RootKit.0Access.H Infection

[duncanad]

I have the above infection on my Laptop which runs Windows XP SP 3 all up to date. I have Virgin anti virues (MacaFee?) as they are my ISP.

Initial symptom was when clicking on Google search results was re-direcred to random sites.

Installed Malwarebytes Anti Malware. I have this running on my Desktop, why I didn't have this on my Laptop I really don't know - would probably have prevented this problem.

Malwarebytes scan reports, quaranteens and removes RootKit.0Access.H but it keeps coming back.

Symtoms as follows:

Pop up "MalwareBytes Anti Malware has detected a malicious process attempting to start and gas blocked the execution attempt. C:\WINDOWS\SYSTEM32\WEBSENSEDAGENT.DLL ROOTKIT.0ACCESS.H"

Pop up "A program was blocked from accessing the Internet. Name: TCP/IP Ping Command"

Pop up "Successfully blocked access to a potentially malicious website 188.95.52.162" (The IP address varies)

Also my Virgin Anti virus shuts down with a message stating that it has a problem and needs to be restarted. Restarting results in the same problem.

I've attached dds.txt and attach.txt as directed.

Any assistance in removing this infection will be greatly appreciated.

Regards,

Alan

dds.txt

attach.txt

[CatByte]

Hi,

Please do the following:

Please download TDSSKiller.zip

• Extract it to your desktop
  
• Double click TDSSKiller.exe
  
• when the window opens, click on Change Parameters
  
• under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System” (If found - select delete)
  
• click OK
  
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
    
  • Then click Continue > Reboot now
    

  [*]Copy and paste the log in your next reply

  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    

NEXT

Download ComboFix from one of the following locations:

Link 1

Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  

• Click on Yes, to continue scanning for malware.
  

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[duncanad]

Many thanks for the very prompt reply.

I followed your instructions except that I forgot to select “Detect TDLFS File System” the first time I scanned using tdsskiller. I scanned a second time using this option. I have posted below the log files from both scans. Sorry if this makes things more awkward for you to analyse.

Greatly appreciate your assistance with this.

Ist Scan Log

08:50:23.0625 0784 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

08:50:25.0015 0784 ============================================================

08:50:25.0015 0784 Current date / time: 2012/04/16 08:50:25.0015

08:50:25.0015 0784 SystemInfo:

08:50:25.0015 0784

08:50:25.0015 0784 OS Version: 5.1.2600 ServicePack: 3.0

08:50:25.0015 0784 Product type: Workstation

08:50:25.0015 0784 ComputerName: GRUMPS

08:50:25.0015 0784 UserName: duncanad

08:50:25.0015 0784 Windows directory: C:\WINDOWS

08:50:25.0015 0784 System windows directory: C:\WINDOWS

08:50:25.0015 0784 Processor architecture: Intel x86

08:50:25.0015 0784 Number of processors: 2

08:50:25.0015 0784 Page size: 0x1000

08:50:25.0015 0784 Boot type: Normal boot

08:50:25.0015 0784 ============================================================

08:50:29.0500 0784 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:50:29.0515 0784 \Device\Harddisk0\DR0:

08:50:29.0531 0784 MBR used

08:50:29.0531 0784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0x11E40DFC

08:50:29.0718 0784 Initialize success

08:50:29.0718 0784 ============================================================

08:50:39.0171 7808 ============================================================

08:50:39.0171 7808 Scan started

08:50:39.0171 7808 Mode: Manual;

08:50:39.0171 7808 ============================================================

08:50:42.0375 7808 Abiosdsk - ok

08:50:42.0812 7808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:50:42.0812 7808 abp480n5 - ok

08:50:43.0062 7808 ACDaemon - ok

08:50:43.0937 7808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:50:43.0968 7808 ACPI - ok

08:50:44.0875 7808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:50:44.0875 7808 ACPIEC - ok

08:50:45.0015 7808 Adobe LM Service (d2667e242552e8ca866af4fd0e7ca91a) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

08:50:45.0015 7808 Adobe LM Service - ok

08:50:45.0203 7808 AdobeActiveFileMonitor5.0 (ed71cb1acb268552157bfc34746b7190) C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

08:50:45.0218 7808 AdobeActiveFileMonitor5.0 - ok

08:50:46.0031 7808 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:50:46.0046 7808 AdobeFlashPlayerUpdateSvc - ok

08:50:46.0484 7808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:50:46.0500 7808 adpu160m - ok

08:50:46.0984 7808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:50:47.0046 7808 aec - ok

08:50:48.0250 7808 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

08:50:48.0265 7808 AegisP - ok

08:50:49.0718 7808 AF15BDA (6e1cc5aa9817cd13fbceb35dac0a77f7) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys

08:50:49.0859 7808 AF15BDA - ok

08:50:50.0937 7808 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

08:50:50.0937 7808 Afc - ok

08:50:51.0375 7808 AFD (9c14ad69bfa46cb7dc72ff82310ace45) C:\WINDOWS\System32\drivers\afd.sys

08:50:51.0375 7808 AFD ( Virus.Win32.ZAccess.k ) - infected

08:50:51.0375 7808 AFD - detected Virus.Win32.ZAccess.k (0)

08:50:51.0812 7808 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:50:51.0812 7808 agp440 - ok

08:50:52.0250 7808 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:50:52.0250 7808 agpCPQ - ok

08:50:52.0687 7808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:50:52.0687 7808 Aha154x - ok

08:50:53.0343 7808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:50:53.0390 7808 aic78u2 - ok

08:50:54.0015 7808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:50:54.0015 7808 aic78xx - ok

08:50:54.0328 7808 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll

08:50:54.0328 7808 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

08:50:54.0343 7808 Akamai ( HiddenFile.Multi.Generic ) - warning

08:50:54.0343 7808 Akamai - detected HiddenFile.Multi.Generic (1)

08:50:54.0765 7808 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

08:50:54.0781 7808 alcan5wn - ok

08:50:55.0234 7808 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys

08:50:55.0234 7808 alcaudsl - ok

08:50:55.0578 7808 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

08:50:55.0578 7808 Alerter - ok

08:50:55.0953 7808 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

08:50:55.0953 7808 ALG - ok

08:50:56.0781 7808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:50:56.0781 7808 AliIde - ok

08:50:59.0140 7808 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:50:59.0281 7808 alim1541 - ok

08:50:59.0734 7808 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:50:59.0734 7808 amdagp - ok

08:51:00.0187 7808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:51:00.0187 7808 amsint - ok

08:51:00.0640 7808 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

08:51:00.0640 7808 APPDRV - ok

08:51:00.0984 7808 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

08:51:01.0000 7808 AppMgmt - ok

08:51:01.0796 7808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:51:01.0796 7808 Arp1394 - ok

08:51:02.0234 7808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:51:02.0234 7808 asc - ok

08:51:02.0671 7808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:51:02.0671 7808 asc3350p - ok

08:51:03.0468 7808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:51:03.0515 7808 asc3550 - ok

08:51:04.0140 7808 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:51:04.0218 7808 aspnet_state - ok

08:51:04.0812 7808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:51:04.0812 7808 AsyncMac - ok

08:51:05.0281 7808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:51:05.0281 7808 atapi - ok

08:51:05.0656 7808 Atdisk - ok

08:51:05.0937 7808 ati2mtag - ok

08:51:06.0359 7808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:51:06.0375 7808 Atmarpc - ok

08:51:06.0671 7808 ATMsrvc - ok

08:51:07.0031 7808 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

08:51:07.0031 7808 AudioSrv - ok

08:51:07.0484 7808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:51:07.0484 7808 audstub - ok

08:51:07.0765 7808 axinstsv - ok

08:51:08.0234 7808 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

08:51:08.0234 7808 bcm4sbxp - ok

08:51:08.0640 7808 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys

08:51:08.0640 7808 BCOREUSB - ok

08:51:08.0953 7808 bc_pat_f - ok

08:51:09.0406 7808 BDA_Capture_220A (75157fd218b7de96adc6c71addcc8225) C:\WINDOWS\system32\Drivers\BDA_Capture_220A.sys

08:51:09.0406 7808 BDA_Capture_220A - ok

08:51:09.0859 7808 BDA_Loader_220A (3d0904c089481364c4ba9817153c78a0) C:\WINDOWS\system32\Drivers\BDA_Loader_220A.sys

08:51:09.0859 7808 BDA_Loader_220A - ok

08:51:10.0328 7808 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys

08:51:10.0328 7808 bdfsfltr - ok

08:51:10.0734 7808 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

08:51:10.0765 7808 BecHelperService - ok

08:51:11.0187 7808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:51:11.0187 7808 Beep - ok

08:51:11.0562 7808 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

08:51:11.0640 7808 BITS - ok

08:51:11.0765 7808 Bluetooth Hid Switch Service (b26e18adaa16e507166e3b61e79a1e25) C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe

08:51:11.0765 7808 Bluetooth Hid Switch Service - ok

08:51:11.0843 7808 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

08:51:11.0843 7808 Bonjour Service - ok

08:51:12.0281 7808 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

08:51:12.0281 7808 Browser - ok

08:51:12.0562 7808 BrUsbSer - ok

08:51:12.0984 7808 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

08:51:13.0406 7808 BthEnum - ok

08:51:14.0203 7808 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

08:51:14.0203 7808 BthPan - ok

08:51:14.0687 7808 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

08:51:14.0687 7808 BTHPORT - ok

08:51:15.0046 7808 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll

08:51:15.0046 7808 BthServ - ok

08:51:15.0468 7808 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

08:51:15.0484 7808 BTHUSB - ok

08:51:15.0906 7808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:51:15.0906 7808 cbidf - ok

08:51:16.0343 7808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:51:16.0343 7808 cbidf2k - ok

08:51:16.0812 7808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:51:16.0812 7808 CCDECODE - ok

08:51:17.0234 7808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:51:17.0234 7808 cd20xrnt - ok

08:51:17.0781 7808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:51:17.0781 7808 Cdaudio - ok

08:51:18.0359 7808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:51:18.0359 7808 Cdfs - ok

08:51:18.0812 7808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:51:18.0812 7808 Cdrom - ok

08:51:19.0171 7808 Changer - ok

08:51:19.0515 7808 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

08:51:19.0515 7808 CiSvc - ok

08:51:19.0875 7808 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

08:51:19.0875 7808 ClipSrv - ok

08:51:20.0421 7808 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:51:20.0500 7808 clr_optimization_v2.0.50727_32 - ok

08:51:20.0984 7808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

08:51:20.0984 7808 CmBatt - ok

08:51:21.0390 7808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:51:21.0390 7808 CmdIde - ok

08:51:21.0859 7808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:51:21.0859 7808 Compbatt - ok

08:51:22.0140 7808 COMSysApp - ok

08:51:22.0593 7808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:51:22.0593 7808 Cpqarray - ok

08:51:22.0953 7808 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

08:51:22.0953 7808 CryptSvc - ok

08:51:23.0390 7808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:51:23.0390 7808 dac2w2k - ok

08:51:23.0812 7808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:51:23.0812 7808 dac960nt - ok

08:51:24.0218 7808 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:51:24.0218 7808 DcomLaunch - ok

08:51:24.0656 7808 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys

08:51:24.0656 7808 DefragFS - ok

08:51:24.0968 7808 DgiVecp - ok

08:51:25.0343 7808 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

08:51:25.0359 7808 Dhcp - ok

08:51:25.0796 7808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:51:25.0796 7808 Disk - ok

08:51:26.0218 7808 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

08:51:26.0218 7808 DLABMFSM - ok

08:51:26.0828 7808 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

08:51:26.0828 7808 DLABOIOM - ok

08:51:27.0281 7808 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

08:51:27.0281 7808 DLACDBHM - ok

08:51:27.0640 7808 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

08:51:27.0640 7808 DLADResM - ok

08:51:28.0093 7808 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

08:51:28.0093 7808 DLAIFS_M - ok

08:51:28.0500 7808 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

08:51:28.0500 7808 DLAOPIOM - ok

08:51:28.0921 7808 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

08:51:28.0921 7808 DLAPoolM - ok

08:51:29.0359 7808 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

08:51:29.0359 7808 DLARTL_M - ok

08:51:29.0781 7808 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

08:51:29.0781 7808 DLAUDFAM - ok

08:51:30.0593 7808 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

08:51:30.0593 7808 DLAUDF_M - ok

08:51:30.0859 7808 dmadmin - ok

08:51:31.0343 7808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:51:31.0390 7808 dmboot - ok

08:51:31.0859 7808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:51:31.0875 7808 dmio - ok

08:51:32.0281 7808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:51:32.0281 7808 dmload - ok

08:51:32.0640 7808 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

08:51:32.0640 7808 dmserver - ok

08:51:33.0156 7808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:51:33.0187 7808 DMusic - ok

08:51:33.0875 7808 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

08:51:33.0921 7808 Dnscache - ok

08:51:35.0203 7808 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

08:51:35.0281 7808 Dot3svc - ok

08:51:35.0921 7808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:51:35.0953 7808 dpti2o - ok

08:51:36.0921 7808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:51:36.0921 7808 drmkaud - ok

08:51:37.0687 7808 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

08:51:37.0687 7808 DRVMCDB - ok

08:51:38.0125 7808 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

08:51:38.0125 7808 DRVNDDM - ok

08:51:38.0593 7808 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys

08:51:38.0609 7808 DXEC02 - ok

08:51:39.0015 7808 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

08:51:39.0015 7808 E100B - ok

08:51:39.0421 7808 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

08:51:39.0421 7808 EapHost - ok

08:51:39.0718 7808 egathdrv - ok

08:51:40.0031 7808 Epfwndis - ok

08:51:40.0343 7808 epson_pm_rpcv2_02 - ok

08:51:40.0718 7808 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

08:51:40.0718 7808 ERSvc - ok

08:51:41.0093 7808 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:51:41.0140 7808 Eventlog - ok

