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:12:14.0648 7792 RasAgileVpn - ok 21:12:14.0714 7792 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 21:12:14.0765 7792 RasAuto - ok 21:12:14.0896 7792 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:12:14.0957 7792 Rasl2tp - ok 21:12:15.0048 7792 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 21:12:15.0117 7792 RasMan - ok 21:12:15.0228 7792 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 21:12:15.0285 7792 RasPppoe - ok 21:12:15.0396 7792 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 21:12:15.0458 7792 RasSstp - ok 21:12:15.0586 7792 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 21:12:15.0652 7792 rdbss - ok 21:12:15.0767 7792 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 21:12:15.0806 7792 rdpbus - ok 21:12:15.0912 7792 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:12:15.0954 7792 RDPCDD - ok 21:12:16.0383 7792 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 21:12:16.0466 7792 RDPDR - ok 21:12:16.0618 7792 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 21:12:16.0688 7792 RDPENCDD - ok 21:12:16.0769 7792 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 21:12:16.0832 7792 RDPREFMP - ok 21:12:16.0934 7792 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 21:12:16.0984 7792 RDPWD - ok 21:12:17.0077 7792 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 21:12:17.0122 7792 rdyboost - ok 21:12:17.0207 7792 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 21:12:17.0242 7792 RemoteAccess - ok 21:12:17.0330 7792 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 21:12:17.0409 7792 RemoteRegistry - ok 21:12:17.0474 7792 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe 21:12:17.0502 7792 rpcapd - ok 21:12:17.0649 7792 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 21:12:17.0716 7792 RpcEptMapper - ok 21:12:17.0805 7792 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 21:12:17.0850 7792 RpcLocator - ok 21:12:17.0922 7792 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 21:12:17.0971 7792 RpcSs - ok 21:12:18.0101 7792 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 21:12:18.0162 7792 rspndr - ok 21:12:18.0274 7792 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys 21:12:18.0312 7792 RTHDMIAzAudService - ok 21:12:18.0485 7792 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 21:12:18.0540 7792 RTL8167 - ok 21:12:18.0674 7792 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 21:12:18.0710 7792 s0016bus - ok 21:12:18.0785 7792 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 21:12:18.0818 7792 s0016mdfl - ok 21:12:18.0868 7792 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 21:12:18.0885 7792 s0016mdm - ok 21:12:18.0993 7792 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 21:12:19.0020 7792 s0016mgmt - ok 21:12:19.0238 7792 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 21:12:19.0252 7792 s0016nd5 - ok 21:12:19.0321 7792 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 21:12:19.0349 7792 s0016obex - ok 21:12:19.0472 7792 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 21:12:19.0494 7792 s0016unic - ok 21:12:19.0580 7792 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys 21:12:19.0613 7792 s1018bus - ok 21:12:19.0704 7792 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys 21:12:19.0733 7792 s1018mdfl - ok 21:12:19.0818 7792 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys 21:12:19.0853 7792 s1018mdm - ok 21:12:19.0885 7792 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys 21:12:19.0936 7792 s1018mgmt - ok 21:12:20.0025 7792 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys 21:12:20.0059 7792 s1018nd5 - ok 21:12:20.0149 7792 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys 21:12:20.0185 7792 s1018obex - ok 21:12:20.0210 7792 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys 21:12:20.0226 7792 s1018unic - ok 21:12:20.0328 7792 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 21:12:20.0378 7792 s3cap - ok 21:12:20.0464 7792 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:12:20.0483 7792 SamSs - ok 21:12:20.0576 7792 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 21:12:20.0608 7792 sbp2port - ok 21:12:20.0711 7792 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 21:12:20.0779 7792 SCardSvr - ok 21:12:20.0882 7792 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 21:12:20.0947 7792 scfilter - ok 21:12:21.0108 7792 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 21:12:21.0179 7792 Schedule - ok 21:12:21.0281 7792 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 21:12:21.0328 7792 SCPolicySvc - ok 21:12:21.0419 7792 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 21:12:21.0485 7792 sdbus - ok 21:12:21.0589 7792 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 21:12:21.0659 7792 SDRSVC - ok 21:12:21.0734 7792 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe 21:12:21.0767 7792 SeagateDashboardService - ok 21:12:21.0917 7792 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 21:12:21.0982 7792 secdrv - ok 21:12:22.0052 7792 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 21:12:22.0116 7792 seclogon - ok 21:12:22.0191 7792 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll 21:12:22.0257 7792 SENS - ok 21:12:22.0339 7792 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 21:12:22.0393 7792 SensrSvc - ok 21:12:22.0505 7792 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 21:12:22.0558 7792 Serenum - ok 21:12:22.0636 7792 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 21:12:22.0675 7792 Serial - ok 21:12:22.0785 7792 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 21:12:22.0829 7792 sermouse - ok 21:12:22.0929 7792 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 21:12:22.0990 7792 SessionEnv - ok 21:12:23.0093 7792 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 21:12:23.0151 7792 sffdisk - ok 21:12:23.0222 7792 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 21:12:23.0253 7792 sffp_mmc - ok 21:12:23.0363 7792 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:12:23.0425 7792 sffp_sd - ok 21:12:23.0501 7792 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 21:12:23.0534 7792 sfloppy - ok 21:12:23.0632 7792 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 21:12:23.0703 7792 SharedAccess - ok 21:12:23.0814 7792 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 21:12:23.0879 7792 ShellHWDetection - ok 21:12:23.0981 7792 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 21:12:24.0007 7792 sisagp - ok 21:12:24.0091 7792 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:12:24.0122 7792 SiSRaid2 - ok 21:12:24.0155 7792 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 21:12:24.0174 7792 SiSRaid4 - ok 21:12:24.0329 7792 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 21:12:24.0378 7792 Smb - ok 21:12:24.0502 7792 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 21:12:24.0533 7792 SNMPTRAP - ok 21:12:24.0633 7792 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe 21:12:24.0661 7792 Sony Ericsson PCCompanion - ok 21:12:24.0764 7792 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys 21:12:24.0804 7792 speedfan - ok 21:12:24.0891 7792 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 21:12:24.0925 7792 spldr - ok 21:12:25.0019 7792 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 21:12:25.0075 7792 Spooler - ok 21:12:25.0226 7792 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 21:12:25.0317 7792 sppsvc - ok 21:12:25.0430 7792 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 21:12:25.0495 7792 sppuinotify - ok 21:12:25.0575 7792 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 21:12:25.0578 7792 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 21:12:25.0605 7792 sptd ( LockedFile.Multi.Generic ) - warning 21:12:25.0606 7792 sptd - detected LockedFile.Multi.Generic (1) 21:12:25.0776 7792 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 21:12:25.0831 7792 srv - ok 21:12:25.0990 7792 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 21:12:26.0043 7792 srv2 - ok 21:12:26.0212 7792 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 21:12:26.0251 7792 srvnet - ok 21:12:26.0333 7792 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 21:12:26.0386 7792 SSDPSRV - ok 21:12:26.0517 7792 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 21:12:26.0594 7792 SstpSvc - ok 21:12:26.0798 7792 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 21:12:26.0839 7792 stexstor - ok 21:12:26.0936 7792 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 21:12:26.0998 7792 StiSvc - ok 21:12:27.0135 7792 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 21:12:27.0167 7792 storflt - ok 21:12:27.0282 7792 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 21:12:27.0318 7792 StorSvc - ok 21:12:27.0430 7792 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 21:12:27.0471 7792 storvsc - ok 21:12:27.0545 7792 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 21:12:27.0562 7792 swenum - ok 21:12:27.0644 7792 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 21:12:27.0720 7792 swprv - ok 21:12:27.0825 7792 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 21:12:27.0876 7792 SysMain - ok 21:12:28.0010 7792 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 21:12:28.0047 7792 TabletInputService - ok 21:12:28.0129 7792 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys 21:12:28.0163 7792 taphss - ok 21:12:28.0279 7792 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 21:12:28.0333 7792 TapiSrv - ok 21:12:28.0415 7792 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 21:12:28.0475 7792 TBS - ok 21:12:28.0633 7792 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 21:12:28.0671 7792 Tcpip - ok 21:12:28.0864 7792 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 21:12:28.0911 7792 TCPIP6 - ok 21:12:29.0072 7792 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 21:12:29.0120 7792 tcpipreg - ok 21:12:29.0203 7792 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 21:12:29.0249 7792 TDPIPE - ok 21:12:29.0380 7792 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 21:12:29.0421 7792 TDTCP - ok 21:12:29.0510 7792 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 21:12:29.0570 7792 tdx - ok 21:12:29.0660 7792 TemproMonitoringService (1b709733a04dcc41a63f9cd1f76a4ebe) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe 21:12:29.0681 7792 TemproMonitoringService - ok 21:12:29.0833 7792 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 21:12:29.0872 7792 TermDD - ok 21:12:29.0964 7792 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 21:12:30.0016 7792 TermService - ok 21:12:30.0123 7792 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 21:12:30.0171 7792 Themes - ok 21:12:30.0219 7792 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 21:12:30.0254 7792 THREADORDER - ok 21:12:30.0413 7792 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys 21:12:30.0475 7792 tifm21 - ok 21:12:30.0639 7792 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys 21:12:30.0696 7792 tos_sps32 - ok 21:12:30.0798 7792 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 21:12:30.0853 7792 TrkWks - ok 21:12:30.0925 7792 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 21:12:30.0993 7792 TrustedInstaller - ok 21:12:31.0150 7792 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:12:31.0209 7792 tssecsrv - ok 21:12:31.0289 7792 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 21:12:31.0327 7792 TsUsbFlt - ok 21:12:31.0443 7792 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 21:12:31.0507 7792 tunnel - ok 21:12:31.0673 7792 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 21:12:31.0703 7792 TVALZ - ok 21:12:31.0878 7792 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 21:12:31.0916 7792 uagp35 - ok 21:12:32.0009 7792 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 21:12:32.0067 7792 udfs - ok 21:12:32.0154 7792 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe 21:12:32.0188 7792 ufad-ws60 - ok 21:12:32.0311 7792 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 21:12:32.0369 7792 UI0Detect - ok 21:12:32.0457 7792 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 21:12:32.0483 7792 uliagpkx - ok 21:12:32.0703 7792 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 21:12:32.0754 7792 umbus - ok 21:12:32.0826 7792 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 21:12:32.0865 7792 UmPass - ok 21:12:32.0937 7792 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 21:12:32.0997 7792 UmRdpService - ok 21:12:33.0084 7792 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 21:12:33.0135 7792 upnphost - ok 21:12:33.0236 7792 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys 21:12:33.0315 7792 USBAAPL - ok 21:12:33.0467 7792 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 21:12:33.0511 7792 usbaudio - ok 21:12:33.0604 7792 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 21:12:33.0664 7792 usbccgp - ok 21:12:33.0770 7792 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 21:12:33.0826 7792 usbcir - ok 21:12:33.0915 7792 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 21:12:33.0947 7792 usbehci - ok 21:12:34.0056 7792 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 21:12:34.0089 7792 usbhub - ok 21:12:34.0170 7792 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 21:12:34.0215 7792 usbohci - ok 21:12:34.0334 7792 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 21:12:34.0375 7792 usbprint - ok 21:12:34.0475 7792 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:12:34.0528 7792 USBSTOR - ok 21:12:34.0624 7792 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 21:12:34.0654 7792 usbuhci - ok 21:12:34.0749 7792 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 21:12:34.0801 7792 usbvideo - ok 21:12:34.0915 7792 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 21:12:34.0965 7792 usb_rndisx - ok 21:12:35.0048 7792 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS 21:12:35.0097 7792 UVCFTR - ok 21:12:35.0162 7792 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 21:12:35.0229 7792 UxSms - ok 21:12:35.0343 7792 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:12:35.0375 7792 VaultSvc - ok 21:12:35.0469 7792 VBoxDrv (fb743efd8a977ea2aff7e3a65f79979f) C:\Windows\system32\DRIVERS\VBoxDrv.sys 21:12:35.0498 7792 VBoxDrv - ok 21:12:35.0599 7792 VBoxNetAdp (352385f05c1c4770447d5d3fa0438627) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 21:12:35.0634 7792 VBoxNetAdp - ok 21:12:35.0725 7792 VBoxNetFlt (a67d188271dd906143d31647f520c907) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 21:12:35.0742 7792 VBoxNetFlt - ok 21:12:35.0842 7792 VBoxUSBMon (ea1d9ad2f75043a3ede05aa56bb9dcb9) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 21:12:35.0885 7792 VBoxUSBMon - ok 21:12:35.0932 7792 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 21:12:35.0966 7792 vdrvroot - ok 21:12:36.0051 7792 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 21:12:36.0109 7792 vds - ok 21:12:36.0268 7792 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 21:12:36.0325 7792 vga - ok 21:12:36.0404 7792 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 21:12:36.0458 7792 VgaSave - ok 21:12:36.0568 7792 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 21:12:36.0607 7792 vhdmp - ok 21:12:36.0706 7792 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 21:12:36.0736 7792 viaagp - ok 21:12:36.0789 7792 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 