smalltownboy Posted April 15, 2012 ID:542839 Share Posted April 15, 2012 Hi there,I recently had an infection which was sucessfully removed using a combination of AVG 2012 and Malwarebytes. However, in the past week some of my Google search results have been redirecting to websites of no relation to the link I originally clicked on. The webpages redirected to so far have just been advertising for various products.All of the recent scans I have carried out via AVG 2012 and Malwarebytes for any remnants have come back negative everytime. I have also monitored my resources using Task Manager and nothing seems to be out of the ordinary.I would be really greatful if somebody could take a quick look at my DDS and Attach logs for me and see if they can find anything I may have missed previously.Many thanksRichardDDS.txtAttach.txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2012 ID:543323 Share Posted April 16, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options)Post back the report.MrC Link to post Share on other sites More sharing options...
smalltownboy Posted April 16, 2012 Author ID:543345 Share Posted April 16, 2012 Hey MrC,Please find attached report.Many thanksRichardRogueKiller V7.3.2 [03/20/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser: Richard Pugh [Admin rights]Mode: Scan -- Date: 04/16/2012 23:44:06¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 8 ¤¤¤[bLACKLIST DLL] HKCU\[...]\Run : drsvc (rundll32.exe "C:\Users\RICHAR~1\AppData\Local\Temp\drsvc.dll",BAOCloseFile) -> FOUND[bLACKLIST DLL] HKUS\S-1-5-21-1213263347-4281731233-2383071133-1000[...]\Run : drsvc (rundll32.exe "C:\Users\RICHAR~1\AppData\Local\Temp\drsvc.dll",BAOCloseFile) -> FOUND[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18} : NameServer (10.67.48.1) -> FOUND[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18} : NameServer (10.67.48.1) -> FOUND[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [LOADED] ¤¤¤SSDT[88] : NtCreateThreadEx @ 0x836BB344 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0x895ED640)¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 www.nero.com 127.0.0.1 www.nero.com/esl/index.html 127.0.0.1 www.nero.com/esl/support.html 127.0.0.1 www.nero.com/esl/support-customer-service-product-registration.html 127.0.0.1 www.nero.com/esl/store-upgrade-center.html 127.0.0.1 www.nero.com/esl/store-volume-licensing.html 127.0.0.1 www.nero.com/eng/support.html?NeroSID=392cba06859c3dcd87b47525e97a3b80 127.0.0.1 www.nero.com/eng/store-upgrade-center.html?NeroSID=392cba06859c3dcd87b47525e97a3b80 127.0.0.1 www.nero.com/eng/support-customer-service-product-registration.html?NeroSID=392cba06859c3dcd87b47525e97a3b80 127.0.0.1 www.nero.com/eng/index.html 127.0.0.1 www.nero.com/eng/store-upgrade-center.html&sa=X&oi=smap&resnum=1&ct=result&cd=6&usg=AFQjCNFRzc_q0umeKlIj7pPYNNBYCFbXkg 127.0.0.1 www.nero.com/enu/support-nero8.html 127.0.0.1 my.nero.com 127.0.0.1 secure.nero.com/us/secure.asp 127.0.0.1 activation@nero.com 127.0.0.1 registernero.com 127.0.0.1 nero.com 127.0.0.1 www.nero.com/eng/privacy.html. 127.0.0.1 www.nero.com/eng/privacy.html. 127.0.0.1 legal@nero.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++--- User ---[MBR] 6467acab7ae26aea62b5a8345cb32a0f[bSP] 152228ccc2264bc51d3f8405d77a2c53 : Windows 7 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119237 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 247271424 | Size: 117737 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txtRichard Link to post Share on other sites More sharing options...
MrCharlie Posted April 16, 2012 ID:543359 Share Posted April 16, 2012 OK, run RogueKiller again and click scanWhen the scan is done...click on the Registry Entries: tabPut a check next to these...uncheck the rest and click the Delete button on the right hand column:¤¤¤ Registry Entries: 8 ¤¤¤[bLACKLIST DLL] HKCU\[...]\Run : drsvc (rundll32.exe "C:\Users\RICHAR~1\AppData\Local\Temp\drsvc.dll",BAOCloseFile) -> FOUND[bLACKLIST DLL] HKUS\S-1-5-21-1213263347-4281731233-2383071133-1000[...]\Run : drsvc (rundll32.exe "C:\Users\RICHAR~1\AppData\Local\Temp\drsvc.dll",BAOCloseFile) -> FOUND----------------------------------------------Next.........Please make sure system restore is running and create a new restore point before continuing.Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. MrC Link to post Share on other sites More sharing options...
smalltownboy Posted April 17, 2012 Author ID:543529 Share Posted April 17, 2012 Hey MrC,Have followed your instructions and all is well Please find attached TDSSKiller report below. Strangly enough, when removing the registry entries AVG recognised them as a virus. However, I ignored this and continued on with your instructions (I did manage to delete them in the end regardless) Kind regardsRichard16:32:08.0943 6036 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:0516:32:09.0047 6036 ============================================================16:32:09.0047 6036 Current date / time: 2012/04/17 16:32:09.004716:32:09.0047 6036 SystemInfo:16:32:09.0048 6036 16:32:09.0048 6036 OS Version: 6.1.7601 ServicePack: 1.016:32:09.0048 6036 Product type: Workstation16:32:09.0048 6036 ComputerName: LAPPY-TOPPY16:32:09.0048 6036 UserName: Richard Pugh16:32:09.0048 6036 Windows directory: C:\Windows16:32:09.0049 6036 System windows directory: C:\Windows16:32:09.0049 6036 Processor architecture: Intel x8616:32:09.0049 6036 Number of processors: 216:32:09.0049 6036 Page size: 0x100016:32:09.0049 6036 Boot type: Normal boot16:32:09.0049 6036 ============================================================16:32:10.0799 6036 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005016:32:10.0810 6036 \Device\Harddisk0\DR0:16:32:10.0819 6036 MBR used16:32:10.0819 6036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE8E280016:32:10.0819 6036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEBD1000, BlocksNum 0xE5F480016:32:10.0899 6036 Initialize success16:32:10.0899 6036 ============================================================16:32:16.0990 3356 ============================================================16:32:16.0990 3356 Scan started16:32:16.0990 3356 Mode: Manual; SigCheck; TDLFS;16:32:16.0990 3356 ============================================================16:32:18.0089 3356 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys16:32:18.0170 3356 1394ohci - ok16:32:18.0215 3356 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys16:32:18.0239 3356 ACPI - ok16:32:18.0485 3356 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys16:32:18.0533 3356 AcpiPmi - ok16:32:18.0738 3356 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe16:32:18.0773 3356 AdobeARMservice - ok16:32:19.0049 3356 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe16:32:19.0072 3356 AdobeFlashPlayerUpdateSvc - ok16:32:19.0255 3356 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys16:32:19.0294 3356 adp94xx - ok16:32:19.0499 3356 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys16:32:19.0536 3356 adpahci - ok16:32:19.0743 3356 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys16:32:19.0788 3356 adpu320 - ok16:32:19.0966 3356 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll16:32:20.0003 3356 AeLookupSvc - ok16:32:20.0188 3356 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys16:32:20.0223 3356 AFD - ok16:32:20.0454 3356 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys16:32:20.0488 3356 agp440 - ok16:32:20.0683 3356 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys16:32:20.0723 3356 aic78xx - ok16:32:21.0214 3356 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll16:32:21.0215 3356 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c716:32:21.0227 3356 Akamai ( HiddenFile.Multi.Generic ) - warning16:32:21.0228 3356 Akamai - detected HiddenFile.Multi.Generic (1)16:32:21.0405 3356 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe16:32:21.0433 3356 ALG - ok16:32:21.0528 3356 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys16:32:21.0556 3356 aliide - ok16:32:21.0719 3356 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe16:32:21.0755 3356 AMD External Events Utility - ok16:32:21.0908 3356 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys16:32:21.0935 3356 amdagp - ok16:32:22.0117 3356 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys16:32:22.0137 3356 amdide - ok16:32:22.0259 3356 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys16:32:22.0293 3356 AmdK8 - ok16:32:22.0450 3356 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys16:32:22.0494 3356 AmdPPM - ok16:32:22.0627 3356 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys16:32:22.0669 3356 amdsata - ok16:32:22.0819 3356 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys16:32:22.0857 3356 amdsbs - ok16:32:23.0091 3356 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys16:32:23.0110 3356 amdxata - ok16:32:23.0315 3356 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys16:32:23.0362 3356 ApfiltrService - ok16:32:23.0560 3356 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys16:32:23.0615 3356 AppID - ok16:32:23.0771 3356 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll16:32:23.0809 3356 AppIDSvc - ok16:32:24.0237 3356 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll16:32:24.0304 3356 Appinfo - ok16:32:24.0456 3356 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe16:32:24.0502 3356 Apple Mobile Device - ok16:32:24.0647 3356 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll16:32:24.0683 3356 AppMgmt - ok16:32:24.0791 3356 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys16:32:24.0826 3356 arc - ok16:32:24.0944 3356 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys16:32:24.0964 