08:51:41.0531 7808 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

08:51:41.0546 7808 EventSystem - ok

08:51:41.0718 7808 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

08:51:41.0750 7808 EvtEng - ok

08:51:42.0218 7808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:51:42.0218 7808 Fastfat - ok

08:51:42.0593 7808 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:51:42.0593 7808 FastUserSwitchingCompatibility - ok

08:51:43.0484 7808 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

08:51:43.0515 7808 Fax - ok

08:51:44.0125 7808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:51:44.0140 7808 Fdc - ok

08:51:44.0578 7808 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

08:51:44.0578 7808 FilterService - ok

08:51:45.0031 7808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:51:45.0031 7808 Fips - ok

08:51:45.0468 7808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:51:45.0484 7808 Flpydisk - ok

08:51:45.0921 7808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:51:45.0937 7808 FltMgr - ok

08:51:46.0328 7808 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:51:46.0343 7808 FontCache3.0.0.0 - ok

08:51:46.0828 7808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:51:46.0828 7808 Fs_Rec - ok

08:51:47.0281 7808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:51:47.0296 7808 Ftdisk - ok

08:51:47.0750 7808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:51:47.0750 7808 Gpc - ok

08:51:48.0031 7808 GTPTSER - ok

08:51:48.0328 7808 gupdate1ca5a75a727b093 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

08:51:48.0328 7808 gupdate1ca5a75a727b093 - ok

08:51:48.0328 7808 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

08:51:48.0328 7808 gupdatem - ok

08:51:48.0421 7808 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:51:48.0421 7808 gusvc - ok

08:51:48.0875 7808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:51:48.0890 7808 HDAudBus - ok

08:51:49.0234 7808 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:51:49.0234 7808 helpsvc - ok

08:51:49.0578 7808 HidServ - ok

08:51:50.0031 7808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:51:50.0031 7808 HidUsb - ok

08:51:50.0375 7808 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

08:51:50.0375 7808 hkmsvc - ok

08:51:50.0828 7808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:51:50.0828 7808 hpn - ok

08:51:51.0156 7808 HsdService (45a033481b6eccc4534e14b6e2416a00) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

08:51:51.0406 7808 HsdService - ok

08:51:52.0109 7808 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

08:51:52.0125 7808 HSFHWAZL - ok

08:51:52.0593 7808 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

08:51:52.0656 7808 HSF_DPV - ok

08:51:53.0156 7808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:51:53.0156 7808 HTTP - ok

08:51:53.0796 7808 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

08:51:53.0828 7808 HTTPFilter - ok

08:51:54.0312 7808 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:51:54.0312 7808 i2omgmt - ok

08:51:54.0765 7808 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:51:54.0765 7808 i2omp - ok

08:51:55.0218 7808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:51:55.0234 7808 i8042prt - ok

08:51:55.0515 7808 iaimtv1 - ok

08:51:56.0156 7808 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

08:51:56.0421 7808 ialm - ok

08:51:56.0843 7808 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys

08:51:56.0859 7808 iaStor - ok

08:51:57.0015 7808 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

08:51:57.0031 7808 IDriverT - ok

08:51:57.0562 7808 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:51:57.0640 7808 idsvc - ok

08:51:58.0375 7808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:51:58.0406 7808 Imapi - ok

08:51:59.0453 7808 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

08:51:59.0468 7808 ImapiService - ok

08:52:00.0406 7808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:52:00.0421 7808 ini910u - ok

08:52:00.0843 7808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:52:00.0843 7808 IntelIde - ok

08:52:01.0296 7808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:52:01.0296 7808 intelppm - ok

08:52:01.0734 7808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:52:01.0734 7808 Ip6Fw - ok

08:52:02.0187 7808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:52:02.0187 7808 IpFilterDriver - ok

08:52:02.0625 7808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:52:02.0625 7808 IpInIp - ok

08:52:03.0093 7808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:52:03.0093 7808 IpNat - ok

08:52:03.0546 7808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:52:03.0546 7808 IPSec - ok

08:52:03.0984 7808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:52:03.0984 7808 IRENUM - ok

08:52:04.0468 7808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:52:04.0468 7808 isapnp - ok

08:52:04.0734 7808 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Program Files\Java\jre6\bin\jqs.exe

08:52:04.0750 7808 JavaQuickStarterService - ok

08:52:05.0218 7808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:52:05.0218 7808 Kbdclass - ok

08:52:05.0671 7808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:52:05.0671 7808 kbdhid - ok

08:52:06.0125 7808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:52:06.0125 7808 kmixer - ok

08:52:06.0546 7808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:52:06.0562 7808 KSecDD - ok

08:52:06.0937 7808 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe

08:52:06.0968 7808 KService - ok

08:52:07.0312 7808 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

08:52:07.0328 7808 lanmanserver - ok

08:52:07.0734 7808 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

08:52:07.0734 7808 lanmanworkstation - ok

08:52:08.0515 7808 lbrtfdc - ok

08:52:09.0171 7808 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

08:52:09.0203 7808 LmHosts - ok

08:52:09.0796 7808 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

08:52:09.0843 7808 LVCOMSer - ok

08:52:10.0421 7808 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

08:52:10.0421 7808 LVPr2Mon - ok

08:52:10.0656 7808 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

08:52:10.0671 7808 LVPrcSrv - ok

08:52:11.0125 7808 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

08:52:11.0140 7808 LVRS - ok

08:52:11.0593 7808 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

08:52:11.0593 7808 LVUSBSta - ok

08:52:12.0218 7808 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

08:52:12.0421 7808 LVUVC - ok

08:52:12.0968 7808 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys

08:52:12.0968 7808 massfilter - ok

08:52:13.0390 7808 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

08:52:13.0390 7808 MBAMProtector - ok

08:52:13.0531 7808 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:52:13.0546 7808 MBAMService - ok

08:52:13.0875 7808 mcafeeantispyware - ok

08:52:14.0125 7808 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

08:52:14.0140 7808 McComponentHostService - ok

08:52:14.0218 7808 McSysmon - ok

08:52:14.0640 7808 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:52:14.0640 7808 mdmxsdk - ok

08:52:15.0078 7808 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys

08:52:15.0093 7808 mdvrmng - ok

08:52:15.0437 7808 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

08:52:15.0437 7808 Messenger - ok

08:52:15.0906 7808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:52:15.0906 7808 mnmdd - ok

08:52:16.0250 7808 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

08:52:16.0250 7808 mnmsrvc - ok

08:52:16.0718 7808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:52:16.0718 7808 Modem - ok

08:52:17.0156 7808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:52:17.0171 7808 Mouclass - ok

08:52:17.0593 7808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:52:17.0593 7808 mouhid - ok

08:52:18.0046 7808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:52:18.0515 7808 MountMgr - ok

08:52:19.0343 7808 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

08:52:19.0343 7808 MPE - ok

08:52:19.0796 7808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:52:19.0796 7808 mraid35x - ok

08:52:20.0109 7808 mrobeservice - ok

08:52:20.0562 7808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:52:20.0578 7808 MRxDAV - ok

08:52:21.0015 7808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:52:21.0031 7808 MRxSmb - ok

08:52:21.0375 7808 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

08:52:21.0390 7808 MSDTC - ok

08:52:21.0859 7808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:52:21.0859 7808 Msfs - ok

08:52:22.0140 7808 MSIServer - ok

08:52:22.0562 7808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:52:22.0578 7808 MSKSSRV - ok

08:52:23.0031 7808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:52:23.0031 7808 MSPCLOCK - ok

08:52:23.0484 7808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:52:23.0484 7808 MSPQM - ok

08:52:23.0921 7808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:52:23.0921 7808 mssmbios - ok

08:52:24.0328 7808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

08:52:24.0343 7808 MSTEE - ok

08:52:24.0796 7808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:52:24.0796 7808 Mup - ok

08:52:25.0234 7808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:52:25.0234 7808 NABTSFEC - ok

08:52:25.0609 7808 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

08:52:25.0625 7808 napagent - ok

08:52:26.0109 7808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:52:26.0125 7808 NDIS - ok

08:52:26.0562 7808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:52:26.0562 7808 NdisIP - ok

08:52:27.0000 7808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:52:27.0000 7808 NdisTapi - ok

08:52:27.0484 7808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:52:27.0484 7808 Ndisuio - ok

08:52:27.0921 7808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:52:27.0953 7808 NdisWan - ok

08:52:28.0812 7808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:52:28.0812 7808 NDProxy - ok

08:52:29.0265 7808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:52:29.0265 7808 NetBIOS - ok

08:52:29.0703 7808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:52:29.0718 7808 NetBT - ok

08:52:30.0171 7808 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:52:30.0171 7808 NetDDE - ok

08:52:30.0187 7808 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:52:30.0187 7808 NetDDEdsdm - ok

08:52:30.0578 7808 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:52:30.0578 7808 Netlogon - ok

08:52:30.0937 7808 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

08:52:30.0937 7808 Netman - ok

08:52:31.0390 7808 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:52:31.0390 7808 NetTcpPortSharing - ok

08:52:32.0000 7808 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

08:52:32.0109 7808 NETw4x32 - ok

08:52:32.0562 7808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:52:32.0578 7808 NIC1394 - ok

08:52:32.0921 7808 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

08:52:32.0921 7808 Nla - ok

08:52:33.0421 7808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:52:33.0437 7808 Npfs - ok

08:52:33.0937 7808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:52:33.0953 7808 Ntfs - ok

08:52:34.0468 7808 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:52:34.0468 7808 NtLmSsp - ok

08:52:34.0890 7808 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

08:52:34.0906 7808 NtmsSvc - ok

08:52:35.0296 7808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:52:35.0296 7808 Null - ok

08:52:35.0765 7808 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:52:35.0843 7808 nv - ok

08:52:36.0281 7808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:52:36.0281 7808 NwlnkFlt - ok

08:52:36.0718 7808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:52:36.0718 7808 NwlnkFwd - ok

08:52:37.0187 7808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:52:37.0187 7808 ohci1394 - ok

08:52:37.0468 7808 olapserver - ok

08:52:38.0687 7808 om518p - ok

08:52:39.0328 7808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:52:39.0328 7808 Parport - ok

08:52:39.0796 7808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:52:39.0812 7808 PartMgr - ok

08:52:40.0218 7808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:52:40.0218 7808 ParVdm - ok

08:52:40.0687 7808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:52:40.0703 7808 PCI - ok

08:52:41.0062 7808 PCIDump - ok

08:52:41.0515 7808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:52:41.0515 7808 PCIIde - ok

08:52:41.0937 7808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:52:41.0937 7808 Pcmcia - ok

08:52:42.0234 7808 PDAgent (82d8354db7ce7131fb939e8482ddf511) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

08:52:42.0250 7808 PDAgent - ok

08:52:42.0671 7808 PDCOMP - ok

08:52:42.0953 7808 PDEngine (3719de4180e251ab91d8c183f2d949bf) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

08:52:42.0968 7808 PDEngine - ok

08:52:43.0343 7808 PDFRAME - ok

08:52:43.0703 7808 PDRELI - ok

08:52:44.0093 7808 PDRFRAME - ok

08:52:44.0500 7808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:52:44.0515 7808 perc2 - ok

08:52:44.0953 7808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:52:44.0953 7808 perc2hib - ok

08:52:45.0375 7808 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:52:45.0375 7808 PlugPlay - ok

08:52:45.0734 7808 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:52:45.0750 7808 PolicyAgent - ok

08:52:46.0031 7808 ppmoucls - ok

08:52:46.0468 7808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:52:46.0468 7808 PptpMiniport - ok

08:52:46.0843 7808 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Virgin Media\Security\BitDefender\profos.sys

08:52:46.0843 7808 Profos - ok

08:52:47.0265 7808 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:52:47.0281 7808 ProtectedStorage - ok

08:52:47.0718 7808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:52:47.0734 7808 PSched - ok

08:52:48.0171 7808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:52:48.0171 7808 Ptilink - ok

08:52:48.0578 7808 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:52:48.0593 7808 PxHelp20 - ok

08:52:48.0796 7808 QBCFMonitorService (d17625202e83cca34ca15702093a1d0f) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

08:52:48.0796 7808 QBCFMonitorService - ok

08:52:48.0968 7808 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

08:52:48.0968 7808 QBFCService - ok

08:52:49.0453 7808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:52:49.0453 7808 ql1080 - ok

08:52:49.0906 7808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:52:49.0906 7808 Ql10wnt - ok

08:52:50.0359 7808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:52:50.0359 7808 ql12160 - ok

08:52:50.0812 7808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:52:50.0812 7808 ql1240 - ok

08:52:51.0406 7808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:52:51.0406 7808 ql1280 - ok

08:52:51.0812 7808 Radialpoint Security Services (ac4ab3057bb489b25ea2ee2d718f2072) C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe

08:52:51.0812 7808 Radialpoint Security Services - ok

08:52:52.0359 7808 RadialpointIDSAgent (c4890ace6384522e9b678f403ab5a145) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe

08:52:52.0437 7808 RadialpointIDSAgent - ok

08:52:52.0500 7808 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys

08:52:52.0500 7808 RadialpointIDSDriver - ok

08:52:52.0937 7808 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys

08:52:52.0937 7808 RadialpointIDSEH - ok

08:52:53.0296 7808 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys

08:52:53.0296 7808 RadialpointIDSFilter - ok

08:52:53.0328 7808 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys

08:52:53.0328 7808 RadialpointIDSShim - ok

08:52:53.0828 7808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:52:53.0828 7808 RasAcd - ok

08:52:54.0296 7808 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

08:52:54.0296 7808 RasAuto - ok

08:52:54.0781 7808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:52:54.0781 7808 Rasl2tp - ok