21:12:36.0838 7792 ViaC7 - ok 21:12:36.0943 7792 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 21:12:36.0962 7792 viaide - ok 21:12:37.0060 7792 VMAuthdService (c6543f46394797dbde0cb1bb33c8afd5) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe 21:12:37.0103 7792 VMAuthdService - ok 21:12:37.0254 7792 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 21:12:37.0288 7792 vmbus - ok 21:12:37.0372 7792 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 21:12:37.0403 7792 VMBusHID - ok 21:12:37.0518 7792 vmci (d24bdf8fe254aed604f5fe5d850e7027) C:\Windows\system32\Drivers\vmci.sys 21:12:37.0544 7792 vmci - ok 21:12:37.0627 7792 vmkbd (99b2edd50b175bcb455771e1c7145553) C:\Windows\system32\drivers\VMkbd.sys 21:12:37.0642 7792 vmkbd - ok 21:12:37.0666 7792 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys 21:12:37.0680 7792 VMnetAdapter - ok 21:12:37.0797 7792 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys 21:12:37.0820 7792 VMnetBridge - ok 21:12:37.0918 7792 VMnetDHCP (bc9b7482671e733fb5c122e13e93dabf) C:\Windows\system32\vmnetdhcp.exe 21:12:37.0965 7792 VMnetDHCP - ok 21:12:38.0074 7792 VMnetuserif (2bbbb5b7859a2f9cb00222b0d56d4dd0) C:\Windows\system32\drivers\vmnetuserif.sys 21:12:38.0102 7792 VMnetuserif - ok 21:12:38.0219 7792 VMUSBArbService (d73daf6961c4fefe92b914dfabeea98f) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe 21:12:38.0264 7792 VMUSBArbService - ok 21:12:38.0403 7792 VMware NAT Service (417d1936bd4a669459c04cea892dd722) C:\Windows\system32\vmnat.exe 21:12:38.0439 7792 VMware NAT Service - ok 21:12:38.0575 7792 vmx86 (aec740ffc3d201780a656d898a4beada) C:\Windows\system32\Drivers\vmx86.sys 21:12:38.0618 7792 vmx86 - ok 21:12:38.0765 7792 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 21:12:38.0783 7792 volmgr - ok 21:12:38.0897 7792 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 21:12:38.0931 7792 volmgrx - ok 21:12:39.0044 7792 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 21:12:39.0064 7792 volsnap - ok 21:12:39.0146 7792 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys 21:12:39.0180 7792 vpcbus - ok 21:12:39.0235 7792 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys 21:12:39.0280 7792 vpcnfltr - ok 21:12:39.0390 7792 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys 21:12:39.0423 7792 vpcusb - ok 21:12:39.0519 7792 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys 21:12:39.0564 7792 vpcvmm - ok 21:12:39.0616 7792 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 21:12:39.0636 7792 vsmraid - ok 21:12:39.0745 7792 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 21:12:39.0823 7792 VSS - ok 21:12:39.0915 7792 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 21:12:39.0952 7792 vstor2-ws60 - ok 21:12:40.0110 7792 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 21:12:40.0153 7792 vwifibus - ok 21:12:40.0228 7792 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 21:12:40.0266 7792 vwififlt - ok 21:12:40.0344 7792 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 21:12:40.0414 7792 W32Time - ok 21:12:40.0553 7792 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 21:12:40.0609 7792 WacomPen - ok 21:12:40.0729 7792 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 21:12:40.0777 7792 WANARP - ok 21:12:40.0789 7792 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 21:12:40.0824 7792 Wanarpv6 - ok 21:12:40.0976 7792 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 21:12:41.0030 7792 WatAdminSvc - ok 21:12:41.0179 7792 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 21:12:41.0252 7792 wbengine - ok 21:12:41.0363 7792 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 21:12:41.0413 7792 WbioSrvc - ok 21:12:41.0471 7792 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 21:12:41.0502 7792 wcncsvc - ok 21:12:41.0614 7792 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 21:12:41.0687 7792 WcsPlugInService - ok 21:12:41.0770 7792 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 21:12:41.0788 7792 Wd - ok 21:12:41.0966 7792 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 21:12:42.0004 7792 Wdf01000 - ok 21:12:42.0135 7792 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 21:12:42.0231 7792 WdiServiceHost - ok 21:12:42.0257 7792 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 21:12:42.0283 7792 WdiSystemHost - ok 21:12:42.0357 7792 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 21:12:42.0414 7792 WebClient - ok 21:12:42.0506 7792 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 21:12:42.0562 7792 Wecsvc - ok 21:12:42.0614 7792 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 21:12:42.0739 7792 wercplsupport - ok 21:12:42.0806 7792 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 21:12:42.0862 7792 WerSvc - ok 21:12:42.0949 7792 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 21:12:43.0000 7792 WfpLwf - ok 21:12:43.0132 7792 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 21:12:43.0155 7792 WIMMount - ok 21:12:43.0308 7792 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 21:12:43.0396 7792 WinDefend - ok 21:12:43.0423 7792 WinHttpAutoProxySvc - ok 21:12:43.0572 7792 