3356 arcsas - ok16:32:25.0071 3356 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys16:32:25.0107 3356 AsyncMac - ok16:32:25.0237 3356 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys16:32:25.0259 3356 atapi - ok16:32:25.0461 3356 Ati External Event Utility (74279ed618c00eb4c534ba2b21583cbb) C:\Windows\system32\Ati2evxx.exe16:32:25.0496 3356 Ati External Event Utility - ok16:32:25.0924 3356 atikmdag (d9527f4bde7e18077a33623f0bc8eb86) C:\Windows\system32\DRIVERS\atikmdag.sys16:32:25.0981 3356 atikmdag - ok16:32:26.0117 3356 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll16:32:26.0169 3356 AudioEndpointBuilder - ok16:32:26.0182 3356 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll16:32:26.0222 3356 Audiosrv - ok16:32:26.0419 3356 AVerFx2hbtv (f0a4e98f9af1a886eabf7f027069808b) C:\Windows\system32\drivers\AVerFx2hbtv.sys16:32:26.0442 3356 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - warning16:32:26.0442 3356 AVerFx2hbtv - detected UnsignedFile.Multi.Generic (1)16:32:26.0878 3356 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe16:32:27.0147 3356 AVGIDSAgent - ok16:32:27.0379 3356 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys16:32:27.0429 3356 AVGIDSDriver - ok16:32:27.0646 3356 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys16:32:27.0668 3356 AVGIDSEH - ok16:32:27.0837 3356 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys16:32:27.0882 3356 AVGIDSFilter - ok16:32:28.0057 3356 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys16:32:28.0078 3356 AVGIDSShim - ok16:32:28.0313 3356 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys16:32:28.0334 3356 Avgldx86 - ok16:32:28.0548 3356 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys16:32:28.0595 3356 Avgmfx86 - ok16:32:28.0799 3356 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys16:32:28.0851 3356 Avgrkx86 - ok16:32:29.0069 3356 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys16:32:29.0126 3356 Avgtdix - ok16:32:29.0286 3356 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe16:32:29.0333 3356 avgwd - ok16:32:29.0562 3356 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll16:32:29.0614 3356 AxInstSV - ok16:32:29.0809 3356 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys16:32:29.0871 3356 b06bdrv - ok16:32:30.0124 3356 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys16:32:30.0211 3356 b57nd60x - ok16:32:30.0356 3356 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll16:32:30.0435 3356 BDESVC - ok16:32:30.0538 3356 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys16:32:30.0580 3356 Beep - ok16:32:30.0943 3356 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll16:32:30.0998 3356 BFE - ok16:32:31.0169 3356 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll16:32:31.0232 3356 BITS - ok16:32:31.0426 3356 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys16:32:31.0475 3356 blbdrive - ok16:32:31.0655 3356 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe16:32:31.0696 3356 Bonjour Service - ok16:32:31.0879 3356 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys16:32:31.0945 3356 bowser - ok16:32:32.0169 3356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys16:32:32.0214 3356 BrFiltLo - ok16:32:32.0411 3356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys16:32:32.0458 3356 BrFiltUp - ok16:32:32.0600 3356 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll16:32:32.0668 3356 Browser - ok16:32:32.0801 3356 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys16:32:32.0854 3356 Brserid - ok16:32:32.0984 3356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys16:32:33.0026 3356 BrSerWdm - ok16:32:33.0237 3356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys16:32:33.0270 3356 BrUsbMdm - ok16:32:33.0489 3356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys16:32:33.0537 3356 BrUsbSer - ok16:32:33.0733 3356 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys16:32:33.0762 3356 BTHMODEM - ok16:32:33.0947 3356 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll16:32:34.0013 3356 bthserv - ok16:32:34.0203 3356 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys16:32:34.0240 3356 cdfs - ok16:32:34.0443 3356 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys16:32:34.0494 3356 cdrom - ok16:32:34.0608 3356 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll16:32:34.0668 3356 CertPropSvc - ok16:32:34.0777 3356 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys16:32:34.0816 3356 circlass - ok16:32:34.0997 3356 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys16:32:35.0026 3356 CLFS - ok16:32:35.0197 3356 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe16:32:35.0244 3356 clr_optimization_v2.0.50727_32 - ok16:32:35.0468 3356 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe16:32:35.0514 3356 clr_optimization_v4.0.30319_32 - ok16:32:35.0842 3356 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys16:32:35.0988 3356 CmBatt - ok16:32:36.0261 3356 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys16:32:36.0282 3356 cmdide - ok16:32:36.0580 3356 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys16:32:36.0630 3356 CNG - ok16:32:36.0788 3356 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys16:32:36.0831 3356 Compbatt - ok16:32:36.0963 3356 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys16:32:37.0016 3356 CompositeBus - ok16:32:37.0059 3356 COMSysApp - ok16:32:37.0173 3356 cpuz134 - ok16:32:37.0393 3356 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys16:32:37.0440 3356 crcdisk - ok16:32:37.0587 3356 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll16:32:37.0657 3356 CryptSvc - ok16:32:37.0834 3356 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys16:32:37.0870 3356 CSC - ok16:32:38.0073 3356 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll16:32:38.0115 3356 CscService - ok16:32:38.0261 3356 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll16:32:38.0329 3356 DcomLaunch - ok16:32:38.0529 3356 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll16:32:38.0593 3356 defragsvc - ok16:32:38.0844 3356 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys16:32:38.0893 3356 DfsC - ok16:32:39.0106 3356 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll16:32:39.0147 3356 Dhcp - ok16:32:39.0242 3356 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys16:32:39.0305 3356 discache - ok16:32:39.0504 3356 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys16:32:39.0564 3356 Disk - ok16:32:39.0708 3356 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll16:32:39.0778 3356 Dnscache - ok16:32:39.0862 3356 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll16:32:39.0928 3356 dot3svc - ok16:32:40.0116 3356 dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys16:32:40.0168 3356 dot4 - ok16:32:40.0352 3356 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys16:32:40.0392 3356 Dot4Print - ok16:32:40.0577 3356 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys16:32:40.0626 3356 dot4usb - ok16:32:40.0810 3356 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll16:32:40.0876 3356 DPS - ok16:32:40.0986 3356 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys16:32:41.0075 3356 drmkaud - ok16:32:41.0532 3356 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys16:32:41.0589 3356 DXGKrnl - ok16:32:41.0750 3356 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll16:32:41.0806 3356 EapHost - ok16:32:42.0202 3356 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys16:32:42.0363 3356 ebdrv - ok16:32:42.0537 3356 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe16:32:42.0624 3356 EFS - ok16:32:42.0756 3356 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe16:32:42.0797 3356 ehRecvr - ok16:32:42.0889 3356 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe16:32:42.0917 3356 ehSched - ok16:32:43.0122 3356 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys16:32:43.0160 3356 elxstor - ok16:32:43.0367 3356 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys16:32:43.0396 3356 ErrDev - ok16:32:43.0559 3356 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll16:32:43.0610 3356 EventSystem - ok16:32:43.0842 3356 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys16:32:43.0897 3356 exfat - ok16:32:44.0135 3356 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys16:32:44.0193 3356 fastfat - ok16:32:44.0373 3356 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe16:32:44.0451 3356 Fax - ok16:32:44.0617 3356 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys16:32:44.0666 3356 fdc - ok16:32:44.0850 3356 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll16:32:44.0904 3356 fdPHost - ok16:32:45.0077 3356 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll16:32:45.0124 3356 FDResPub - ok16:32:45.0335 3356 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys16:32:45.0385 3356 FileInfo - ok16:32:45.0587 3356 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys16:32:45.0648 3356 Filetrace - ok16:32:45.0871 3356 FINEPIX_PCC (4372398a6ae42586eb1c6533dd3b575d) C:\Windows\system32\Drivers\V4CB0115.SYS16:32:45.0917 3356 FINEPIX_PCC - ok16:32:46.0123 3356 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys16:32:46.0165 3356 flpydisk - ok16:32:46.0267 3356 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys16:32:46.0315 3356 FltMgr - ok16:32:46.0624 3356 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll16:32:46.0697 3356 FontCache - ok16:32:46.0887 3356 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe16:32:46.0904 3356 FontCache3.0.0.0 - ok16:32:47.0027 3356 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys16:32:47.0051 3356 FsDepends - ok16:32:47.0185 3356 