08:52:55.0140 7808 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

08:52:55.0156 7808 RasMan - ok

08:52:55.0593 7808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:52:55.0593 7808 RasPppoe - ok

08:52:55.0984 7808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:52:55.0984 7808 Raspti - ok

08:52:56.0437 7808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:52:56.0437 7808 Rdbss - ok

08:52:56.0875 7808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:52:56.0875 7808 RDPCDD - ok

08:52:57.0343 7808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:52:57.0343 7808 rdpdr - ok

08:52:57.0781 7808 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

08:52:57.0781 7808 RDPWD - ok

08:52:58.0437 7808 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

08:52:58.0718 7808 RDSessMgr - ok

08:52:59.0343 7808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:52:59.0343 7808 redbook - ok

08:52:59.0515 7808 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

08:52:59.0515 7808 RegSrvc - ok

08:52:59.0859 7808 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

08:52:59.0875 7808 RemoteAccess - ok

08:53:00.0265 7808 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

08:53:00.0265 7808 RemoteRegistry - ok

08:53:00.0671 7808 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

08:53:00.0671 7808 RFCOMM - ok

08:53:01.0125 7808 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

08:53:01.0125 7808 rimmptsk - ok

08:53:01.0687 7808 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

08:53:01.0687 7808 rimsptsk - ok

08:53:01.0953 7808 RIOXDRV - ok

08:53:02.0406 7808 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

08:53:02.0421 7808 rismxdp - ok

08:53:02.0765 7808 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

08:53:02.0781 7808 RoxMediaDB9 - ok

08:53:02.0875 7808 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

08:53:02.0875 7808 RoxWatch9 - ok

08:53:03.0218 7808 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

08:53:03.0218 7808 RpcLocator - ok

08:53:04.0281 7808 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:53:04.0281 7808 RpcSs - ok

08:53:04.0843 7808 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys

08:53:04.0843 7808 RPPKT - ok

08:53:05.0281 7808 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys

08:53:05.0281 7808 RPSKT - ok

08:53:05.0625 7808 RP_FWS (72612cc96156957adfdfe35aaa456a36) C:\Program Files\Virgin Media\Security\Fws.exe

08:53:05.0640 7808 RP_FWS - ok

08:53:06.0046 7808 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

08:53:06.0046 7808 RSVP - ok

08:53:06.0406 7808 rtl8185 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\CBN.dll

08:53:06.0421 7808 rtl8185 ( Backdoor.Multi.ZAccess.gen ) - infected

08:53:06.0421 7808 rtl8185 - detected Backdoor.Multi.ZAccess.gen (0)

08:53:06.0718 7808 rtm - ok

08:53:07.0000 7808 RushTopDevice - ok

08:53:07.0203 7808 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

08:53:07.0296 7808 S24EventMonitor - ok

08:53:07.0765 7808 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

08:53:07.0765 7808 s24trans - ok

08:53:08.0437 7808 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:53:08.0437 7808 SamSs - ok

08:53:08.0968 7808 scan (4bea90f7d79143cc2135e2c5e85c9eb0) C:\Program Files\Virgin Media\Security\BitDefender\scan.dll

08:53:08.0984 7808 scan - ok

08:53:09.0406 7808 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

08:53:09.0406 7808 SCardSvr - ok

08:53:09.0796 7808 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

08:53:09.0796 7808 Schedule - ok

08:53:10.0265 7808 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

08:53:10.0265 7808 sdbus - ok

08:53:10.0562 7808 SE2Dbus - ok

08:53:10.0968 7808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:53:10.0984 7808 Secdrv - ok

08:53:11.0359 7808 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

08:53:11.0375 7808 seclogon - ok

08:53:11.0734 7808 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

08:53:11.0734 7808 SENS - ok

08:53:12.0156 7808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:53:12.0156 7808 serenum - ok

08:53:12.0609 7808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:53:12.0609 7808 Serial - ok

08:53:13.0218 7808 ServicepointService (3c5253de64f5a83836f063bd38b91d89) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

08:53:13.0296 7808 ServicepointService - ok

08:53:13.0734 7808 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

08:53:13.0750 7808 sffdisk - ok

08:53:14.0187 7808 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

08:53:14.0187 7808 sffp_sd - ok

08:53:14.0640 7808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:53:14.0640 7808 Sfloppy - ok

08:53:14.0937 7808 sfvfs02 - ok

08:53:15.0296 7808 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

08:53:15.0312 7808 SharedAccess - ok

08:53:15.0656 7808 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:53:15.0656 7808 ShellHWDetection - ok

08:53:16.0046 7808 Simbad - ok

08:53:16.0453 7808 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:53:16.0453 7808 sisagp - ok

08:53:16.0781 7808 SiSGbeXP - ok

08:53:17.0062 7808 slabbus - ok

08:53:17.0500 7808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:53:17.0500 7808 SLIP - ok

08:53:17.0937 7808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:53:17.0937 7808 Sparrow - ok

08:53:18.0406 7808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:53:18.0406 7808 splitter - ok

08:53:18.0750 7808 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

08:53:18.0765 7808 Spooler - ok

08:53:18.0921 7808 sprtsvc_dellsupportcenter - ok

08:53:19.0359 7808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:53:19.0359 7808 sr - ok

08:53:19.0718 7808 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

08:53:19.0734 7808 srservice - ok

08:53:20.0187 7808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:53:20.0203 7808 Srv - ok

08:53:20.0640 7808 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

08:53:20.0640 7808 SSDPSRV - ok

08:53:21.0015 7808 StarOpen - ok

08:53:21.0515 7808 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys

08:53:21.0531 7808 STHDA - ok

08:53:21.0968 7808 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

08:53:22.0046 7808 stisvc - ok

08:53:22.0234 7808 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

08:53:22.0234 7808 stllssvr - ok

08:53:22.0843 7808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:53:22.0843 7808 streamip - ok

08:53:23.0875 7808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:53:23.0890 7808 swenum - ok

08:53:24.0359 7808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:53:24.0359 7808 swmidi - ok

08:53:24.0640 7808 SwPrv - ok

08:53:25.0078 7808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:53:25.0078 7808 symc810 - ok

08:53:25.0531 7808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:53:25.0531 7808 symc8xx - ok

08:53:25.0968 7808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:53:25.0968 7808 sym_hi - ok

08:53:26.0406 7808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:53:26.0421 7808 sym_u3 - ok

08:53:26.0812 7808 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

08:53:26.0812 7808 SynTP - ok

08:53:27.0265 7808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:53:27.0265 7808 sysaudio - ok

08:53:27.0593 7808 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

08:53:27.0593 7808 SysmonLog - ok

08:53:28.0046 7808 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\WINDOWS\system32\DRIVERS\tap0901.sys

08:53:28.0062 7808 tap0901 - ok

08:53:28.0687 7808 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

08:53:28.0687 7808 taphss - ok

08:53:29.0046 7808 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

08:53:29.0062 7808 TapiSrv - ok

08:53:29.0765 7808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:53:29.0781 7808 Tcpip - ok

08:53:30.0750 7808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:53:30.0750 7808 TDPIPE - ok

08:53:31.0203 7808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:53:31.0203 7808 TDTCP - ok

08:53:31.0671 7808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:53:31.0671 7808 TermDD - ok

08:53:32.0031 7808 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

08:53:32.0031 7808 TermService - ok

08:53:32.0375 7808 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:53:32.0375 7808 Themes - ok

08:53:32.0734 7808 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

08:53:32.0750 7808 TlntSvr - ok

08:53:33.0609 7808 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

08:53:33.0640 7808 toshidpt - ok

08:53:34.0328 7808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:53:34.0390 7808 TosIde - ok

08:53:35.0406 7808 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys

08:53:35.0421 7808 tosporte - ok

08:53:36.0109 7808 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys

08:53:36.0109 7808 Tosrfbd - ok

08:53:36.0546 7808 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

08:53:36.0546 7808 Tosrfbnp - ok

08:53:36.0984 7808 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

08:53:36.0984 7808 Tosrfcom - ok

08:53:37.0406 7808 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

08:53:37.0421 7808 Tosrfhid - ok

08:53:37.0843 7808 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

08:53:37.0843 7808 tosrfnds - ok

08:53:38.0265 7808 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys

08:53:38.0265 7808 TosRfSnd - ok

08:53:38.0687 7808 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys

08:53:38.0703 7808 Tosrfusb - ok

08:53:39.0062 7808 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

08:53:39.0062 7808 TrkWks - ok

08:53:39.0421 7808 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys

08:53:39.0421 7808 Trufos - ok

08:53:39.0906 7808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:53:39.0906 7808 Udfs - ok

08:53:40.0359 7808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:53:40.0375 7808 ultra - ok

08:53:40.0828 7808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:53:40.0843 7808 Update - ok

08:53:41.0187 7808 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

08:53:41.0203 7808 upnphost - ok

08:53:41.0562 7808 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

08:53:41.0562 7808 UPS - ok

08:53:42.0015 7808 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

08:53:42.0031 7808 usbaudio - ok

08:53:42.0468 7808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:53:42.0468 7808 usbccgp - ok

08:53:43.0359 7808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:53:43.0375 7808 usbehci - ok

08:53:44.0234 7808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:53:44.0265 7808 usbhub - ok

08:53:44.0859 7808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:53:44.0859 7808 usbprint - ok

08:53:45.0390 7808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:53:45.0390 7808 usbscan - ok

08:53:45.0843 7808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:53:45.0843 7808 USBSTOR - ok

08:53:46.0281 7808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:53:46.0281 7808 usbuhci - ok

08:53:46.0703 7808 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

08:53:46.0703 7808 usb_rndisx - ok

08:53:47.0187 7808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:53:47.0187 7808 VgaSave - ok

08:53:47.0609 7808 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:53:47.0609 7808 viaagp - ok

08:53:48.0062 7808 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:53:48.0062 7808 ViaIde - ok

08:53:48.0515 7808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:53:48.0531 7808 VolSnap - ok

08:53:48.0812 7808 vpn5000service - ok

08:53:49.0296 7808 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

08:53:49.0359 7808 VSS - ok

08:53:49.0875 7808 VX1000 (2fbf9e882fc28a315a86aa1f831c144e) C:\WINDOWS\system32\DRIVERS\VX1000.sys

08:53:49.0984 7808 VX1000 - ok

08:53:50.0359 7808 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

08:53:50.0375 7808 w32time - ok

08:53:50.0828 7808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:53:50.0828 7808 Wanarp - ok

08:53:51.0421 7808 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

08:53:51.0421 7808 wceusbsh - ok

08:53:51.0812 7808 WDICA - ok

08:53:52.0265 7808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:53:52.0265 7808 wdmaud - ok

08:53:52.0640 7808 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

08:53:52.0656 7808 WebClient - ok

08:53:53.0078 7808 webdriveservice - ok

08:53:53.0968 7808 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:53:53.0984 7808 winachsf - ok

08:53:54.0437 7808 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

08:53:54.0437 7808 winmgmt - ok

08:53:54.0671 7808 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

08:53:54.0687 7808 WLANKEEPER - ok

08:53:55.0031 7808 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

08:53:55.0031 7808 WmdmPmSN - ok

08:53:55.0468 7808 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

08:53:55.0484 7808 Wmi - ok

08:53:55.0937 7808 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

08:53:55.0937 7808 WmiAcpi - ok

08:53:56.0359 7808 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:53:56.0359 7808 WmiApSrv - ok

08:53:56.0578 7808 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

08:53:56.0640 7808 WMPNetworkSvc - ok

08:53:57.0093 7808 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

08:53:57.0093 7808 WpdUsb - ok

08:53:57.0546 7808 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:53:57.0546 7808 WS2IFSL - ok

08:53:57.0859 7808 WSIMD - ok

08:53:58.0281 7808 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:53:58.0281 7808 WSTCODEC - ok

08:53:58.0656 7808 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

08:53:58.0687 7808 wuauserv - ok

08:53:59.0140 7808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:53:59.0140 7808 WudfPf - ok

08:53:59.0562 7808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:53:59.0578 7808 WudfRd - ok

08:53:59.0937 7808 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

08:53:59.0953 7808 WudfSvc - ok

08:54:00.0375 7808 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

08:54:00.0390 7808 WZCSVC - ok

08:54:00.0781 7808 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

08:54:00.0796 7808 xmlprov - ok

08:54:01.0218 7808 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

08:54:01.0234 7808 ZTEusbmdm6k - ok

08:54:01.0671 7808 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

08:54:01.0687 7808 ZTEusbnmea - ok

08:54:02.0140 7808 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

08:54:02.0140 7808 ZTEusbser6k - ok

08:54:02.0203 7808 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

08:54:02.0265 7808 \Device\Harddisk0\DR0 - ok

08:54:02.0328 7808 Boot (0x1200) (043fd301fd2a1031cd72139f058fabbf) \Device\Harddisk0\DR0\Partition0

08:54:02.0328 7808 \Device\Harddisk0\DR0\Partition0 - ok

08:54:02.0328 7808 ============================================================

08:54:02.0328 7808 Scan finished

08:54:02.0328 7808 ============================================================

08:54:02.0343 7396 Detected object count: 3

08:54:02.0343 7396 Actual detected object count: 3

08:54:48.0156 7396 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine

08:54:48.0609 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\@ - copied to quarantine

08:54:48.0625 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\cfg.ini - copied to quarantine

08:54:48.0640 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\Desktop.ini - copied to quarantine

08:54:48.0671 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\L\iahonoel - copied to quarantine

08:54:48.0671 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\oemid - copied to quarantine

08:54:48.0718 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\00000001.@ - copied to quarantine

08:54:48.0812 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\00000002.@ - copied to quarantine

08:54:48.0812 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\00000004.@ - copied to quarantine

08:54:48.0828 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\80000000.@ - copied to quarantine

08:54:48.0828 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\80000004.@ - copied to quarantine

08:54:48.0843 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\80000032.@ - copied to quarantine

08:54:48.0890 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\version - copied to quarantine

08:54:50.0046 7396 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813

08:54:52.0109 7396 Backup copy found, using it..