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 21:12:43.0607 7792 Winmgmt - ok 21:12:43.0740 7792 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 21:12:43.0822 7792 WinRM - ok 21:12:44.0005 7792 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 21:12:44.0042 7792 WinUsb - ok 21:12:44.0178 7792 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 21:12:44.0249 7792 Wlansvc - ok 21:12:44.0451 7792 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:12:44.0514 7792 wlidsvc - ok 21:12:44.0688 7792 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 21:12:44.0730 7792 WmiAcpi - ok 21:12:44.0886 7792 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 21:12:44.0924 7792 wmiApSrv - ok 21:12:45.0078 7792 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 21:12:45.0135 7792 WMPNetworkSvc - ok 21:12:45.0243 7792 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 21:12:45.0294 7792 WPCSvc - ok 21:12:45.0367 7792 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 21:12:45.0415 7792 WPDBusEnum - ok 21:12:45.0543 7792 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 21:12:45.0606 7792 ws2ifsl - ok 21:12:45.0658 7792 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll 21:12:45.0709 7792 wscsvc - ok 21:12:45.0745 7792 WSearch - ok 21:12:45.0937 7792 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 21:12:46.0016 7792 wuauserv - ok 21:12:46.0166 7792 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 21:12:46.0225 7792 WudfPf - ok 21:12:46.0309 7792 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:12:46.0348 7792 WUDFRd - ok 21:12:46.0405 7792 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 21:12:46.0460 7792 wudfsvc - ok 21:12:46.0542 7792 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 21:12:46.0579 7792 WwanSvc - ok 21:12:46.0741 7792 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:12:46.0936 7792 \Device\Harddisk0\DR0 - ok 21:12:46.0944 7792 Boot (0x1200) (db2e7ef8d8e72e5d330bccab69afe0ee) \Device\Harddisk0\DR0\Partition0 21:12:46.0947 7792 \Device\Harddisk0\DR0\Partition0 - ok 21:12:46.0975 7792 Boot (0x1200) (cdf1a54b5cd2ef6c98ffca9ebc9d896a) \Device\Harddisk0\DR0\Partition1 21:12:46.0976 7792 \Device\Harddisk0\DR0\Partition1 - ok 21:12:46.0976 7792 ============================================================ 21:12:46.0976 7792 Scan finished 21:12:46.0976 7792 ============================================================ 21:12:46.0992 2800 Detected object count: 9 21:12:46.0992 2800 Actual detected object count: 9 21:13:39.0062 2800 Akamai ( HiddenFile.Multi.Generic ) - skipped by user 21:13:39.0062 2800 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 21:13:39.0062 2800 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0062 2800 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0064 2800 giveio ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0065 2800 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0067 2800 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0067 2800 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0069 2800 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0069 2800 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0072 2800 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0072 2800 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0075 2800 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0075 2800 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0077 2800 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 21:13:39.0077 2800 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:13:39.0080 2800 sptd ( LockedFile.Multi.Generic ) - skipped by user 21:13:39.0080 2800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 21:13:49.0625 2612 Deinitialize success

Hey MrC, Please find attached report from RogueKiller below. Kind regards Richard RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Richard Pugh [Admin rights] Mode: Scan -- Date: 04/20/2012 21:05:06 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18} : NameServer (10.94.128.1) -> FOUND [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18} : NameServer (10.94.128.1) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[88] : NtCreateThreadEx @ 0x836AE344 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0x8F44C640) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++ --- User --- [MBR] 6467acab7ae26aea62b5a8345cb32a0f [bSP] 152228ccc2264bc51d3f8405d77a2c53 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119237 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 247271424 | Size: 117737 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Hey MrC

Hello Firefox, I will probably take the matter up with MrC again then in that case as its definatly not down to the internet connection. Thanks for the message anyway Richard

Hi there, A few days ago I came to this forum to remove some persistant Malware on my laptop which was sucessful. However, I now have another problem, my computer has been going notably slower ever since. For example, Watching videos on YouTube using Mozilla Firefox has been VERY laggy with the CPU usage going up to 100% at times. Any help with this would be greatly appreciated. Kind regards Richard