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys16:32:47.0215 3356 Fs_Rec - ok16:32:47.0332 3356 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys16:32:47.0371 3356 fvevol - ok16:32:47.0485 3356 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys16:32:47.0503 3356 gagp30kx - ok16:32:47.0607 3356 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys16:32:47.0635 3356 GEARAspiWDM - ok16:32:47.0763 3356 GemCCID (86d3d834d35ebe920d85ffedcef79faf) C:\Windows\system32\Drivers\GemCCID.sys16:32:47.0802 3356 GemCCID - ok16:32:47.0934 3356 ggflt (4b5fddbcb9407741f47818b8d1ee4a8e) C:\Windows\system32\DRIVERS\ggflt.sys16:32:47.0965 3356 ggflt - ok16:32:48.0070 3356 ggsemc (80bbcc9724b24a708ca9489c1e0a1e5f) C:\Windows\system32\DRIVERS\ggsemc.sys16:32:48.0106 3356 ggsemc - ok16:32:48.0265 3356 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll16:32:48.0338 3356 gpsvc - ok16:32:48.0462 3356 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe16:32:48.0501 3356 gupdate - ok16:32:48.0524 3356 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe16:32:48.0541 3356 gupdatem - ok16:32:48.0730 3356 hcmon (700c2db7d9781d6001099f6c2b417aeb) C:\Windows\system32\drivers\hcmon.sys16:32:48.0790 3356 hcmon - ok16:32:48.0988 3356 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys16:32:49.0020 3356 hcw85cir - ok16:32:49.0245 3356 HCWU2DTD (c19ef67beca82e6695766654a0f38665) C:\Windows\system32\Drivers\hcwu2dtd.sys16:32:49.0286 3356 HCWU2DTD - ok16:32:49.0468 3356 HCWU2DTL (7db1c2f9d494bab70b50610230af1abd) C:\Windows\system32\DRIVERS\hcwu2dtl.sys16:32:49.0493 3356 HCWU2DTL - ok16:32:49.0713 3356 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys16:32:49.0750 3356 HdAudAddService - ok16:32:49.0921 3356 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys16:32:49.0957 3356 HDAudBus - ok16:32:50.0250 3356 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys16:32:50.0283 3356 HidBatt - ok16:32:50.0503 3356 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys16:32:50.0546 3356 HidBth - ok16:32:50.0795 3356 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys16:32:50.0827 3356 HidIr - ok16:32:51.0230 3356 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll16:32:51.0276 3356 hidserv - ok16:32:51.0554 3356 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys16:32:51.0586 3356 HidUsb - ok16:32:52.0003 3356 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll16:32:52.0066 3356 hkmsvc - ok16:32:52.0228 3356 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll16:32:52.0289 3356 HomeGroupListener - ok16:32:52.0404 3356 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll16:32:52.0466 3356 HomeGroupProvider - ok16:32:52.0710 3356 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys16:32:52.0732 3356 HpSAMD - ok16:32:53.0109 3356 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files\Hotspot Shield\bin\openvpnas.exe16:32:53.0213 3356 hshld - ok16:32:53.0484 3356 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys16:32:53.0513 3356 HssDrv - ok16:32:53.0867 3356 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe16:32:53.0905 3356 HssSrv - ok16:32:54.0153 3356 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE16:32:54.0173 3356 HssTrayService - ok16:32:54.0687 3356 HssWd - ok16:32:54.0951 3356 HTCAND32 (950cc1e6ae3a6cd23e0945cde089b02c) C:\Windows\system32\Drivers\ANDROIDUSB.sys16:32:55.0053 3356 HTCAND32 - ok16:32:55.0382 3356 htcnprot (339adefad60353f960e3ca67ce468c24) C:\Windows\system32\DRIVERS\htcnprot.sys16:32:55.0428 3356 htcnprot - ok16:32:55.0666 3356 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys16:32:55.0721 3356 HTTP - ok16:32:55.0924 3356 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys16:32:55.0950 3356 hwpolicy - ok16:32:56.0324 3356 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys16:32:56.0365 3356 i8042prt - ok16:32:56.0595 3356 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys16:32:56.0638 3356 iaStorV - ok16:32:56.0791 3356 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe16:32:56.0804 3356 IDriverT ( UnsignedFile.Multi.Generic ) - warning16:32:56.0804 3356 IDriverT - detected UnsignedFile.Multi.Generic (1)16:32:57.0027 3356 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe16:32:57.0217 3356 idsvc - ok16:32:57.0406 3356 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys16:32:57.0444 3356 iirsp - ok16:32:57.0586 3356 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll16:32:57.0747 3356 IKEEXT - ok16:32:58.0289 3356 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\Windows\system32\drivers\RTKVHDA.sys16:32:58.0369 3356 IntcAzAudAddService - ok16:32:58.0577 3356 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys16:32:58.0613 3356 intelide - ok16:32:58.0842 3356 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys16:32:58.0862 3356 intelppm - ok16:32:59.0021 3356 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll16:32:59.0090 3356 IPBusEnum - ok16:32:59.0270 3356 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys16:32:59.0322 3356 IpFilterDriver - ok16:32:59.0560 3356 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll16:32:59.0631 3356 iphlpsvc - ok16:32:59.0830 3356 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys16:32:59.0884 3356 IPMIDRV - ok16:33:00.0152 3356 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys16:33:00.0193 3356 IPNAT - ok16:33:00.0299 3356 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe16:33:00.0363 3356 iPod Service - ok16:33:00.0597 3356 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys16:33:00.0634 3356 IRENUM - ok16:33:00.0855 3356 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys16:33:00.0893 3356 isapnp - ok16:33:01.0129 3356 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys16:33:01.0167 3356 iScsiPrt - ok16:33:01.0384 3356 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys16:33:01.0437 3356 k750bus - ok16:33:01.0655 3356 k750mdfl (f44521f63c0c00364fa3d59db980de6a) C:\Windows\system32\DRIVERS\k750mdfl.sys16:33:01.0703 3356 k750mdfl - ok16:33:01.0736 3356 k750mdm (e93323c3ed5e8923a177740a973c27b2) C:\Windows\system32\DRIVERS\k750mdm.sys16:33:01.0754 3356 k750mdm - ok16:33:01.0941 3356 k750mgmt (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\Windows\system32\DRIVERS\k750mgmt.sys16:33:01.0982 3356 k750mgmt - ok16:33:02.0217 3356 k750obex (81ca2d57b2c14f76f4ba80846784bb3d) C:\Windows\system32\DRIVERS\k750obex.sys16:33:02.0269 3356 k750obex - ok16:33:02.0505 3356 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys16:33:02.0528 3356 kbdclass - ok16:33:02.0700 3356 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys16:33:02.0733 3356 kbdhid - ok16:33:02.0904 3356 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe16:33:02.0938 3356 KeyIso - ok16:33:03.0162 3356 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys16:33:03.0202 3356 KSecDD - ok16:33:03.0428 3356 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys16:33:03.0456 3356 KSecPkg - ok16:33:03.0975 3356 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll16:33:04.0048 3356 KtmRm - ok16:33:04.0275 3356 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll16:33:04.0332 3356 LanmanServer - ok16:33:04.0451 3356 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll16:33:04.0507 3356 LanmanWorkstation - ok16:33:04.0627 3356 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys16:33:04.0673 3356 lltdio - ok16:33:04.0795 3356 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll16:33:04.0844 3356 lltdsvc - ok16:33:04.0926 3356 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll16:33:04.0988 3356 lmhosts - ok16:33:05.0132 3356 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys16:33:05.0157 3356 LSI_FC - ok16:33:05.0321 3356 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys16:33:05.0339 3356 LSI_SAS - ok16:33:05.0553 3356 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys16:33:05.0583 3356 LSI_SAS2 - ok16:33:05.0812 3356 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys16:33:05.0846 3356 LSI_SCSI - ok16:33:06.0039 3356 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys16:33:06.0080 3356 luafv - ok16:33:06.0224 3356 mcdbus - ok16:33:06.0389 3356 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll16:33:06.0442 3356 Mcx2Svc - ok16:33:06.0533 3356 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys16:33:06.0566 3356 megasas - ok16:33:06.0710 3356 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys16:33:06.0747 3356 MegaSR - ok16:33:06.0903 3356 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll16:33:06.0959 3356 MMCSS - ok16:33:07.0045 3356 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys16:33:07.0093 3356 Modem - ok16:33:07.0304 3356 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys16:33:07.0345 3356 monitor - ok16:33:07.0540 3356 motmodem (11b8118f538b579488e7645b2578e544) C:\Windows\system32\DRIVERS\motmodem.sys16:33:07.0587 3356 motmodem - ok16:33:07.0706 3356 MotoHelper (290750346f5937b02f62594b8eb03215) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe16:33:07.0728 3356 MotoHelper - ok16:33:07.0926 3356 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys16:33:07.0970 3356 mouclass - ok16:33:08.0181 3356 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys16:33:08.0204 3356 mouhid - ok16:33:08.0264 3356 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys16:33:08.0304 3356 mountmgr - ok16:33:08.0479 3356 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys16:33:08.0516 3356 mpio - ok16:33:08.0676 3356 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys16:33:08.0733 3356 mpsdrv - ok16:33:08.0932 3356 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll16:33:09.0051 3356 MpsSvc - ok16:33:09.0497 3356 