08:54:52.0125 7396 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot

08:55:19.0953 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\@ - will be deleted on reboot

08:55:19.0953 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\cfg.ini - will be deleted on reboot

08:55:19.0953 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\Desktop.ini - will be deleted on reboot

08:55:20.0000 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\oemid - will be deleted on reboot

08:55:20.0000 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\00000001.@ - will be deleted on reboot

08:55:20.0000 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\00000002.@ - will be deleted on reboot

08:55:20.0000 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\00000004.@ - will be deleted on reboot

08:55:20.0000 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\80000000.@ - will be deleted on reboot

08:55:20.0015 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\80000004.@ - will be deleted on reboot

08:55:20.0015 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\U\80000032.@ - will be deleted on reboot

08:55:20.0015 7396 C:\WINDOWS\$NtUninstallKB30856$\3828915376\version - will be deleted on reboot

08:55:20.0015 7396 C:\WINDOWS\$NtUninstallKB30856$\4028548625 - will be deleted on reboot

08:55:20.0031 7396 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure

08:55:20.0031 7396 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

08:55:20.0031 7396 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

08:55:20.0468 7396 C:\WINDOWS\system32\CBN.dll - copied to quarantine

08:55:20.0468 7396 HKLM\SYSTEM\ControlSet001\services\rtl8185 - will be deleted on reboot

08:55:20.0468 7396 HKLM\SYSTEM\ControlSet002\services\rtl8185 - will be deleted on reboot

08:55:20.0468 7396 C:\WINDOWS\system32\CBN.dll - will be deleted on reboot

08:55:20.0468 7396 rtl8185 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

08:55:33.0468 0220 Deinitialize success

[duncanad]

2nd Scan Log

08:55:36.0093 5220 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

08:55:36.0328 5220 ============================================================

08:55:36.0328 5220 Current date / time: 2012/04/16 08:55:36.0328

08:55:36.0328 5220 SystemInfo:

08:55:36.0328 5220

08:55:36.0328 5220 OS Version: 5.1.2600 ServicePack: 3.0

08:55:36.0328 5220 Product type: Workstation

08:55:36.0328 5220 ComputerName: GRUMPS

08:55:36.0328 5220 UserName: duncanad

08:55:36.0328 5220 Windows directory: C:\WINDOWS

08:55:36.0328 5220 System windows directory: C:\WINDOWS

08:55:36.0328 5220 Processor architecture: Intel x86

08:55:36.0328 5220 Number of processors: 2

08:55:36.0328 5220 Page size: 0x1000

08:55:36.0328 5220 Boot type: Normal boot

08:55:36.0328 5220 ============================================================

08:55:36.0718 5220 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

08:55:36.0718 5220 \Device\Harddisk0\DR0:

08:55:36.0718 5220 MBR used

08:55:36.0718 5220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3AD4F, BlocksNum 0x11E40DFC

08:55:36.0875 5220 Initialize success

08:55:36.0875 5220 ============================================================

08:55:57.0859 6172 ============================================================

08:55:57.0859 6172 Scan started

08:55:57.0859 6172 Mode: Manual; TDLFS;

08:55:57.0859 6172 ============================================================

08:55:58.0984 6172 70044868 (58169ffb207940d4d84b4e85db02cc1e) C:\WINDOWS\system32\drivers\69194838.sys

08:55:59.0359 6172 Abiosdsk - ok

08:55:59.0781 6172 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

08:55:59.0781 6172 abp480n5 - ok

08:55:59.0953 6172 ACDaemon - ok

08:56:00.0421 6172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:56:00.0421 6172 ACPI - ok

08:56:00.0843 6172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:56:00.0843 6172 ACPIEC - ok

08:56:00.0984 6172 Adobe LM Service (d2667e242552e8ca866af4fd0e7ca91a) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

08:56:00.0984 6172 Adobe LM Service - ok

08:56:01.0156 6172 AdobeActiveFileMonitor5.0 (ed71cb1acb268552157bfc34746b7190) C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

08:56:01.0156 6172 AdobeActiveFileMonitor5.0 - ok

08:56:01.0593 6172 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

08:56:01.0593 6172 AdobeFlashPlayerUpdateSvc - ok

08:56:02.0046 6172 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

08:56:02.0046 6172 adpu160m - ok

08:56:02.0484 6172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:56:02.0484 6172 aec - ok

08:56:02.0906 6172 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

08:56:02.0921 6172 AegisP - ok

08:56:03.0359 6172 AF15BDA (6e1cc5aa9817cd13fbceb35dac0a77f7) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys

08:56:03.0359 6172 AF15BDA - ok

08:56:03.0781 6172 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys

08:56:03.0781 6172 Afc - ok

08:56:04.0171 6172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\system32\drivers\tsk1D.tmp

08:56:04.0171 6172 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\tsk1D.tmp. md5: 1e44bc1e83d8fd2305f8d452db109cf9

08:56:04.0593 6172 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

08:56:04.0609 6172 agp440 - ok

08:56:05.0031 6172 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

08:56:05.0031 6172 agpCPQ - ok

08:56:05.0468 6172 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

08:56:05.0468 6172 Aha154x - ok

08:56:05.0906 6172 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

08:56:05.0906 6172 aic78u2 - ok

08:56:06.0343 6172 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

08:56:06.0343 6172 aic78xx - ok

08:56:06.0656 6172 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll

08:56:06.0656 6172 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7

08:56:06.0671 6172 Akamai ( HiddenFile.Multi.Generic ) - warning

08:56:06.0671 6172 Akamai - detected HiddenFile.Multi.Generic (1)

08:56:07.0109 6172 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\WINDOWS\system32\DRIVERS\alcan5wn.sys

08:56:07.0109 6172 alcan5wn - ok

08:56:07.0562 6172 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys

08:56:07.0562 6172 alcaudsl - ok

08:56:07.0906 6172 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

08:56:07.0906 6172 Alerter - ok

08:56:08.0265 6172 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

08:56:08.0265 6172 ALG - ok

08:56:08.0687 6172 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

08:56:08.0687 6172 AliIde - ok

08:56:09.0140 6172 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

08:56:09.0140 6172 alim1541 - ok

08:56:09.0578 6172 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

08:56:09.0578 6172 amdagp - ok

08:56:10.0031 6172 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

08:56:10.0031 6172 amsint - ok

08:56:10.0484 6172 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

08:56:10.0484 6172 APPDRV - ok

08:56:10.0828 6172 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

08:56:10.0843 6172 AppMgmt - ok

08:56:11.0281 6172 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

08:56:11.0296 6172 Arp1394 - ok

08:56:11.0718 6172 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

08:56:11.0718 6172 asc - ok

08:56:12.0156 6172 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

08:56:12.0171 6172 asc3350p - ok

08:56:12.0609 6172 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

08:56:12.0609 6172 asc3550 - ok

08:56:13.0234 6172 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

08:56:13.0234 6172 aspnet_state - ok

08:56:13.0718 6172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:56:13.0718 6172 AsyncMac - ok

08:56:14.0187 6172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:56:14.0203 6172 atapi - ok

08:56:14.0562 6172 Atdisk - ok

08:56:14.0843 6172 ati2mtag - ok

08:56:15.0250 6172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:56:15.0250 6172 Atmarpc - ok

08:56:15.0546 6172 ATMsrvc - ok

08:56:15.0906 6172 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

08:56:15.0906 6172 AudioSrv - ok

08:56:16.0515 6172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:56:16.0515 6172 audstub - ok

08:56:16.0796 6172 axinstsv - ok

08:56:17.0250 6172 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

08:56:17.0250 6172 bcm4sbxp - ok

08:56:17.0671 6172 BCOREUSB (40f8c4c10ed67b1de44abf82582bac37) C:\WINDOWS\system32\Drivers\BCOREUSB.sys

08:56:17.0671 6172 BCOREUSB - ok

08:56:17.0984 6172 bc_pat_f - ok

08:56:19.0187 6172 BDA_Capture_220A (75157fd218b7de96adc6c71addcc8225) C:\WINDOWS\system32\Drivers\BDA_Capture_220A.sys

08:56:19.0187 6172 BDA_Capture_220A - ok

08:56:19.0625 6172 BDA_Loader_220A (3d0904c089481364c4ba9817153c78a0) C:\WINDOWS\system32\Drivers\BDA_Loader_220A.sys

08:56:19.0640 6172 BDA_Loader_220A - ok

08:56:20.0093 6172 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys

08:56:20.0109 6172 bdfsfltr - ok

08:56:20.0500 6172 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

08:56:20.0531 6172 BecHelperService - ok

08:56:20.0984 6172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:56:20.0984 6172 Beep - ok

08:56:21.0359 6172 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

08:56:21.0359 6172 BITS - ok

08:56:21.0500 6172 Bluetooth Hid Switch Service (b26e18adaa16e507166e3b61e79a1e25) C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe

08:56:21.0515 6172 Bluetooth Hid Switch Service - ok

08:56:21.0640 6172 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

08:56:21.0656 6172 Bonjour Service - ok

08:56:22.0015 6172 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

08:56:22.0015 6172 Browser - ok

08:56:22.0312 6172 BrUsbSer - ok

08:56:22.0734 6172 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

08:56:22.0734 6172 BthEnum - ok

08:56:23.0171 6172 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

08:56:23.0171 6172 BthPan - ok

08:56:23.0640 6172 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys

08:56:23.0640 6172 BTHPORT - ok

08:56:24.0000 6172 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll

08:56:24.0015 6172 BthServ - ok

08:56:24.0437 6172 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

08:56:24.0437 6172 BTHUSB - ok

08:56:24.0859 6172 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

08:56:24.0859 6172 cbidf - ok

08:56:25.0296 6172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:56:25.0312 6172 cbidf2k - ok

08:56:25.0765 6172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:56:25.0765 6172 CCDECODE - ok

08:56:26.0187 6172 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

08:56:26.0187 6172 cd20xrnt - ok

08:56:26.0656 6172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:56:26.0671 6172 Cdaudio - ok

08:56:27.0093 6172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:56:27.0093 6172 Cdfs - ok

08:56:27.0546 6172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:56:27.0546 6172 Cdrom - ok

08:56:27.0906 6172 Changer - ok

08:56:28.0234 6172 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

08:56:28.0234 6172 CiSvc - ok

08:56:28.0578 6172 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

08:56:28.0578 6172 ClipSrv - ok

08:56:29.0125 6172 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:56:29.0125 6172 clr_optimization_v2.0.50727_32 - ok

08:56:29.0609 6172 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

08:56:29.0609 6172 CmBatt - ok

08:56:30.0156 6172 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

08:56:30.0156 6172 CmdIde - ok

08:56:30.0609 6172 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

08:56:30.0625 6172 Compbatt - ok

08:56:30.0906 6172 COMSysApp - ok

08:56:31.0343 6172 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

08:56:31.0343 6172 Cpqarray - ok

08:56:31.0718 6172 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

08:56:31.0718 6172 CryptSvc - ok

08:56:32.0156 6172 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

08:56:32.0171 6172 dac2w2k - ok

08:56:32.0593 6172 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

08:56:32.0593 6172 dac960nt - ok

08:56:32.0984 6172 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:56:33.0000 6172 DcomLaunch - ok

08:56:33.0843 6172 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys

08:56:33.0843 6172 DefragFS - ok

08:56:34.0156 6172 DgiVecp - ok

08:56:34.0515 6172 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

08:56:34.0515 6172 Dhcp - ok

08:56:34.0953 6172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:56:34.0968 6172 Disk - ok

08:56:35.0390 6172 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

08:56:35.0390 6172 DLABMFSM - ok

08:56:35.0812 6172 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

08:56:35.0812 6172 DLABOIOM - ok

08:56:36.0265 6172 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

08:56:36.0281 6172 DLACDBHM - ok

08:56:36.0687 6172 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS

08:56:36.0687 6172 DLADResM - ok

08:56:37.0046 6172 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

08:56:37.0046 6172 DLAIFS_M - ok

08:56:37.0468 6172 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

08:56:37.0468 6172 DLAOPIOM - ok

08:56:37.0890 6172 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

08:56:37.0890 6172 DLAPoolM - ok

08:56:38.0343 6172 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

08:56:38.0343 6172 DLARTL_M - ok

08:56:38.0703 6172 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

08:56:38.0703 6172 DLAUDFAM - ok

08:56:39.0062 6172 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

08:56:39.0078 6172 DLAUDF_M - ok

08:56:39.0359 6172 dmadmin - ok

08:56:39.0828 6172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:56:39.0828 6172 dmboot - ok

08:56:40.0281 6172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:56:40.0296 6172 dmio - ok

08:56:40.0687 6172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:56:40.0687 6172 dmload - ok

08:56:41.0046 6172 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

08:56:41.0046 6172 dmserver - ok

08:56:41.0687 6172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:56:41.0687 6172 DMusic - ok

08:56:42.0015 6172 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

08:56:42.0015 6172 Dnscache - ok

08:56:42.0390 6172 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

08:56:42.0390 6172 Dot3svc - ok

08:56:42.0859 6172 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

08:56:42.0859 6172 dpti2o - ok

08:56:43.0718 6172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:56:43.0718 6172 drmkaud - ok

08:56:44.0281 6172 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

08:56:44.0281 6172 DRVMCDB - ok

08:56:44.0718 6172 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

08:56:44.0718 6172 DRVNDDM - ok

08:56:45.0171 6172 DXEC02 (0c8762b91b967a91373e0e022b62acfc) C:\WINDOWS\system32\drivers\dxec02.sys