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys16:33:09.0539 3356 MRxDAV - ok16:33:09.0773 3356 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys16:33:09.0855 3356 mrxsmb - ok16:33:10.0076 3356 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys16:33:10.0110 3356 mrxsmb10 - ok16:33:10.0343 3356 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys16:33:10.0377 3356 mrxsmb20 - ok16:33:10.0635 3356 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys16:33:10.0672 3356 msahci - ok16:33:10.0896 3356 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys16:33:10.0915 3356 msdsm - ok16:33:11.0103 3356 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe16:33:11.0155 3356 MSDTC - ok16:33:11.0321 3356 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys16:33:11.0358 3356 Msfs - ok16:33:11.0549 3356 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys16:33:11.0595 3356 mshidkmdf - ok16:33:11.0809 3356 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys16:33:11.0830 3356 msisadrv - ok16:33:12.0009 3356 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll16:33:12.0069 3356 MSiSCSI - ok16:33:12.0119 3356 msiserver - ok16:33:12.0257 3356 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys16:33:12.0309 3356 MSKSSRV - ok16:33:12.0523 3356 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys16:33:12.0578 3356 MSPCLOCK - ok16:33:12.0786 3356 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys16:33:12.0839 3356 MSPQM - ok16:33:12.0951 3356 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys16:33:12.0987 3356 MsRPC - ok16:33:13.0149 3356 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys16:33:13.0176 3356 mssmbios - ok16:33:13.0382 3356 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys16:33:13.0418 3356 MSTEE - ok16:33:13.0628 3356 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys16:33:13.0671 3356 MTConfig - ok16:33:13.0881 3356 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys16:33:13.0903 3356 Mup - ok16:33:14.0097 3356 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll16:33:14.0166 3356 napagent - ok16:33:14.0418 3356 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys16:33:14.0460 3356 NativeWifiP - ok16:33:14.0616 3356 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe16:33:14.0652 3356 NAUpdate - ok16:33:14.0875 3356 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys16:33:14.0904 3356 NBVol - ok16:33:15.0117 3356 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys16:33:15.0145 3356 NBVolUp - ok16:33:15.0391 3356 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys16:33:15.0431 3356 NDIS - ok16:33:15.0631 3356 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys16:33:15.0681 3356 NdisCap - ok16:33:15.0884 3356 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys16:33:15.0937 3356 NdisTapi - ok16:33:16.0129 3356 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys16:33:16.0173 3356 Ndisuio - ok16:33:16.0383 3356 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys16:33:16.0431 3356 NdisWan - ok16:33:16.0644 3356 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys16:33:16.0691 3356 NDProxy - ok16:33:16.0844 3356 Net Driver HPZ12 (f7c14f5077bf2bc476c348b88a7f74e2) C:\Windows\system32\HPZinw12.dll16:33:16.0858 3356 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning16:33:16.0858 3356 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)16:33:16.0981 3356 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys16:33:17.0042 3356 Netaapl - ok16:33:17.0243 3356 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys16:33:17.0293 3356 NetBIOS - ok16:33:17.0512 3356 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys16:33:17.0561 3356 NetBT - ok16:33:17.0739 3356 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe16:33:17.0780 3356 Netlogon - ok16:33:17.0916 3356 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll16:33:17.0983 3356 Netman - ok16:33:18.0086 3356 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll16:33:18.0152 3356 netprofm - ok16:33:18.0491 3356 netr73 (00ebe302169c7b783a29b6df3c9e5b28) C:\Windows\system32\DRIVERS\netr73.sys16:33:18.0550 3356 netr73 - ok16:33:18.0733 3356 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe16:33:18.0772 3356 NetTcpPortSharing - ok16:33:18.0988 3356 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys16:33:19.0069 3356 NETw4v32 - ok16:33:19.0495 3356 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys16:33:19.0569 3356 netw5v32 - ok16:33:19.0785 3356 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys16:33:19.0822 3356 nfrd960 - ok16:33:19.0998 3356 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll16:33:20.0067 3356 NlaSvc - ok16:33:20.0246 3356 nlsX86cc (d078127922b34c837fd0df903cf7ad24) C:\Windows\system32\NLSSRV32.EXE16:33:20.0287 3356 nlsX86cc - ok16:33:20.0460 3356 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys16:33:20.0489 3356 NPF - ok16:33:20.0630 3356 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys16:33:20.0695 3356 Npfs - ok16:33:20.0893 3356 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll16:33:20.0974 3356 nsi - ok16:33:21.0179 3356 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys16:33:21.0269 3356 nsiproxy - ok16:33:21.0572 3356 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys16:33:21.0683 3356 Ntfs - ok16:33:21.0900 3356 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys16:33:21.0986 3356 Null - ok16:33:22.0146 3356 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys16:33:22.0197 3356 nvraid - ok16:33:22.0309 3356 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys16:33:22.0370 3356 nvstor - ok16:33:22.0489 3356 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys16:33:22.0531 3356 nv_agp - ok16:33:22.0647 3356 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE16:33:22.0690 3356 odserv - ok16:33:23.0047 3356 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys16:33:23.0177 3356 ohci1394 - ok16:33:23.0354 3356 optousb (f7a2ad676a5c0c2ef2d6321c954e7b46) C:\Windows\system32\DRIVERS\optousb.sys16:33:23.0411 3356 optousb - ok16:33:23.0621 3356 optovcm (f82e3a2fbb48183a437c08d6b608f590) C:\Windows\system32\DRIVERS\optovcm.sys16:33:23.0694 3356 optovcm - ok16:33:23.0762 3356 OracleJobSchedulerXE - ok16:33:23.0814 3356 OracleMTSRecoveryService - ok16:33:23.0831 3356 OracleServiceXE - ok16:33:23.0871 3356 OracleXEClrAgent - ok16:33:23.0939 3356 OracleXETNSListener (8af936ce45788974efff7d0f19143583) C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe16:33:24.0046 3356 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - warning16:33:24.0047 3356 OracleXETNSListener - detected UnsignedFile.Multi.Generic (1)16:33:24.0171 3356 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE16:33:24.0197 3356 ose - ok16:33:24.0342 3356 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll16:33:24.0389 3356 p2pimsvc - ok16:33:24.0429 3356 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll16:33:24.0509 3356 p2psvc - ok16:33:24.0666 3356 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys16:33:24.0717 3356 Parport - ok16:33:24.0898 3356 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys16:33:24.0934 3356 partmgr - ok16:33:24.0973 3356 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys16:33:24.0999 3356 Parvdm - ok16:33:25.0116 3356 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe16:33:25.0201 3356 PassThru Service ( UnsignedFile.Multi.Generic ) - warning16:33:25.0201 3356 PassThru Service - detected UnsignedFile.Multi.Generic (1)16:33:25.0334 3356 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll16:33:25.0381 3356 PcaSvc - ok16:33:25.0481 3356 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys16:33:25.0525 3356 pci - ok16:33:25.0734 3356 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys16:33:25.0772 3356 pciide - ok16:33:25.0826 3356 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys16:33:25.0855 3356 pcmcia - ok16:33:26.0063 3356 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys16:33:26.0106 3356 pcw - ok16:33:26.0323 3356 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys16:33:26.0394 3356 PEAUTH - ok16:33:26.0604 3356 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll16:33:26.0673 3356 PeerDistSvc - ok16:33:26.0938 3356 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll16:33:27.0133 3356 pla - ok16:33:27.0280 3356 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll16:33:27.0356 3356 PlugPlay - ok16:33:27.0504 3356 Pml Driver HPZ12 (e638656001c52a1faa34f92e6d3a086b) C:\Windows\system32\HPZipm12.dll16:33:27.0557 3356 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning16:33:27.0557 3356 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)16:33:27.0603 3356 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll16:33:27.0652 3356 PNRPAutoReg - ok16:33:27.0831 3356 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll16:33:27.0882 3356 PNRPsvc - ok16:33:28.0034 3356 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll16:33:28.0147 3356 PolicyAgent - ok16:33:28.0211 3356 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll16:33:28.0271 3356 Power - ok16:33:28.0475 3356 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys16:33:28.0563 3356 PptpMiniport - ok16:33:28.0748 3356 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys16:33:28.0816 3356 Processor - ok16:33:28.0924 3356 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll16:33:28.0973 3356 ProfSvc - ok16:33:29.0083 3356 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe16:33:29.0116 3356 ProtectedStorage - ok16:33:29.0271 3356 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys16:33:29.0331 3356 Psched - ok16:33:29.0674 3356 