08:56:45.0171 6172 DXEC02 - ok

08:56:45.0609 6172 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

08:56:45.0609 6172 E100B - ok

08:56:45.0953 6172 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

08:56:45.0968 6172 EapHost - ok

08:56:46.0265 6172 egathdrv - ok

08:56:46.0562 6172 Epfwndis - ok

08:56:46.0843 6172 epson_pm_rpcv2_02 - ok

08:56:47.0218 6172 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

08:56:47.0218 6172 ERSvc - ok

08:56:47.0578 6172 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:56:47.0593 6172 Eventlog - ok

08:56:47.0937 6172 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

08:56:47.0953 6172 EventSystem - ok

08:56:48.0187 6172 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

08:56:48.0187 6172 EvtEng - ok

08:56:48.0656 6172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:56:48.0656 6172 Fastfat - ok

08:56:49.0000 6172 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:56:49.0015 6172 FastUserSwitchingCompatibility - ok

08:56:49.0390 6172 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe

08:56:49.0406 6172 Fax - ok

08:56:49.0828 6172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:56:49.0843 6172 Fdc - ok

08:56:50.0281 6172 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

08:56:50.0281 6172 FilterService - ok

08:56:50.0734 6172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:56:50.0734 6172 Fips - ok

08:56:51.0171 6172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:56:51.0187 6172 Flpydisk - ok

08:56:51.0640 6172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:56:51.0640 6172 FltMgr - ok

08:56:52.0046 6172 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

08:56:52.0046 6172 FontCache3.0.0.0 - ok

08:56:52.0468 6172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:56:52.0468 6172 Fs_Rec - ok

08:56:52.0921 6172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:56:52.0921 6172 Ftdisk - ok

08:56:53.0750 6172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:56:53.0750 6172 Gpc - ok

08:56:54.0109 6172 GTPTSER - ok

08:56:54.0343 6172 gupdate1ca5a75a727b093 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

08:56:54.0359 6172 gupdate1ca5a75a727b093 - ok

08:56:54.0359 6172 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

08:56:54.0359 6172 gupdatem - ok

08:56:54.0453 6172 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

08:56:54.0468 6172 gusvc - ok

08:56:54.0906 6172 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:56:54.0906 6172 HDAudBus - ok

08:56:55.0250 6172 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

08:56:55.0265 6172 helpsvc - ok

08:56:55.0593 6172 HidServ - ok

08:56:56.0046 6172 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:56:56.0046 6172 HidUsb - ok

08:56:56.0375 6172 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

08:56:56.0390 6172 hkmsvc - ok

08:56:56.0843 6172 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

08:56:56.0843 6172 hpn - ok

08:56:57.0140 6172 HsdService (45a033481b6eccc4534e14b6e2416a00) C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe

08:56:57.0156 6172 HsdService - ok

08:56:57.0656 6172 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

08:56:57.0656 6172 HSFHWAZL - ok

08:56:58.0140 6172 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

08:56:58.0140 6172 HSF_DPV - ok

08:56:58.0625 6172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:56:58.0625 6172 HTTP - ok

08:56:59.0000 6172 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

08:56:59.0000 6172 HTTPFilter - ok

08:56:59.0437 6172 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

08:56:59.0437 6172 i2omgmt - ok

08:56:59.0890 6172 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

08:56:59.0890 6172 i2omp - ok

08:57:00.0343 6172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:57:00.0359 6172 i8042prt - ok

08:57:00.0640 6172 iaimtv1 - ok

08:57:01.0359 6172 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

08:57:01.0437 6172 ialm - ok

08:57:01.0812 6172 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys

08:57:01.0812 6172 iaStor - ok

08:57:01.0968 6172 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

08:57:01.0968 6172 IDriverT - ok

08:57:02.0484 6172 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

08:57:02.0500 6172 idsvc - ok

08:57:03.0015 6172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:57:03.0015 6172 Imapi - ok

08:57:03.0671 6172 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

08:57:03.0687 6172 ImapiService - ok

08:57:04.0125 6172 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

08:57:04.0125 6172 ini910u - ok

08:57:04.0546 6172 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

08:57:04.0546 6172 IntelIde - ok

08:57:05.0015 6172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

08:57:05.0015 6172 intelppm - ok

08:57:05.0453 6172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:57:05.0453 6172 Ip6Fw - ok

08:57:05.0906 6172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:57:05.0906 6172 IpFilterDriver - ok

08:57:06.0343 6172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:57:06.0343 6172 IpInIp - ok

08:57:06.0812 6172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:57:06.0812 6172 IpNat - ok

08:57:07.0250 6172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:57:07.0265 6172 IPSec - ok

08:57:07.0703 6172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:57:07.0703 6172 IRENUM - ok

08:57:08.0171 6172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:57:08.0187 6172 isapnp - ok

08:57:08.0453 6172 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Program Files\Java\jre6\bin\jqs.exe

08:57:08.0453 6172 JavaQuickStarterService - ok

08:57:08.0906 6172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:57:08.0906 6172 Kbdclass - ok

08:57:09.0484 6172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:57:09.0484 6172 kbdhid - ok

08:57:09.0937 6172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:57:09.0937 6172 kmixer - ok

08:57:10.0375 6172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:57:10.0375 6172 KSecDD - ok

08:57:10.0765 6172 KService (70ceefe43cb746dd04a884c84a7ebaa3) C:\Program Files\Kontiki\KService.exe

08:57:10.0796 6172 KService - ok

08:57:11.0125 6172 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

08:57:11.0140 6172 lanmanserver - ok

08:57:11.0531 6172 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

08:57:11.0546 6172 lanmanworkstation - ok

08:57:11.0921 6172 lbrtfdc - ok

08:57:12.0281 6172 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

08:57:12.0281 6172 LmHosts - ok

08:57:12.0515 6172 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

08:57:12.0531 6172 LVCOMSer - ok

08:57:12.0953 6172 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

08:57:12.0968 6172 LVPr2Mon - ok

08:57:13.0187 6172 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

08:57:13.0187 6172 LVPrcSrv - ok

08:57:13.0640 6172 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys

08:57:13.0656 6172 LVRS - ok

08:57:14.0109 6172 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

08:57:14.0109 6172 LVUSBSta - ok

08:57:14.0734 6172 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

08:57:14.0812 6172 LVUVC - ok

08:57:15.0265 6172 massfilter (09721f2c56681a83c93ecdfab8b102a9) C:\WINDOWS\system32\drivers\massfilter.sys

08:57:15.0265 6172 massfilter - ok

08:57:15.0687 6172 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys

08:57:15.0687 6172 MBAMProtector - ok

08:57:15.0843 6172 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

08:57:15.0859 6172 MBAMService - ok

08:57:16.0156 6172 mcafeeantispyware - ok

08:57:16.0406 6172 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

08:57:16.0406 6172 McComponentHostService - ok

08:57:16.0484 6172 McSysmon - ok

08:57:16.0921 6172 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

08:57:16.0921 6172 mdmxsdk - ok

08:57:17.0343 6172 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys

08:57:17.0343 6172 mdvrmng - ok

08:57:17.0703 6172 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

08:57:17.0718 6172 Messenger - ok

08:57:18.0218 6172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:57:18.0218 6172 mnmdd - ok

08:57:18.0953 6172 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

08:57:18.0968 6172 mnmsrvc - ok

08:57:19.0421 6172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:57:19.0421 6172 Modem - ok

08:57:19.0859 6172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:57:19.0875 6172 Mouclass - ok

08:57:20.0296 6172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:57:20.0296 6172 mouhid - ok

08:57:20.0734 6172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:57:20.0750 6172 MountMgr - ok

08:57:21.0187 6172 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

08:57:21.0187 6172 MPE - ok

08:57:21.0609 6172 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

08:57:21.0609 6172 mraid35x - ok

08:57:21.0921 6172 mrobeservice - ok

08:57:22.0375 6172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:57:22.0375 6172 MRxDAV - ok

08:57:22.0734 6172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:57:22.0750 6172 MRxSmb - ok

08:57:23.0109 6172 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

08:57:23.0109 6172 MSDTC - ok

08:57:23.0562 6172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:57:23.0562 6172 Msfs - ok

08:57:23.0843 6172 MSIServer - ok

08:57:24.0281 6172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:57:24.0281 6172 MSKSSRV - ok

08:57:24.0734 6172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:57:24.0750 6172 MSPCLOCK - ok

08:57:25.0187 6172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:57:25.0203 6172 MSPQM - ok

08:57:25.0640 6172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:57:25.0656 6172 mssmbios - ok

08:57:26.0046 6172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

08:57:26.0046 6172 MSTEE - ok

08:57:26.0531 6172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:57:26.0531 6172 Mup - ok

08:57:26.0968 6172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:57:26.0968 6172 NABTSFEC - ok

08:57:27.0343 6172 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

08:57:27.0359 6172 napagent - ok

08:57:27.0843 6172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:57:27.0843 6172 NDIS - ok

08:57:28.0625 6172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:57:28.0625 6172 NdisIP - ok

08:57:29.0187 6172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:57:29.0187 6172 NdisTapi - ok

08:57:29.0656 6172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:57:29.0656 6172 Ndisuio - ok

08:57:30.0156 6172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:57:30.0171 6172 NdisWan - ok

08:57:30.0578 6172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:57:30.0578 6172 NDProxy - ok

08:57:31.0062 6172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:57:31.0062 6172 NetBIOS - ok

08:57:31.0500 6172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:57:31.0515 6172 NetBT - ok

08:57:31.0859 6172 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:57:31.0859 6172 NetDDE - ok

08:57:31.0875 6172 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

08:57:31.0875 6172 NetDDEdsdm - ok

08:57:32.0250 6172 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:57:32.0265 6172 Netlogon - ok

08:57:32.0625 6172 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

08:57:32.0625 6172 Netman - ok

08:57:33.0062 6172 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:57:33.0078 6172 NetTcpPortSharing - ok

08:57:33.0812 6172 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

08:57:33.0859 6172 NETw4x32 - ok

08:57:34.0359 6172 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

08:57:34.0359 6172 NIC1394 - ok

08:57:35.0265 6172 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

08:57:35.0265 6172 Nla - ok

08:57:36.0015 6172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:57:36.0031 6172 Npfs - ok

08:57:36.0500 6172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:57:36.0500 6172 Ntfs - ok

08:57:36.0875 6172 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:57:36.0875 6172 NtLmSsp - ok

08:57:37.0203 6172 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

08:57:37.0218 6172 NtmsSvc - ok

08:57:37.0671 6172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:57:37.0671 6172 Null - ok

08:57:38.0140 6172 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:57:38.0156 6172 nv - ok

08:57:38.0593 6172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:57:38.0593 6172 NwlnkFlt - ok

08:57:39.0031 6172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:57:39.0046 6172 NwlnkFwd - ok

08:57:39.0515 6172 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

08:57:39.0515 6172 ohci1394 - ok

08:57:39.0796 6172 olapserver - ok

08:57:40.0078 6172 om518p - ok

08:57:40.0515 6172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:57:40.0515 6172 Parport - ok

08:57:40.0984 6172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:57:40.0984 6172 PartMgr - ok

08:57:41.0390 6172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:57:41.0390 6172 ParVdm - ok

08:57:41.0859 6172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:57:41.0859 6172 PCI - ok

08:57:42.0234 6172 PCIDump - ok

08:57:42.0671 6172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:57:42.0671 6172 PCIIde - ok

08:57:43.0562 6172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:57:43.0562 6172 Pcmcia - ok

08:57:44.0015 6172 PDAgent (82d8354db7ce7131fb939e8482ddf511) C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe

08:57:44.0031 6172 PDAgent - ok

08:57:44.0500 6172 PDCOMP - ok

08:57:44.0765 6172 PDEngine (3719de4180e251ab91d8c183f2d949bf) C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe

08:57:44.0781 6172 PDEngine - ok

08:57:45.0171 6172 PDFRAME - ok

08:57:45.0531 6172 PDRELI - ok

08:57:45.0875 6172 PDRFRAME - ok

08:57:46.0296 6172 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

08:57:46.0296 6172 perc2 - ok

08:57:46.0750 6172 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

08:57:46.0750 6172 perc2hib - ok

08:57:47.0156 6172 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

08:57:47.0156 6172 PlugPlay - ok

08:57:47.0546 6172 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:57:47.0546 6172 PolicyAgent - ok

08:57:47.0828 6172 ppmoucls - ok

08:57:48.0281 6172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:57:48.0281 6172 PptpMiniport - ok

08:57:48.0640 6172 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Virgin Media\Security\BitDefender\profos.sys

08:57:48.0640 6172 Profos - ok

08:57:49.0062 6172 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:57:49.0062 6172 ProtectedStorage - ok

08:57:49.0515 6172 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:57:49.0531 6172 PSched - ok

08:57:49.0906 6172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:57:49.0906 6172 Ptilink - ok

08:57:50.0328 6172 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:57:50.0328 6172 PxHelp20 - ok

08:57:50.0531 6172 QBCFMonitorService (d17625202e83cca34ca15702093a1d0f) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

08:57:50.0531 6172 QBCFMonitorService - ok

08:57:50.0703 6172 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

08:57:50.0703 6172 QBFCService - ok

08:57:51.0187 6172 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

08:57:51.0187 6172 ql1080 - ok

08:57:51.0640 6172 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

08:57:51.0640 6172 Ql10wnt - ok

08:57:52.0093 6172 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

08:57:52.0109 6172 ql12160 - ok

08:57:52.0640 6172 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

08:57:52.0640 6172 ql1240 - ok

08:57:53.0187 6172 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

08:57:53.0187 6172 ql1280 - ok

08:57:54.0093 6172 Radialpoint Security Services (ac4ab3057bb489b25ea2ee2d718f2072) C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe

08:57:54.0093 6172 Radialpoint Security Services - ok

08:57:54.0406 6172 RadialpointIDSAgent (c4890ace6384522e9b678f403ab5a145) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe

08:57:54.0484 6172 RadialpointIDSAgent - ok

08:57:54.0828 6172 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys

08:57:54.0843 6172 RadialpointIDSDriver - ok

08:57:55.0281 6172 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys

08:57:55.0281 6172 RadialpointIDSEH - ok

08:57:55.0640 6172 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys

08:57:55.0640 6172 RadialpointIDSFilter - ok

08:57:55.0671 6172 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys

08:57:55.0671 6172 RadialpointIDSShim - ok

08:57:56.0093 6172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:57:56.0093 6172 RasAcd - ok

08:57:56.0437 6172 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

08:57:56.0437 6172 RasAuto - ok

08:57:56.0921 6172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:57:56.0921 6172 Rasl2tp - ok

08:57:57.0281 6172 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

08:57:57.0281 6172 RasMan - ok

08:57:57.0734 6172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:57:57.0734 6172 RasPppoe - ok

08:57:58.0171 6172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:57:58.0171 6172 Raspti - ok

08:57:58.0687 6172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:57:58.0687 6172 Rdbss - ok

08:57:59.0125 6172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:57:59.0125 6172 RDPCDD - ok

08:57:59.0640 6172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

08:57:59.0640 6172 rdpdr - ok

08:58:00.0078 6172 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

08:58:00.0078 6172 RDPWD - ok

08:58:00.0437 6172 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

08:58:00.0453 6172 RDSessMgr - ok

08:58:00.0906 6172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:58:00.0906 6172 redbook - ok

08:58:01.0078 6172 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

08:58:01.0093 6172 RegSrvc - ok

08:58:01.0421 6172 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

08:58:01.0437 6172 RemoteAccess - ok

08:58:01.0828 6172 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

08:58:01.0828 6172 RemoteRegistry - ok

08:58:02.0234 6172 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

08:58:02.0250 6172 RFCOMM - ok

08:58:02.0703 6172 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

08:58:02.0703 6172 rimmptsk - ok

08:58:03.0156 6172 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

08:58:03.0171 6172 rimsptsk - ok

08:58:03.0437 6172 RIOXDRV - ok

08:58:03.0875 6172 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

08:58:03.0875 6172 rismxdp - ok

08:58:04.0234 6172 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

08:58:04.0250 6172 RoxMediaDB9 - ok

08:58:04.0359 6172 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

08:58:04.0359 6172 RoxWatch9 - ok

08:58:04.0718 6172 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

08:58:04.0718 6172 RpcLocator - ok

08:58:05.0109 6172 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

08:58:05.0125 6172 RpcSs - ok

08:58:05.0546 6172 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys

08:58:05.0546 6172 RPPKT - ok

08:58:06.0000 6172 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys

08:58:06.0000 6172 RPSKT - ok

08:58:06.0343 6172 RP_FWS (72612cc96156957adfdfe35aaa456a36) C:\Program Files\Virgin Media\Security\Fws.exe

08:58:06.0359 6172 RP_FWS - ok

08:58:06.0781 6172 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

08:58:06.0781 6172 RSVP - ok

08:58:07.0140 6172 rtl8185 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\CBN.dll

08:58:07.0140 6172 rtl8185 ( Backdoor.Multi.ZAccess.gen ) - infected

08:58:07.0140 6172 rtl8185 - detected Backdoor.Multi.ZAccess.gen (0)

08:58:07.0453 6172 rtm - ok

08:58:07.0734 6172 RushTopDevice - ok

08:58:08.0000 6172 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

08:58:08.0015 6172 S24EventMonitor - ok

08:58:08.0796 6172 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

08:58:08.0796 6172 s24trans - ok

08:58:09.0171 6172 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

08:58:09.0171 6172 SamSs - ok

08:58:09.0562 6172 scan (4bea90f7d79143cc2135e2c5e85c9eb0) C:\Program Files\Virgin Media\Security\BitDefender\scan.dll

08:58:09.0562 6172 scan - ok

08:58:09.0953 6172 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

08:58:09.0953 6172 SCardSvr - ok

08:58:10.0343 6172 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

08:58:10.0359 6172 Schedule - ok

08:58:10.0796 6172 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

08:58:10.0812 6172 sdbus - ok

08:58:11.0093 6172 SE2Dbus - ok

08:58:11.0515 6172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:58:11.0515 6172 Secdrv - ok

08:58:11.0906 6172 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

08:58:11.0906 6172 seclogon - ok

08:58:12.0265 6172 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

08:58:12.0265 6172 SENS - ok

08:58:12.0703 6172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:58:12.0703 6172 serenum - ok

08:58:13.0156 6172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:58:13.0156 6172 Serial - ok

08:58:13.0750 6172 ServicepointService (3c5253de64f5a83836f063bd38b91d89) C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe

08:58:13.0890 6172 ServicepointService - ok

08:58:14.0375 6172 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

08:58:14.0375 6172 sffdisk - ok

08:58:14.0796 6172 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

08:58:14.0796 6172 sffp_sd - ok

08:58:15.0265 6172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:58:15.0265 6172 Sfloppy - ok

08:58:15.0546 6172 sfvfs02 - ok

08:58:15.0921 6172 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

08:58:15.0921 6172 SharedAccess - ok

08:58:16.0265 6172 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:58:16.0281 6172 ShellHWDetection - ok

08:58:16.0656 6172 Simbad - ok

08:58:17.0171 6172 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

08:58:17.0187 6172 sisagp - ok

08:58:17.0500 6172 SiSGbeXP - ok

08:58:17.0796 6172 slabbus - ok

08:58:18.0468 6172 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:58:18.0468 6172 SLIP - ok

08:58:19.0250 6172 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

08:58:19.0250 6172 Sparrow - ok

08:58:19.0687 6172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:58:19.0703 6172 splitter - ok

08:58:20.0046 6172 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

08:58:20.0062 6172 Spooler - ok

08:58:20.0218 6172 sprtsvc_dellsupportcenter - ok

08:58:20.0734 6172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:58:20.0734 6172 sr - ok

08:58:21.0093 6172 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

08:58:21.0093 6172 srservice - ok

08:58:21.0531 6172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:58:21.0531 6172 Srv - ok

08:58:21.0906 6172 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

08:58:21.0921 6172 SSDPSRV - ok

08:58:22.0312 6172 StarOpen - ok

08:58:22.0812 6172 STHDA (58f855684e163466a5c565adf0865536) C:\WINDOWS\system32\drivers\sthda.sys

08:58:22.0812 6172 STHDA - ok

08:58:23.0359 6172 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

08:58:23.0359 6172 stisvc - ok

08:58:23.0515 6172 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

08:58:23.0531 6172 stllssvr - ok

08:58:23.0984 6172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:58:23.0984 6172 streamip - ok

08:58:24.0453 6172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:58:24.0468 6172 swenum - ok

08:58:24.0906 6172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:58:24.0921 6172 swmidi - ok

08:58:25.0203 6172 SwPrv - ok

08:58:25.0625 6172 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

08:58:25.0625 6172 symc810 - ok

08:58:26.0078 6172 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

08:58:26.0078 6172 symc8xx - ok

08:58:26.0515 6172 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

08:58:26.0515 6172 sym_hi - ok

08:58:26.0968 6172 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

08:58:26.0984 6172 sym_u3 - ok

08:58:27.0453 6172 SynTP (936cd58395d36659bb798b961ef7357f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

08:58:27.0453 6172 SynTP - ok

08:58:28.0093 6172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:58:28.0093 6172 sysaudio - ok

08:58:28.0421 6172 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

08:58:28.0421 6172 SysmonLog - ok

08:58:28.0859 6172 tap0901 (2e644070f2240cca9775a6b79cae62cd) C:\WINDOWS\system32\DRIVERS\tap0901.sys

08:58:28.0859 6172 tap0901 - ok

08:58:29.0328 6172 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

08:58:29.0343 6172 taphss - ok

08:58:29.0718 6172 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

08:58:29.0718 6172 TapiSrv - ok

08:58:30.0484 6172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:58:30.0484 6172 Tcpip - ok

08:58:30.0890 6172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:58:30.0890 6172 TDPIPE - ok

08:58:31.0343 6172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:58:31.0359 6172 TDTCP - ok

08:58:31.0812 6172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:58:31.0812 6172 TermDD - ok

08:58:32.0171 6172 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

08:58:32.0187 6172 TermService - ok

08:58:32.0531 6172 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

08:58:32.0546 6172 Themes - ok

08:58:32.0890 6172 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

08:58:32.0906 6172 TlntSvr - ok

08:58:33.0734 6172 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

08:58:33.0734 6172 toshidpt - ok

08:58:34.0921 6172 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

08:58:34.0921 6172 TosIde - ok

08:58:35.0625 6172 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys

08:58:35.0625 6172 tosporte - ok

08:58:36.0062 6172 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys

08:58:36.0062 6172 Tosrfbd - ok

08:58:36.0515 6172 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

08:58:36.0515 6172 Tosrfbnp - ok

08:58:36.0968 6172 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

08:58:36.0968 6172 Tosrfcom - ok

08:58:37.0406 6172 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

08:58:37.0406 6172 Tosrfhid - ok

08:58:37.0843 6172 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

08:58:37.0843 6172 tosrfnds - ok

08:58:38.0265 6172 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys

08:58:38.0265 6172 TosRfSnd - ok

08:58:38.0687 6172 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys

08:58:38.0687 6172 Tosrfusb - ok

08:58:39.0046 6172 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

08:58:39.0062 6172 TrkWks - ok

08:58:39.0421 6172 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys

08:58:39.0421 6172 Trufos - ok

08:58:39.0906 6172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:58:39.0906 6172 Udfs - ok

08:58:40.0359 6172 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

08:58:40.0359 6172 ultra - ok

08:58:40.0828 6172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:58:40.0828 6172 Update - ok

08:58:41.0187 6172 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

08:58:41.0203 6172 upnphost - ok

08:58:41.0562 6172 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

08:58:41.0562 6172 UPS - ok

08:58:42.0015 6172 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

08:58:42.0015 6172 usbaudio - ok

08:58:42.0578 6172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:58:42.0578 6172 usbccgp - ok

08:58:43.0031 6172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:58:43.0031 6172 usbehci - ok

08:58:43.0468 6172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:58:43.0468 6172 usbhub - ok

08:58:43.0875 6172 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:58:43.0875 6172 usbprint - ok

08:58:44.0343 6172 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:58:44.0343 6172 usbscan - ok

08:58:44.0796 6172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:58:44.0796 6172 USBSTOR - ok

08:58:45.0234 6172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

08:58:45.0234 6172 usbuhci - ok

08:58:45.0640 6172 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

08:58:45.0656 6172 usb_rndisx - ok

08:58:46.0125 6172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:58:46.0125 6172 VgaSave - ok

08:58:46.0546 6172 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

08:58:46.0546 6172 viaagp - ok

08:58:46.0984 6172 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

08:58:46.0984 6172 ViaIde - ok

08:58:47.0453 6172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:58:47.0453 6172 VolSnap - ok

08:58:47.0750 6172 vpn5000service - ok

08:58:48.0343 6172 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

08:58:48.0359 6172 VSS - ok

08:58:49.0203 6172 VX1000 (2fbf9e882fc28a315a86aa1f831c144e) C:\WINDOWS\system32\DRIVERS\VX1000.sys

08:58:49.0234 6172 VX1000 - ok

08:58:49.0640 6172 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

08:58:49.0640 6172 w32time - ok

08:58:50.0093 6172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:58:50.0093 6172 Wanarp - ok

08:58:50.0515 6172 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

08:58:50.0515 6172 wceusbsh - ok

08:58:50.0906 6172 WDICA - ok

08:58:51.0375 6172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:58:51.0375 6172 wdmaud - ok

08:58:51.0750 6172 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

08:58:51.0750 6172 WebClient - ok

08:58:52.0046 6172 webdriveservice - ok

08:58:52.0531 6172 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

08:58:52.0546 6172 winachsf - ok

08:58:53.0000 6172 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

08:58:53.0000 6172 winmgmt - ok

08:58:53.0234 6172 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

08:58:53.0234 6172 WLANKEEPER - ok

08:58:53.0562 6172 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

08:58:53.0578 6172 WmdmPmSN - ok

08:58:53.0984 6172 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

08:58:54.0000 6172 Wmi - ok

08:58:54.0500 6172 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

08:58:54.0500 6172 WmiAcpi - ok

08:58:54.0921 6172 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

08:58:54.0921 6172 WmiApSrv - ok

08:58:55.0140 6172 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

08:58:55.0156 6172 WMPNetworkSvc - ok

08:58:55.0625 6172 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

08:58:55.0625 6172 WpdUsb - ok

08:58:56.0093 6172 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

08:58:56.0093 6172 WS2IFSL - ok

08:58:56.0375 6172 WSIMD - ok

08:58:56.0796 6172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:58:56.0796 6172 WSTCODEC - ok

08:58:57.0156 6172 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

08:58:57.0156 6172 wuauserv - ok

08:58:57.0578 6172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:58:57.0578 6172 WudfPf - ok

08:58:57.0984 6172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:58:57.0984 6172 WudfRd - ok

08:58:58.0343 6172 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

08:58:58.0343 6172 WudfSvc - ok

08:58:58.0750 6172 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

08:58:58.0765 6172 WZCSVC - ok

08:58:59.0109 6172 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

08:58:59.0109 6172 xmlprov - ok

08:58:59.0562 6172 ZTEusbmdm6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