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys16:33:29.0772 3356 ql2300 - ok16:33:29.0996 3356 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys16:33:30.0031 3356 ql40xx - ok16:33:30.0204 3356 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll16:33:30.0264 3356 QWAVE - ok16:33:30.0441 3356 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys16:33:30.0487 3356 QWAVEdrv - ok16:33:30.0662 3356 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys16:33:30.0713 3356 RapportCerberus_34302 - ok16:33:30.0835 3356 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys16:33:30.0884 3356 RapportEI - ok16:33:31.0012 3356 RapportKELL (118600ab8f15fe27f2c865f3fb4efa58) C:\Windows\system32\Drivers\RapportKELL.sys16:33:31.0027 3356 RapportKELL - ok16:33:31.0195 3356 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe16:33:31.0253 3356 RapportMgmtService - ok16:33:31.0357 3356 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys16:33:31.0399 3356 RapportPG - ok16:33:31.0623 3356 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys16:33:31.0701 3356 RasAcd - ok16:33:31.0861 3356 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys16:33:31.0905 3356 RasAgileVpn - ok16:33:32.0099 3356 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll16:33:32.0158 3356 RasAuto - ok16:33:32.0337 3356 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys16:33:32.0421 3356 Rasl2tp - ok16:33:32.0555 3356 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll16:33:32.0625 3356 RasMan - ok16:33:32.0725 3356 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys16:33:32.0800 3356 RasPppoe - ok16:33:32.0982 3356 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys16:33:33.0067 3356 RasSstp - ok16:33:33.0272 3356 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys16:33:33.0355 3356 rdbss - ok16:33:33.0530 3356 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys16:33:33.0575 3356 rdpbus - ok16:33:33.0720 3356 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys16:33:33.0785 3356 RDPCDD - ok16:33:33.0903 3356 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys16:33:33.0969 3356 RDPDR - ok16:33:34.0149 3356 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys16:33:34.0200 3356 RDPENCDD - ok16:33:34.0433 3356 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys16:33:34.0594 3356 RDPREFMP - ok16:33:34.0977 3356 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys16:33:35.0031 3356 RDPWD - ok16:33:35.0231 3356 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys16:33:35.0282 3356 rdyboost - ok16:33:35.0438 3356 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll16:33:35.0502 3356 RemoteAccess - ok16:33:35.0549 3356 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll16:33:35.0605 3356 RemoteRegistry - ok16:33:35.0749 3356 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe16:33:35.0808 3356 rpcapd - ok16:33:36.0068 3356 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll16:33:36.0163 3356 RpcEptMapper - ok16:33:36.0402 3356 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe16:33:36.0484 3356 RpcLocator - ok16:33:36.0763 3356 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll16:33:36.0829 3356 RpcSs - ok16:33:37.0098 3356 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys16:33:37.0181 3356 rspndr - ok16:33:37.0500 3356 RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys16:33:37.0551 3356 RTHDMIAzAudService - ok16:33:37.0938 3356 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys16:33:38.0020 3356 RTL8167 - ok16:33:38.0337 3356 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys16:33:38.0365 3356 s0016bus - ok16:33:38.0638 3356 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys16:33:38.0670 3356 s0016mdfl - ok16:33:38.0922 3356 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys16:33:38.0964 3356 s0016mdm - ok16:33:39.0267 3356 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys16:33:39.0302 3356 s0016mgmt - ok16:33:39.0591 3356 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys16:33:39.0626 3356 s0016nd5 - ok16:33:39.0952 3356 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys16:33:40.0129 3356 s0016obex - ok16:33:40.0448 3356 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys16:33:40.0490 3356 s0016unic - ok16:33:40.0777 3356 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys16:33:40.0822 3356 s1018bus - ok16:33:41.0090 3356 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys16:33:41.0115 3356 s1018mdfl - ok16:33:41.0414 3356 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys16:33:41.0446 3356 s1018mdm - ok16:33:41.0794 3356 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys16:33:41.0843 3356 s1018mgmt - ok16:33:42.0133 3356 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys16:33:42.0176 3356 s1018nd5 - ok16:33:42.0491 3356 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys16:33:42.0533 3356 s1018obex - ok16:33:42.0797 3356 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys16:33:42.0835 3356 s1018unic - ok16:33:43.0081 3356 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys16:33:43.0163 3356 s3cap - ok16:33:43.0417 3356 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe16:33:43.0451 3356 SamSs - ok16:33:43.0807 3356 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys16:33:43.0859 3356 sbp2port - ok16:33:44.0084 3356 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll16:33:44.0164 3356 SCardSvr - ok16:33:44.0434 3356 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys16:33:44.0558 3356 scfilter - ok16:33:44.0850 3356 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll16:33:45.0025 3356 Schedule - ok16:33:45.0223 3356 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll16:33:45.0276 3356 SCPolicySvc - ok16:33:45.0594 3356 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys16:33:45.0649 3356 sdbus - ok16:33:45.0909 3356 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll16:33:45.0998 3356 SDRSVC - ok16:33:46.0187 3356 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe16:33:46.0255 3356 SeagateDashboardService - ok16:33:46.0492 3356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys16:33:46.0572 3356 secdrv - ok16:33:46.0793 3356 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll16:33:46.0866 3356 seclogon - ok16:33:47.0088 3356 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll16:33:47.0172 3356 SENS - ok16:33:47.0426 3356 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll16:33:47.0495 3356 SensrSvc - ok16:33:47.0714 3356 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys16:33:47.0782 3356 Serenum - ok16:33:48.0045 3356 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys16:33:48.0091 3356 Serial - ok16:33:48.0294 3356 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys16:33:48.0352 3356 sermouse - ok16:33:48.0604 3356 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll16:33:48.0722 3356 SessionEnv - ok16:33:48.0968 3356 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys16:33:49.0037 3356 sffdisk - ok16:33:49.0231 3356 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys16:33:49.0281 3356 sffp_mmc - ok16:33:49.0560 3356 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys16:33:49.0632 3356 sffp_sd - ok16:33:49.0909 3356 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys16:33:49.0977 3356 sfloppy - ok16:33:50.0230 3356 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll16:33:50.0318 3356 SharedAccess - ok16:33:50.0571 3356 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll16:33:50.0677 3356 ShellHWDetection - ok16:33:50.0945 3356 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys16:33:50.0976 3356 sisagp - ok16:33:51.0310 3356 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys16:33:51.0353 3356 SiSRaid2 - ok16:33:51.0708 3356 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys16:33:51.0743 3356 SiSRaid4 - ok16:33:52.0038 3356 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys16:33:52.0093 3356 Smb - ok16:33:52.0354 3356 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe16:33:52.0391 3356 SNMPTRAP - ok16:33:52.0699 3356 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe16:33:52.0743 3356 Sony Ericsson PCCompanion - ok16:33:52.0977 3356 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys16:33:53.0026 3356 spldr - ok16:33:53.0335 3356 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe16:33:53.0445 3356 Spooler - ok16:33:54.0062 3356 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe16:33:54.0237 3356 sppsvc - ok16:33:54.0461 3356 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll16:33:54.0530 3356 sppuinotify - ok16:33:54.0911 3356 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys16:33:54.0912 3356 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb4875967350516:33:54.0917 3356 sptd ( LockedFile.Multi.Generic ) - warning16:33:54.0917 3356 sptd - detected LockedFile.Multi.Generic (1)16:33:55.0177 3356 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys16:33:55.0227 3356 srv - ok16:33:55.0526 3356 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys16:33:55.0635 3356 srv2 - ok16:33:55.0965 3356 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys16:33:56.0011 3356 srvnet - ok16:33:56.0235 3356 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll16:33:56.0284 3356 SSDPSRV - ok16:33:56.0526 3356 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll16:33:56.0612 3356 SstpSvc - ok16:33:56.0906 3356 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys16:33:56.0944 3356 stexstor - ok16:33:57.0202 3356 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll16:33:57.0343 3356 StiSvc - ok16:33:57.0632 3356 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys16:33:57.0682 3356 storflt - ok16:33:57.0901 3356 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll16:33:57.0942 3356 StorSvc - ok16:33:58.0227 3356 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys16:33:58.0260 3356 storvsc - ok16:33:58.0531 3356 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys16:33:58.0563 3356 swenum - ok16:33:58.0766 3356 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll16:33:58.0865 3356 swprv - ok16:33:59.0216 3356 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll16:33:59.0423 3356 SysMain - ok16:33:59.0640 3356 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll16:33:59.0733 3356 TabletInputService - ok16:34:00.0024 3356 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys16:34:00.0051 3356 taphss - ok16:34:00.0398 3356 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll16:34:00.0506 3356 TapiSrv - ok16:34:00.0746 3356 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll16:34:00.0840 3356 TBS - ok16:34:01.0243 3356 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys16:34:01.0365 3356 Tcpip - ok16:34:01.0895 3356 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys16:34:01.0941 3356 TCPIP6 - ok16:34:02.0246 3356 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys16:34:02.0315 3356 tcpipreg - ok16:34:02.0589 3356 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys16:34:02.0641 3356 TDPIPE - ok16:34:02.0866 3356 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys16:34:02.0896 3356 TDTCP - ok16:34:03.0217 3356 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys16:34:03.0284 3356 tdx - ok16:34:03.0508 3356 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys16:34:03.0542 3356 TermDD - ok16:34:03.0799 3356 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll16:34:03.0921 3356 TermService - ok16:34:04.0165 3356 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll16:34:04.0250 3356 Themes - ok16:34:04.0449 3356 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll16:34:04.0499 3356 THREADORDER - ok16:34:04.0863 3356 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys16:34:04.0937 3356 tifm21 - ok16:34:05.0291 3356 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys16:34:05.0334 3356 tos_sps32 - ok16:34:05.0574 3356 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll16:34:05.0672 3356 TrkWks - ok16:34:05.0825 3356 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe16:34:05.0933 3356 TrustedInstaller - ok16:34:06.0159 3356 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys16:34:06.0241 3356 tssecsrv - ok16:34:06.0499 3356 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys16:34:06.0585 3356 TsUsbFlt - ok16:34:06.0952 3356 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys16:34:07.0030 3356 tunnel - ok16:34:07.0282 3356 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS16:34:07.0323 3356 TVALZ - ok16:34:07.0543 3356 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys16:34:07.0587 3356 uagp35 - ok16:34:07.0919 3356 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys16:34:07.0998 3356 udfs - ok16:34:08.0308 3356 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe16:34:08.0396 3356 ufad-ws60 - ok16:34:08.0643 3356 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe16:34:08.0695 3356 UI0Detect - ok16:34:08.0933 3356 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys16:34:08.0968 3356 uliagpkx - ok16:34:09.0290 3356 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys16:34:09.0349 3356 umbus - ok16:34:09.0701 3356 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys16:34:09.0775 3356 UmPass - ok16:34:10.0002 3356 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll16:34:10.0161 3356 UmRdpService - ok16:34:10.0462 3356 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll16:34:10.0544 3356 upnphost - ok16:34:10.0845 3356 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys16:34:10.0894 3356 USBAAPL - ok16:34:11.0243 3356 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys16:34:11.0326 3356 usbaudio - ok16:34:11.0668 3356 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys16:34:11.0727 3356 usbccgp - ok16:34:12.0001 3356 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys16:34:12.0051 3356 usbcir - ok16:34:12.0569 3356 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys16:34:12.0613 3356 usbehci - ok16:34:12.0956 3356 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys16:34:12.0979 3356 usbhub - ok16:34:13.0379 3356 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys16:34:13.0455 3356 usbohci - ok16:34:13.0687 3356 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys16:34:13.0712 3356 usbprint - ok16:34:13.0917 3356 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS16:34:13.0936 3356 USBSTOR - ok16:34:14.0077 3356 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys16:34:14.0098 3356 usbuhci - ok16:34:14.0373 3356 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys16:34:14.0660 3356 usbvideo - ok16:34:14.0857 3356 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys16:34:14.0927 3356 usb_rndisx - ok16:34:15.0224 3356 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS16:34:15.0240 3356 UVCFTR - ok16:34:15.0504 3356 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll16:34:15.0564 3356 UxSms - ok16:34:15.0674 3356 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe16:34:15.0702 3356 VaultSvc - ok16:34:16.0056 3356 VBoxDrv (fb743efd8a977ea2aff7e3a65f79979f) C:\Windows\system32\DRIVERS\VBoxDrv.sys16:34:16.0094 3356 VBoxDrv - ok16:34:16.0296 3356 VBoxNetAdp (352385f05c1c4770447d5d3fa0438627) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys16:34:16.0313 3356 VBoxNetAdp - ok16:34:16.0535 3356 VBoxNetFlt (a67d188271dd906143d31647f520c907) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys16:34:16.0582 3356 VBoxNetFlt - ok16:34:16.0794 3356 VBoxUSBMon (ea1d9ad2f75043a3ede05aa56bb9dcb9) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys16:34:16.0825 3356 VBoxUSBMon - ok16:34:17.0096 3356 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys16:34:17.0147 3356 vdrvroot - ok16:34:17.0335 3356 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe16:34:17.0398 3356 vds - ok16:34:17.0588 3356 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys16:34:17.0649 3356 vga - ok16:34:17.0901 3356 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys16:34:17.0962 3356 VgaSave - ok16:34:18.0221 3356 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys16:34:18.0264 3356 vhdmp - ok16:34:18.0537 3356 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys16:34:18.0578 3356 viaagp - ok16:34:18.0831 3356 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys16:34:18.0902 3356 ViaC7 - ok16:34:19.0130 3356 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys16:34:19.0176 3356 viaide - ok16:34:19.0346 3356 VMAuthdService (c6543f46394797dbde0cb1bb33c8afd5) C:\Program Files\VMware\VMware Workstation\vmware-authd.exe16:34:19.0378 3356 VMAuthdService - ok16:34:19.0618 3356 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys16:34:19.0652 3356 vmbus - ok16:34:19.0903 3356 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys16:34:19.0965 3356 VMBusHID - ok16:34:20.0183 3356 vmci (d24bdf8fe254aed604f5fe5d850e7027) C:\Windows\system32\Drivers\vmci.sys16:34:20.0214 3356 vmci - ok16:34:20.0458 3356 vmkbd (99b2edd50b175bcb455771e1c7145553) C:\Windows\system32\drivers\VMkbd.sys16:34:20.0474 3356 vmkbd - ok16:34:20.0730 3356 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys16:34:20.0989 3356 VMnetAdapter - ok16:34:21.0206 3356 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys16:34:21.0237 3356 VMnetBridge - ok16:34:21.0464 3356 VMnetDHCP (bc9b7482671e733fb5c122e13e93dabf) C:\Windows\system32\vmnetdhcp.exe16:34:21.0511 3356 VMnetDHCP - ok16:34:21.0716 3356 VMnetuserif (2bbbb5b7859a2f9cb00222b0d56d4dd0) C:\Windows\system32\drivers\vmnetuserif.sys16:34:21.0741 3356 VMnetuserif - ok16:34:21.0917 3356 VMUSBArbService (d73daf6961c4fefe92b914dfabeea98f) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe16:34:21.0987 3356 VMUSBArbService - ok16:34:22.0196 3356 VMware NAT Service (417d1936bd4a669459c04cea892dd722) C:\Windows\system32\vmnat.exe16:34:22.0238 3356 VMware NAT Service - ok16:34:22.0647 3356 vmx86 (aec740ffc3d201780a656d898a4beada) C:\Windows\system32\Drivers\vmx86.sys16:34:22.0689 3356 vmx86 - ok16:34:23.0142 3356 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys16:34:23.0212 3356 volmgr - ok16:34:23.0620 3356 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys16:34:23.0665 3356 volmgrx - ok16:34:23.0933 3356 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys16:34:23.0971 3356 volsnap - ok16:34:24.0526 3356 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys16:34:24.0566 3356 vpcbus - ok16:34:24.0901 3356 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys16:34:24.0944 3356 vpcnfltr - ok16:34:25.0233 3356 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys16:34:25.0255 3356 vpcusb - ok16:34:25.0495 3356 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys16:34:25.0533 3356 vpcvmm - ok16:34:25.0822 3356 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys16:34:25.0857 3356 vsmraid - ok16:34:26.0150 3356 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe16:34:26.0222 3356 VSS - ok16:34:26.0369 3356 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys16:34:26.0414 3356 vstor2-ws60 - ok16:34:26.0776 3356 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys16:34:26.0820 3356 vwifibus - ok16:34:27.0104 3356 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys16:34:27.0152 3356 vwififlt - ok16:34:27.0419 3356 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll16:34:27.0501 3356 W32Time - ok16:34:27.0729 3356 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys16:34:27.0783 3356 WacomPen - ok16:34:27.0995 3356 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys16:34:28.0042 3356 WANARP - ok16:34:28.0067 3356 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys16:34:28.0101 3356 Wanarpv6 - ok16:34:28.0416 3356 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe16:34:28.0482 3356 WatAdminSvc - ok16:34:28.0819 3356 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe16:34:28.0921 3356 wbengine - ok16:34:29.0095 3356 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll16:34:29.0166 3356 WbioSrvc - ok16:34:29.0343 3356 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll16:34:29.0404 3356 wcncsvc - ok16:34:29.0456 3356 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll16:34:29.0498 3356 WcsPlugInService - ok16:34:29.0779 3356 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys16:34:29.0796 3356 Wd - ok16:34:30.0151 3356 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys16:34:30.0189 3356 Wdf01000 - ok16:34:30.0367 3356 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll16:34:30.0404 3356 WdiServiceHost - ok16:34:30.0411 3356 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll16:34:30.0436 3356 WdiSystemHost - ok16:34:30.0647 3356 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll16:34:30.0727 3356 WebClient - ok16:34:30.0961 3356 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll16:34:31.0031 3356 Wecsvc - ok16:34:31.0257 3356 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll16:34:31.0348 3356 wercplsupport - ok16:34:31.0604 3356 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll16:34:31.0688 3356 WerSvc - ok16:34:31.0880 3356 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys16:34:31.0930 3356 WfpLwf - ok16:34:32.0219 3356 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys16:34:32.0250 3356 WIMMount - ok16:34:32.0468 3356 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll16:34:32.0545 3356 WinDefend - ok16:34:32.0553 3356 WinHttpAutoProxySvc - ok16:34:32.0716 3356 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll16:34:32.0798 3356 Winmgmt - ok16:34:33.0150 3356 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll16:34:33.0254 3356 WinRM - ok16:34:33.0448 3356 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys16:34:33.0493 3356 WinUsb - ok16:34:33.0748 3356 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll16:34:33.0814 3356 Wlansvc - ok16:34:34.0328 3356 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE16:34:34.0440 3356 wlidsvc - ok16:34:34.0719 3356 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys16:34:34.0745 3356 WmiAcpi - ok16:34:35.0046 3356 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe16:34:35.0111 3356 wmiApSrv - ok16:34:35.0359 3356 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe16:34:35.0491 3356 WMPNetworkSvc - ok16:34:35.0707 3356 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll16:34:35.0735 3356 WPCSvc - ok16:34:35.0797 3356 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll16:34:35.0877 3356 WPDBusEnum - ok16:34:36.0140 3356 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys16:34:36.0209 3356 ws2ifsl - ok16:34:36.0366 3356 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll16:34:36.0425 3356 wscsvc - ok16:34:36.0559 3356 WSearch - ok16:34:36.0970 3356 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll16:34:37.0220 3356 wuauserv - ok16:34:37.0497 3356 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys16:34:37.0590 3356 WudfPf - ok16:34:37.0940 3356 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys16:34:37.0993 3356 WUDFRd - ok16:34:38.0113 3356 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll16:34:38.0161 3356 wudfsvc - ok16:34:38.0250 3356 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll16:34:38.0308 3356 WwanSvc - ok16:34:38.0506 3356 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR016:34:39.0234 3356 \Device\Harddisk0\DR0 - ok16:34:39.0276 3356 Boot (0x1200) (db2e7ef8d8e72e5d330bccab69afe0ee) \Device\Harddisk0\DR0\Partition016:34:39.0300 3356 \Device\Harddisk0\DR0\Partition0 - ok16:34:39.0350 3356 Boot (0x1200) (cdf1a54b5cd2ef6c98ffca9ebc9d896a) \Device\Harddisk0\DR0\Partition116:34:39.0385 3356 \Device\Harddisk0\DR0\Partition1 - ok16:34:39.0386 3356 ============================================================16:34:39.0387 3356 Scan finished16:34:39.0387 3356 ============================================================16:34:39.0416 0468 Detected object count: 816:34:39.0416 0468 Actual detected object count: 816:35:39.0578 0468 Akamai ( HiddenFile.Multi.Generic ) - skipped by user16:35:39.0578 0468 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip16:35:39.0578 0468 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - skipped by user16:35:39.0579 0468 AVerFx2hbtv ( UnsignedFile.Multi.Generic ) - User select action: Skip16:35:39.0581 0468 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user16:35:39.0581 0468 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip16:35:39.0583 0468 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user16:35:39.0583 0468 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip16:35:39.0586 0468 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - skipped by user16:35:39.0586 0468 OracleXETNSListener ( UnsignedFile.Multi.Generic ) - User select action: Skip16:35:39.0590 0468 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user16:35:39.0590 0468 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip16:35:39.0593 0468 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user16:35:39.0593 0468 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip16:35:39.0597 0468 sptd ( LockedFile.Multi.Generic ) - skipped by user16:35:39.0597 0468 sptd ( LockedFile.Multi.Generic ) - User select action: Skip16:37:21.0697 0956 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted April 17, 2012 ID:543530 Share Posted April 17, 2012 That scan was OK...........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Please include the C:\ComboFix.txt in your next reply for further review.Note:If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
smalltownboy Posted April 17, 2012 Author ID:543560 Share Posted April 17, 2012 As requested, please find attached scan from ComboFix below.Kind regardsRichardComboFix 12-04-16.03 - Richard Pugh 17/04/2012 17:30:04.1.2 - x86Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2046.1211 [GMT 1:00]Running from: c:\users\Richard Pugh\Desktop\ComboFix.exeAV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\RICHAR~1\AppData\Local\Temp\drsvc.dllc:\users\Richard Pugh\AppData\Local\Temp\drsvc.dll..((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))..2012-04-17 16:52 . 2012-04-17 16:52 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-04-17 16:52 . 2012-04-17 16:52 -------- d-----w- c:\users\Family\AppData\Local\temp2012-04-17 16:52 . 2012-04-17 16:53 -------- d-----w- c:\users\Richard Pugh\AppData\Local\temp2012-04-17 16:52 . 2012-04-17 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-14 18:27 . 2012-04-14 19:26 -------- d-----w- c:\users\Family\AppData\Local\Paint.NET2012-04-11 09:30 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-11 09:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll2012-04-11 09:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll2012-04-11 09:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-11 09:29 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-04-11 09:29 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-10 13:27 . 2012-04-10 13:27 561992 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor11.dll2012-04-10 13:27 . 2012-04-10 13:27 -------- d-----w- c:\programdata\Hotspot Shield2012-04-06 11:29 . 2012-04-06 11:29 388096 ----a-r- c:\users\Richard Pugh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2012-04-06 11:29 . 2012-04-06 11:29 -------- d-----w- c:\program files\Trend Micro2012-04-04 13:40 . 2012-04-04 13:40 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\Malwarebytes2012-04-04 13:40 . 2012-04-05 07:13 -------- d-----w- c:\programdata\Malwarebytes2012-04-04 13:40 . 2012-04-13 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-04-04 13:40 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-03-31 22:47 . 2012-03-31 22:47 -------- d-----w- c:\users\Family\AppData\Roaming\Motorola2012-03-31 19:40 . 2012-03-31 19:40 -------- d-----w- c:\users\Richard Pugh\AppData\Local\BVRP Software2012-03-31 19:38 . 2012-03-31 19:39 -------- d-----w- c:\program files\Motorola Phone Tools2012-03-31 18:58 . 2012-03-31 18:58 -------- d-----w- c:\users\Richard Pugh\AppData\Local\{5A2125D6-7B63-11E1-826D-B8AC6F996F26}2012-03-31 18:52 . 2012-03-31 18:52 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\Motorola2012-03-31 18:50 . 2012-03-31 18:50 -------- d-----w- c:\program files\Common Files\Motorola Shared2012-03-31 18:50 . 2012-03-31 18:50 -------- d-----w- c:\program files\Motorola2012-03-31 13:12 . 2012-03-31 13:13 -------- d-----w- c:\program files\Paint.NET2012-03-31 13:12 . 2012-03-31 22:34 -------- d-----w- c:\users\Richard Pugh\AppData\Local\Paint.NET2012-03-30 21:38 . 2012-03-30 21:38 -------- d-----w- c:\program files\iPod2012-03-30 21:38 . 2012-03-30 21:39 -------- d-----w- c:\program files\iTunes2012-03-30 21:30 . 2012-03-30 21:30 -------- d-----w- c:\users\Family\AppData\Local\Apple2012-03-30 21:27 . 2012-03-30 21:27 -------- d-----w- c:\users\Family\AppData\Local\Apple Computer2012-03-29 10:27 . 2012-03-29 10:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-03-28 14:28 . 2012-03-28 14:38 -------- d-----w- c:\users\Richard Pugh\AppData\Local\XACT2012-03-28 12:09 . 