08:58:59.0562 6172 ZTEusbmdm6k - ok

08:59:00.0015 6172 ZTEusbnmea (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

08:59:00.0015 6172 ZTEusbnmea - ok

08:59:00.0468 6172 ZTEusbser6k (616b411bfc0e9f535a436759f19b79d8) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

08:59:00.0468 6172 ZTEusbser6k - ok

08:59:00.0531 6172 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0

08:59:00.0781 6172 \Device\Harddisk0\DR0 - ok

08:59:00.0843 6172 Boot (0x1200) (043fd301fd2a1031cd72139f058fabbf) \Device\Harddisk0\DR0\Partition0

08:59:00.0843 6172 \Device\Harddisk0\DR0\Partition0 - ok

08:59:00.0843 6172 ============================================================

08:59:00.0843 6172 Scan finished

08:59:00.0843 6172 ============================================================

08:59:00.0859 0988 Detected object count: 2

08:59:00.0859 0988 Actual detected object count: 2

08:59:49.0671 0988 c:\program files\common files\akamai/netsession_win_6c825ce.dll - copied to quarantine

08:59:49.0671 0988 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine

08:59:50.0140 0988 C:\WINDOWS\system32\CBN.dll - copied to quarantine

08:59:50.0140 0988 HKLM\SYSTEM\ControlSet001\services\rtl8185 - will be deleted on reboot

08:59:50.0140 0988 HKLM\SYSTEM\ControlSet002\services\rtl8185 - will be deleted on reboot

08:59:50.0156 0988 C:\WINDOWS\system32\CBN.dll - will be deleted on reboot

08:59:50.0156 0988 rtl8185 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

08:59:55.0218 0904 Deinitialize success

[duncanad]

Combofix Log

ComboFix 12-04-16.01 - duncanad 16/04/2012 10:03:45.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1428 [GMT 1:00]

Running from: c:\documents and settings\duncanad\Desktop\ComboFix.exe

AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Virgin Media Security Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\duncanad\Application Data\Wyylu

c:\documents and settings\duncanad\Application Data\Wyylu\epile.wyp

c:\windows\system32\AF15BDAEX.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\TEMP\logishrd\LVPrcInj02.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))

.

.

2012-04-16 07:54 . 2012-04-16 07:54 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-12 08:49 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-12 08:49 . 2012-04-12 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-12 08:37 . 2012-04-12 08:37 -------- d-sh--w- c:\documents and settings\duncanad\IECompatCache

2012-04-12 07:45 . 2012-04-12 07:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-04-12 06:46 . 2012-04-12 09:39 -------- d-----w- c:\documents and settings\duncanad\Application Data\Ythowe

2012-04-12 06:46 . 2012-04-12 08:39 -------- d-----w- c:\documents and settings\duncanad\Application Data\Lobiw

2012-03-31 22:44 . 2012-03-31 22:44 -------- d-sh--w- c:\documents and settings\duncanad\PrivacIE

2012-03-31 19:45 . 2012-04-14 22:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-29 18:55 . 2012-03-29 18:55 -------- d-sh--w- c:\documents and settings\User\IETldCache

2012-03-17 21:17 . 2012-03-17 21:17 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-17 21:17 . 2012-03-17 21:17 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-03-17 18:52 . 2012-03-17 18:52 -------- d-sh--w- c:\documents and settings\duncanad\IETldCache

2012-03-17 18:51 . 2012-03-17 18:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2012-03-17 11:18 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2012-03-17 11:16 . 2012-03-01 11:01 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-03-17 11:16 . 2012-03-01 11:01 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-03-17 11:16 . 2012-03-01 11:01 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-03-17 11:13 . 2012-03-17 11:16 -------- dc-h--w- c:\windows\ie8

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-16 08:00 . 2004-08-11 17:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-14 22:07 . 2011-05-22 10:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01 . 2004-08-11 17:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 17:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 17:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 17:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 17:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 17:00 385024 ------w- c:\windows\system32\html.iec

2012-02-03 09:22 . 2004-08-11 17:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut42_94D1485898EF484F9456663AB2BE9B5A.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut41_94D1485898EF484F9456663AB2BE9B5A.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut36_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut3121_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut26_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut2_A2C6C64CDCFF4444A6812085CE0C0AA3.exe

2012-03-17 21:17 . 2012-03-02 21:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-20 68856]

"Center Agent"="c:\program files\DVB-T USB2.0 Stick\HyperMediaCenter\DTVR\Scheduled.exe" [2008-01-10 1524224]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Akamai NetSession Interface"="c:\documents and settings\duncanad\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-27 61440]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"\\HOBBES\EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304]

"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]

"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-11-16 10200376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\duncanad\Start Menu\Programs\Startup\

OSR_TinyWeb.lnk - c:\program files\Intuit\IDN\Common\TinyWeb\TINY.EXE [2011-9-14 58880]

Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2010-12-8 3501056]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-20 50688]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-20 66864]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

SJphone 1.65.lnk - c:\windows\Installer\{E1A45BFD-FD3E-45D7-AD5C-A29A506C2EB3}\SoftphoneIcon.exe [2011-4-15 20480]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks

Exchange Data with Web Services.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\EditPlus 3\\editplus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"c:\\Documents and Settings\\duncanad\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1151:TCP"= 1151:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [19/10/2010 20:53 25608]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 18:00 14336]

R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [29/04/2011 14:38 1737464]

R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [14/05/2011 17:02 1406264]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/04/2012 09:49 654408]

R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]

R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [19/10/2010 20:53 5832712]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [26/12/2011 14:24 10310968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/04/2012 09:49 22344]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [19/10/2010 20:53 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [19/10/2010 20:53 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [19/10/2010 20:53 25736]

S2 gupdate1ca5a75a727b093;Google Update Service (gupdate1ca5a75a727b093);c:\program files\Google\Update\GoogleUpdate.exe [31/10/2009 23:01 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 20:45 253088]

S3 BDA_Capture_220A;Digital-TV receiver Driver 1.0.1.3;c:\windows\system32\drivers\BDA_Capture_220A.sys [13/03/2006 11:44 14080]

S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 5.12.26.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [13/03/2006 11:44 15744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/10/2009 23:01 133104]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29/04/2011 14:38 9216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 252175B9

*Deregistered* - 252175b9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan sysagent

Akamai REG_MULTI_SZ Akamai

.

NETSVCS REQUIRES REPAIRS - current entries shown

6to4

AppMgmt

AudioSrv

Browser

CryptSvc

DMServer

DHCP

ERSvc

EventSystem

FastUserSwitchingCompatibility

HidServ

Ias

Iprip

Irmon

LanmanServer

LanmanWorkstation

Messenger

Netman

Nla

Ntmssvc

NWCWorkstation

Nwsapagent

Rasauto

RushTopDevice

sfvfs02

DgiVecp

BrUsbSer

Epfwndis

rtm

ami0nt

tos_sps32

webdriveservice

kerbkey

ggsemc

SimpTcp

w300mdm

iclarityqosservice

USR1806V

ShockMgr

g400

atinrvxx

ELmou

ctusfsyn

sbcssvc

pavprsrv

paamsrv

mozyFilter

BLKWGU(Belkin)

fcdabus

vpcbus

viairda

ddxgb

mrobeservice

ATMsrvc

RIOXDRV

SE2Dbus

GTPTSER

epson_pm_rpcv2_02

upnp

revudfservice

se45bus

pcdrndisuio

btnhnd

USBMN1X1

rkhdrv31

rvsinst

UsbserFilt

cxusb

uscbs108

STV672

OneCareMP

ATWPKT2

ZDPNDIS5

ROCKEYNT

rtl8185

tunmp

pxfhmdfl

DCamUSBMke2

comhost

mvdcodec

RMSvc

bufserv

CAMCAUD

lvselsus

RalinkRegistryWriter

WGX

ssidrv

s716obex

licensemanagersocket

rca

bjmcmng

ar5211

mcafeeantispyware

olapserver

iaimtv1

bc_pat_f

SiSGbeXP

vpn5000service

nvsmu

SunkFilt

zpjava

tme3srv

susbser

PID_08A0

epson_pm_rpcv2_01

winvnc

mcredirector

szserver

NEOFLTR_600_13319

lxrjd31d

axinstsv

websensewfreportserver

lmab_device

lxbu_device

cicssfs.scmmc223

SE2Bmdm

TeamViewer

steamdvr

MSICPL

SeaPort

ibmasrex

ati2mtag

egathdrv

ppmoucls

WSIMD

om518p

slabbus

Rasman

Remoteaccess

Schedule

Seclogon

SENS

Sharedaccess

SRService

Tapisrv

Themes

TrkWks

W32Time

WZCSVC

Wmi

WmdmPmSp

winmgmt

wscsvc

xmlprov

BITS

wuauserv

ShellHWDetection

helpsvc

WmdmPmSN

napagent

hkmsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:07]

.

2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 22:00]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 22:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.workingit.co.uk/

uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=rH-aSQS8-zcndryfEfnzrZexsNM

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 10.2.0.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\duncanad\Application Data\Mozilla\Firefox\Profiles\m4md9xpf.default\

FF - prefs.js: browser.startup.homepage - www.workingit.co.uk

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-69527201.sys

SafeBoot-70044868.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-16 10:32

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1291586430-3237724536-3453565282-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x*m*l* \OpenWithList]

@Class="Shell"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(9452)

c:\windows\system32\WININET.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Roxio\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\CDRTC.DLL

c:\program files\Roxio\Drag-to-Disc\ShellRes.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Virgin Media\Security\Fws.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Kontiki\KService.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\stsystra.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\program files\SJphone 1.65\SJphone.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-04-16 10:42:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-16 09:42

.

Pre-Run: 82,023,329,792 bytes free

Post-Run: 83,752,439,808 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

[CatByte]

Hi,

That looks better, but we still have a little more work to do, please do the following:

• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  
• They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\documents and settings\duncanad\Application Data\Ythowe
c:\documents and settings\duncanad\Application Data\Lobiw

NETSVC::
RushTopDevice
sfvfs02
DgiVecp
BrUsbSer
Epfwndis
rtm
ami0nt
tos_sps32
webdriveservice
kerbkey
ggsemc
SimpTcp
w300mdm
iclarityqosservice
USR1806V
ShockMgr
g400
atinrvxx
ELmou
ctusfsyn
sbcssvc
pavprsrv
paamsrv
mozyFilter
BLKWGU(Belkin)
fcdabus
vpcbus
viairda
ddxgb
mrobeservice
ATMsrvc
RIOXDRV
SE2Dbus
GTPTSER
epson_pm_rpcv2_02
upnp
revudfservice
se45bus
pcdrndisuio
btnhnd
USBMN1X1
rkhdrv31
rvsinst
UsbserFilt
cxusb
uscbs108
STV672
OneCareMP
ATWPKT2
ZDPNDIS5
ROCKEYNT
rtl8185
tunmp
pxfhmdfl
DCamUSBMke2
comhost
mvdcodec
RMSvc
bufserv
CAMCAUD
lvselsus
RalinkRegistryWriter
WGX
ssidrv
s716obex
licensemanagersocket
rca
bjmcmng
ar5211
mcafeeantispyware
olapserver
iaimtv1
bc_pat_f
SiSGbeXP
vpn5000service
nvsmu
SunkFilt
zpjava
tme3srv
susbser
PID_08A0
epson_pm_rpcv2_01
winvnc
mcredirector
szserver
NEOFLTR_600_13319
lxrjd31d
axinstsv
websensewfreportserver
lmab_device
lxbu_device
cicssfs.scmmc223
SE2Bmdm
TeamViewer
steamdvr
MSICPL
SeaPort
ibmasrex
ati2mtag
egathdrv
ppmoucls
WSIMD
om518p
slabbus

DDS::
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=rH-aSQS8-zcndryfEfnzrZexsNM
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix may request an update; please allow it.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you.
  
• Copy and paste the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

• Please open your MalwareBytes AntiMalware Program
  
• Click the Update Tab and search for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish, so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected. <-- very important
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activeX control to install
  
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  
• Click Scan
  
• Wait for the scan to finish
  
• When the scan completes, press the LIST OF THREATS FOUND button
  
• Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  
• Include the contents of this report in your next reply.
  
• Press the BACK button.
  
• Press Finish
  

NEXT

Please advise how the computer is running now and if there are any outstanding issues

[duncanad]

Many thanks again for your help.

I have done everything as instructed by Catbyte above.

Here is the contents of the Combofix.txt file

ComboFix 12-04-16.01 - duncanad 18/04/2012 11:07:53.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1554 [GMT 1:00]

Running from: c:\documents and settings\duncanad\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\duncanad\Desktop\CFScript.txt

AV: Virgin Media Security Anti-Virus *Disabled/Updated* {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}

FW: Virgin Media Security Firewall *Disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\duncanad\Application Data\Lobiw

c:\documents and settings\duncanad\Application Data\Lobiw\povyh.kiu

c:\documents and settings\duncanad\Application Data\Lobiw\povyh.tmp

c:\documents and settings\duncanad\Application Data\Ythowe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))

.

.

2012-04-16 07:54 . 2012-04-16 07:54 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-12 08:49 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-12 08:49 . 2012-04-12 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-12 08:37 . 2012-04-12 08:37 -------- d-sh--w- c:\documents and settings\duncanad\IECompatCache

2012-04-12 07:45 . 2012-04-12 07:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-03-31 22:44 . 2012-03-31 22:44 -------- d-sh--w- c:\documents and settings\duncanad\PrivacIE

2012-03-31 19:45 . 2012-04-14 22:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-29 18:55 . 2012-03-29 18:55 -------- d-sh--w- c:\documents and settings\User\IETldCache

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-16 08:00 . 2004-08-11 17:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-04-14 22:07 . 2011-05-22 10:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01 . 2004-08-11 17:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-11 17:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-11 17:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-11 17:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-11 17:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-11 17:00 385024 ------w- c:\windows\system32\html.iec

2012-02-03 09:22 . 2004-08-11 17:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut42_94D1485898EF484F9456663AB2BE9B5A.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut41_94D1485898EF484F9456663AB2BE9B5A.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut36_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut3121_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut26_B0E0A7E20E8A4C6D994B8185A77E3EB3.exe

2012-01-24 10:29 . 2012-01-24 10:29 48240 ----a-r- c:\documents and settings\duncanad\Application Data\Microsoft\Installer\{A649A38D-D54E-4CE5-8D23-9BA03114D7A8}\NewShortcut2_A2C6C64CDCFF4444A6812085CE0C0AA3.exe

2012-03-17 21:17 . 2012-03-02 21:19 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-16_09.34.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-18 10:06 . 2012-04-18 10:06 16384 c:\windows\Temp\Perflib_Perfdata_864.dat

+ 2012-04-18 10:03 . 2012-04-18 10:03 16384 c:\windows\Temp\Perflib_Perfdata_834.dat

+ 2012-04-18 10:03 . 2012-04-18 10:03 16384 c:\windows\Temp\Perflib_Perfdata_6ac.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-20 68856]

"Center Agent"="c:\program files\DVB-T USB2.0 Stick\HyperMediaCenter\DTVR\Scheduled.exe" [2008-01-10 1524224]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"Akamai NetSession Interface"="c:\documents and settings\duncanad\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 405504]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-27 61440]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"\\HOBBES\EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304]

"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]

"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]

"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-11-16 10200376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\duncanad\Start Menu\Programs\Startup\

OSR_TinyWeb.lnk - c:\program files\Intuit\IDN\Common\TinyWeb\TINY.EXE [2011-9-14 58880]

Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2010-12-8 3501056]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-20 50688]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-20 66864]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

SJphone 1.65.lnk - c:\windows\Installer\{E1A45BFD-FD3E-45D7-AD5C-A29A506C2EB3}\SoftphoneIcon.exe [2011-4-15 20480]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks

Exchange Data with Web Services.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe [2009-2-9 300328]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kontiki\\KService.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\EditPlus 3\\editplus.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

"c:\\Documents and Settings\\duncanad\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Virgin Media\\Service Manager\\ServicepointService.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1132:TCP"= 1132:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [19/10/2010 20:53 25608]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [11/08/2004 18:00 14336]

R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [29/04/2011 14:38 1737464]

R2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [14/05/2011 17:02 1406264]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/04/2012 09:49 654408]

R2 Radialpoint Security Services;Virgin Media Security;c:\program files\Virgin Media\Security\RpsSecurityAwareR.exe [04/01/2010 12:17 165408]

R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe [19/10/2010 20:53 5832712]

R2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [26/12/2011 14:24 10310968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/04/2012 09:49 22344]

R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [19/10/2010 20:53 122376]

R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys [19/10/2010 20:53 30216]

R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [19/10/2010 20:53 25736]

S2 gupdate1ca5a75a727b093;Google Update Service (gupdate1ca5a75a727b093);c:\program files\Google\Update\GoogleUpdate.exe [31/10/2009 23:01 133104]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31/03/2012 20:45 253088]

S3 BDA_Capture_220A;Digital-TV receiver Driver 1.0.1.3;c:\windows\system32\drivers\BDA_Capture_220A.sys [13/03/2006 11:44 14080]

S3 BDA_Loader_220A;Digital-TV Receiver Firmware Loader 5.12.26.0;c:\windows\system32\drivers\BDA_Loader_220A.sys [13/03/2006 11:44 15744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [31/10/2009 23:01 133104]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [29/04/2011 14:38 9216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 357B2CA9

*Deregistered* - 357b2ca9

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bdx REG_MULTI_SZ scan sysagent

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:07]

.

2012-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 22:00]

.

2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-31 22:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.workingit.co.uk/

TCP: DhcpNameServer = 10.2.0.254

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\duncanad\Application Data\Mozilla\Firefox\Profiles\m4md9xpf.default\

FF - prefs.js: browser.startup.homepage - www.workingit.co.uk

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-18 11:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1291586430-3237724536-3453565282-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*x*m*l* \OpenWithList]

@Class="Shell"

.

Completion time: 2012-04-18 11:27:49

ComboFix-quarantined-files.txt 2012-04-18 10:27

ComboFix2.txt 2012-04-16 09:42

.

Pre-Run: 83,619,921,920 bytes free

Post-Run: 83,647,709,184 bytes free

.

- - End Of File - - 6458FE56857693D6A1E0914558198D62

[duncanad]

Here is the content of the MBAM log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.18.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

duncanad :: GRUMPS [administrator]

Protection: Disabled

18/04/2012 11:30:40

mbam-log-2012-04-18 (11-30-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231273

Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

And below is the content of the ESETSCAN file

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP355\A0081858.exe a variant of Win32/HotSpotShield application

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP385\A0087582.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP386\A0087619.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087846.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087890.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087921.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087953.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087983.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088027.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088052.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088084.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088116.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088229.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088235.sys Win32/Sirefef.DA trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088291.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088292.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088293.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088294.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088295.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088296.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088297.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088298.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088299.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088300.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088301.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088302.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088303.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088304.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088305.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088306.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088307.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088308.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088309.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088310.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088311.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088312.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088313.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088314.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088315.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088316.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088317.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088318.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088319.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088320.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088321.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088322.dll Win32/Sirefef.ER trojan

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088323.dll Win32/Sirefef.ER trojan

C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\svc0000\tsk0000.dta Win32/Sirefef.DA trojan

C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\zafs0000\tsk0002.dta Win32/Sirefef.DN trojan

C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\zafs0000\tsk0008.dta Win32/Sirefef.ES trojan

C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.EU trojan

C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan

C:\TDSSKiller_Quarantine\16.04.2012_08.55.36\zaea0000\svc0000\tsk0000.dta Win32/Sirefef.ER trojan

Will report back how the laptop is running after I have used it for a little while.

Thanks again,

Alan

[CatByte]

Hi,

Those detections by ESET are in old restore points, which we will be cleaning up shortly

please do the following:

Visit ADOBE and download the latest version of Acrobat Reader (version X)

Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
• Scroll down to where it says Java SE 6 Update 31
• Click the Download button under JRE to the right.
• Read the License Agreement then select Accept License Agreement
• Click on the link to download Windows x86 Offline and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • 
      Applications and Applets
      Trace and Log Files

  [*]Click OK on Delete Temporary Files Window

  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files Window[*]Click OK to leave the Java Control Panel.

Please let me know if there are any outstanding issues

[CatByte]

forum glitch - multiple posts

[CatByte]

forum glitch - multiple posts

[duncanad]

Catbyte,

Thanks for the further instruction which I am just about to follow. Before I do here is an update on the situation on my Laptop at present.

MBAM is not reporting any activity however I got a couple of reports that my Virgin Media AV had found a virus and quarantined it so I ran an AV scan. I've copied the report from the scan below. This may be old stuff and Virgin AV is reporting that it has dealt with it so may not be relevant but I have included it for completeness.

I will now follow your latest instruction.

Virgin Media Security - Scan Report

Scan Date: 18/04/2012 23:48:16 Scan Type: Standard Definition file: 1334392317 Last Update on: 18/04/2012 22:45:20

Folders and files selected to scan

C:\

Results

Master Boot Records and Fixed Disk Boot Sectors

Scanned 1 Master Boot Record(s).

Your Master Boot Record(s)/Boot Sector(s) are not infected.

Memory

Scanned: 1433 item(s)

Infected files on Local Disk (C:)

Scanned: 181990 item(s) File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP385\A0087582.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP386\A0087619.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087846.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087890.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087921.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087953.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP387\A0087983.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088027.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088052.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088084.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP388\A0088116.sys Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088293.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088294.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088295.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088296.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088297.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088298.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088299.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088300.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088301.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088302.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088303.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088304.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088305.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088306.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088307.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088308.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088309.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088310.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088311.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088312.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088313.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088314.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088315.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088316.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088317.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088318.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088319.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088320.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088321.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088322.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP389\A0088323.dll Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\svc0000\tsk0000.dta Action: This file could not be disinfected. It was quarantined instead.

Virus: Gen:Variant.Graftor.19531

File: C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\zafs0000\tsk0002.dta Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Generic.7070021

File: C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\rtkt0000\zafs0000\tsk0006.dta Action: This file could not be disinfected. It was quarantined instead.

Spyware: Application.BitCoinMiner.I

File: C:\TDSSKiller_Quarantine\16.04.2012_08.50.25\zaea0000\svc0000\tsk0000.dta Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

File: C:\TDSSKiller_Quarantine\16.04.2012_08.55.36\zaea0000\svc0000\tsk0000.dta Action: This file could not be disinfected. It was quarantined instead.

Virus: Trojan.Sirefef.BV

Startup programs

Scanned: 363 item(s)

Rootkits

Found: 0 item(s)

Cookies

Scanned: 11 item(s) File: C:\Documents and Settings\duncanad\Cookies\ANDX2OU7.txt

From: eloqua.com/ File: C:\Documents and Settings\duncanad\Cookies\JTY2GZBO.txt

From: c.atdmt.com/ File: C:\Documents and Settings\duncanad\Cookies\AV5CM4KE.txt

From: atdmt.com/ File: C:\Documents and Settings\duncanad\Cookies\0587DFUU.txt

From: eset.122.2o7.net/ File: C:\Documents and Settings\duncanad\Cookies\1W3OQEST.txt

From: doubleclick.net/

[duncanad]

OK that's the latest versions of Acrobat Reader and Java installed and the Cache cleared.

The only issues to report were during the Acrobat Reader installation process and are:

Virgin Security Service reported "The privacy manager service detected the following keywords being sent over the internet. Matching Keyword: 192.168.0.3 [ip ADDRESS]"

This gave the option to 'Block' or 'Allow' I chose 'Block'

I get this message from time to time - in fact I just got it again as I am typing this. I always choose to 'Block'. Virgin automatically allows and reports internet access by legitimate programs (although rules can be set manually). Whenever this message is reported there is no indication of what is initiating the access so I always block.

MBAM reported "Successfully blocked access to potentially malicious website: 89.28.45.133 Type:outgoing"

The only thing running at this time was the adobe installer.

Thanks again for all your help.

Regards,

Alan

PS When I clicked 'Post' to post this reply Virgin again reported 'keyword detection'. Clicking 'Block' cancelled the post. The following is the detail provided by Virgin AV. Looks like my AV is being a bit sensitive since it is flagging up my post. I'll allow it this time and hopefully this will be posted.

POST /index.php?app=forums&module=ajax&sectio

n=topics&do=reply&t=108693&f=7&pid=544069 HTTP/1.1

Host: forums.malwarebytes.org

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0

Accept: text/javascript, text/html, application/xml, text/xml, */*

Accept-Language: en-gb,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

X-Requested-With: XMLHttpRequest

X-Prototype-Version: 1.7

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Referer: http://forums.malwarebytes.org/index.php?s=22cfaa8aa571298ee667e77f639a

ea20&showtopic=108693&pid=544069&st=0&

Content-Length: 2529

Cookie: __utma=64482928.767829994.1334226059.1334226059.1334524453.2; __utmz=644

82928.1334524453.2.2.utmcsr=forums.malwarebytes.org|utmccn=(referral)|utmcmd=ref

erral|utmcct=/index.php; member_id=77201; pass_hash=a58efb32f201997bc10d26ab7a78

6258; session_id=22cfaa8aa571298ee667e77f639aea20; rteStatus=rte

Pragma: no-cache

Cache-Control: no-cache

md5check=4b7a26cc7cdae2aa6b8d131c9375df98&Post=%253Cp%253EOK%2520that%2526%25233

9%253Bs%2520the%2520latest%2520versions%2520of%2520Acrobat%2520Reader%2520and%25

20Java%2520installed%2520and%2520the%2520Cache%2520cleared.%253C%2Fp%253E%250A%2

53Cp%253E%2526nbsp%253B%253C%2Fp%253E%250A%253Cp%253EThe%2520only%2520issues%252

0to%2520report%2520were%2520during%2520the%2520Acrobat%2520Reader%2520installati

on%2520process%2520and%2520are%253A%253C%2Fp%253E%250A%253Cp%253E%2526nbsp%253B%

253C%2Fp%253E%250A%253Cp%253EVirgin%2520Security%2520Service%2520reported%2520%2

526quot%253BThe%2520privacy%2520manager%2520service%2520detected%2520the%2520fol

lowing%2520keywords%2520being%2520sent%2520over%2520the%2520internet.%2526nbsp%2

53B%2520Matching%2520Keyword%253A%2520192.168.0.3%2520%255BIp%2520ADDRESS%255D%2

526quot%253B%253C%2Fp%253E%250A%253Cp%253EThis%2520gave%2520the%2520option%2520t

o%2520%2526%252339%253BBlock%2526%252339%253B%2520or%2520%2526%252339%253BAllow%

2526%252339%253B%2526nbsp%253B%2520I%2520chose%2520%2526%252339%253BBloc

[CatByte]

Hi,

Do you have a home network set up? as 192.168.0.3 is characteristic of an IP address on an internal network,

just to be cautious please do the following:

Reset your Router:

• This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  
• Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  
• If you don’t know the router's default password, you can look it up. HERE
  
• You also need to reconfigure any security settings you had in place prior to the reset.
  
• You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
  

NEXT

• Go to Start > Run > type: cmd
  
• Press OK or Hit Enter.
  
• At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between “..g /f…” it needs to be there)
  
• Hit Enter.
  
• You will get a confirmation that the flush was successful.
  
• Close the command box.
  

NEXT

Please advise if there are any outstanding issues

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!