2012-03-28 12:09 -------- d-----w- c:\users\Richard Pugh\AppData\Local\e-academy Inc2012-03-28 12:09 . 2012-03-28 12:09 -------- d-----w- c:\users\Richard Pugh\AppData\Roaming\e-academy Inc...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-03-29 10:27 . 2011-05-19 09:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-03-14 18:57 . 2012-03-17 20:12 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys2012-03-14 18:57 . 2012-03-17 20:11 91952 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys2012-03-14 18:57 . 2012-03-14 18:57 116016 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys2012-03-14 18:57 . 2012-03-14 18:57 104752 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys2012-03-14 18:57 . 2012-03-14 18:57 135472 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll2012-03-11 13:48 . 2012-03-11 13:48 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys2012-02-26 00:18 . 2011-08-24 09:16 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll2012-02-26 00:08 . 2011-03-04 11:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll2012-02-24 02:43 . 2012-02-24 02:43 70136 ----a-w- c:\windows\system32\NLSSRV32.EXE2012-02-24 02:43 . 2012-03-03 11:26 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll2012-02-24 02:43 . 2012-03-03 11:26 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll2012-02-17 05:34 . 2012-03-14 10:28 826880 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 04:14 . 2012-03-14 10:28 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:13 . 2012-03-14 10:28 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll2012-02-15 11:01 . 2012-02-15 11:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys2012-02-10 05:38 . 2012-03-14 10:28 1077248 ----a-w- c:\windows\system32\DWrite.dll2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX2012-02-03 03:54 . 2012-03-14 10:28 2343424 ----a-w- c:\windows\system32\win32k.sys2012-01-25 12:57 . 2012-01-25 12:57 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys2012-01-25 05:32 . 2012-03-14 10:28 58880 ----a-w- c:\windows\system32\rdpwsx.dll2012-01-25 05:32 . 2012-03-14 10:28 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-01-25 05:27 . 2012-03-14 10:28 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe2012-03-18 10:09 . 2011-03-21 19:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]"\\LIVVY\EPSON Stylus DX4800 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248]"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2010-10-30 303104].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]2011-12-23 05:57 3334432 ----a-w- c:\users\Richard Pugh\AppData\Local\Akamai\netsession_win.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]2011-10-06 00:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]2012-02-20 21:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]2007-04-10 15:40 413696 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]2011-12-20 13:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]2011-10-21 14:06 433872 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]2011-09-23 20:45 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe.R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 136176]R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-01 204800]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]R3 AVerFx2hbtv;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv.sys [2009-12-08 437888]R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [x]R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 89600]R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-09-25 13352]R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 136176]R3 HCWU2DTD;Hauppauge Nova USB2 DVB-T TV Receiver;c:\windows\system32\Drivers\hcwu2dtd.sys [2009-01-11 58880]R3 HCWU2DTL;Hauppauge Nova-USB2-T Adapter Firmware Loader;c:\windows\system32\DRIVERS\hcwu2dtl.sys [2009-01-11 18432]R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2010-02-24 562464]R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2010-03-24 22016]R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2010-03-24 28160]R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-20 1343400]R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [x]S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-03-11 56208]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-20 691696]S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-03-11 71440]S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-03-11 164112]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-03-14 158512]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-03-14 91952]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-02-24 70136]S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [x]S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-11 931640]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-09-23 70768]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-09-23 539248]S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-03-14 104752]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-03-14 116016]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 26564739*NewlyCreated* - 65898877*Deregistered* - 26564739*Deregistered* - 65898877*Deregistered* - TrueSight.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]Akamai REG_MULTI_SZ AkamaiHPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12.Contents of the 'Scheduled Tasks' folder.2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:27].2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 14:11].2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-19 14:11].2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213263347-4281731233-2383071133-1000Core.job- c:\users\Richard Pugh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 11:22].2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1213263347-4281731233-2383071133-1000UA.job- c:\users\Richard Pugh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-04 11:22]..------- Supplementary Scan -------.uStart Page = hxxp://google.co.uk/iguInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;192.168.*.*IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.htmlLSP: c:\program files\VMware\VMware Workstation\vsocklib.dllTCP: DhcpNameServer = 194.168.4.100 194.168.8.100TCP: Interfaces\{D2558E9E-4962-4AC0-8FA3-F037BBD07A18}: NameServer = 10.67.48.1DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cabDPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cabDPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CABFF - ProfilePath - c:\users\Richard Pugh\AppData\Roaming\Mozilla\Firefox\Profiles\axfhndiz.default\FF - prefs.js: browser.startup.homepage - www.google.co.uk/ig.- - - - ORPHANS REMOVED - - - -.MSConfigStartUp-HKCU - c:\users\Richard Pugh\AppData\Roaming\Svchost\Svchost.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-04-17 18:01:21ComboFix-quarantined-files.txt 2012-04-17 17:01.Pre-Run: 14,869,921,792 bytes freePost-Run: 16,988,336,128 bytes free.- - End Of File - - 1C37D8D14AC6279E1C1F12FB4596D322 Link to post Share on other sites More sharing options...
MrCharlie Posted April 17, 2012 ID:543563 Share Posted April 17, 2012 Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its finished it should automatically reboot your machine,if it doesn't, manually reboot to ensure a complete clean--------------------------------------------------Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how it is, MrC Link to post Share on other sites More sharing options...
smalltownboy Posted April 17, 2012 Author ID:543580 Share Posted April 17, 2012 Hiya,I have run TFC and MBAM Quick scan as requested. The system actually seems a lot faster and as far as Google redirecting some of the search results is concerned, this has not happend since the weekend. So far so good! Please see report from MBAM belowKind regardsRichardMalwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.04.17.05Windows 7 Service Pack 1 x86 NTFSInternet Explorer 9.0.8112.16421Richard Pugh :: LAPPY-TOPPY [administrator]17/04/2012 19:13:53mbam-log-2012-04-17 (19-13-53).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 259800Time elapsed: 16 minute(s), 54 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
MrCharlie Posted April 17, 2012 ID:543585 Share Posted April 17, 2012 Great A little cleanup to do.Please Uninstall ComboFix:Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point---------------------------------Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.-------------------------------You have out date Java on the system, older versions are vulnerable to malware.Please go to your control panel > Java > Update Tab > Update NowBrowserJavaVersion: 1.6.0_29 <---should be 31------------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
smalltownboy Posted April 17, 2012 Author ID:543593 Share Posted April 17, 2012 Thankyou so much for your help MrC!Just one question, Rogue Killer left its qurantine folder on the desktop, is it ok to just go ahead and manually delete this? and should I also delete the System Restore points created on the system during this entire process? I only ask as I know System Restore points can contain a copy of the malware that has already been removed.Many thanksRichard Link to post Share on other sites More sharing options...
smalltownboy Posted April 17, 2012 Author ID:543594 Share Posted April 17, 2012 Oh sorry! Just started reading the preventative measures! Hahaha! Link to post Share on other sites More sharing options...
MrCharlie Posted April 17, 2012 ID:543633 Share Posted April 17, 2012 MrC Link to post Share on other sites More sharing options...
LDTate Posted April 18, 2012 ID:543779 Share Posted April 18, 2012 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts