Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search engines not working and other problems [Solved]

Started by Hbosses , May 18 2012 04:27 PM

  • This topic is locked This topic is locked

#16
Hbosses
Posted 21 May 2012 - 02:30 PM

Hbosses

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Eset couldnt touch the file, but I just tried TDSSkiller and it found it and cured it, the file still remains in the Windows/System32/Drivers folder, however Google is working, Bing is working, Yahoo is working and the little pop ups have disappeared. So all is well it seems.

So the question is, how do I stop this happening again, and what caused it in the first place??

BTW Thanks for the help, i'm feeling slightly better although I need to change passwords for pretty much everything that may have been infiltrated.
  • 0

Advertisements

#17
ali.B
Posted 21 May 2012 - 11:18 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

please post the TDSSKiller log
  • 0

#18
Hbosses
Posted 22 May 2012 - 11:03 AM

Hbosses

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hi, no problem

TDSSKiller Log

21:05:41.0150 4952 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:05:43.0247 4952 ============================================================
21:05:43.0247 4952 Current date / time: 2012/05/21 21:05:43.0247
21:05:43.0248 4952 SystemInfo:
21:05:43.0248 4952
21:05:43.0248 4952 OS Version: 6.0.6002 ServicePack: 2.0
21:05:43.0248 4952 Product type: Workstation
21:05:43.0248 4952 ComputerName: HSBC-05-PC
21:05:43.0248 4952 UserName: HSBC-05
21:05:43.0248 4952 Windows directory: C:\Windows
21:05:43.0248 4952 System windows directory: C:\Windows
21:05:43.0248 4952 Processor architecture: Intel x86
21:05:43.0248 4952 Number of processors: 2
21:05:43.0248 4952 Page size: 0x1000
21:05:43.0248 4952 Boot type: Normal boot
21:05:43.0248 4952 ============================================================
21:05:48.0243 4952 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:05:48.0469 4952 ============================================================
21:05:48.0469 4952 \Device\Harddisk0\DR0:
21:05:48.0472 4952 MBR partitions:
21:05:48.0472 4952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
21:05:48.0472 4952 ============================================================
21:05:48.0526 4952 C: <-> \Device\Harddisk0\DR0\Partition0
21:05:48.0775 4952 ============================================================
21:05:48.0775 4952 Initialize success
21:05:48.0775 4952 ============================================================
21:09:08.0260 6040 ============================================================
21:09:08.0260 6040 Scan started
21:09:08.0260 6040 Mode: Manual;
21:09:08.0260 6040 ============================================================
21:09:10.0228 6040 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:09:10.0236 6040 ACPI - ok
21:09:10.0253 6040 adfs - ok
21:09:10.0301 6040 Adobe LM Service (4ae327c9c375d985ff2a2aab92765218) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:09:10.0336 6040 Adobe LM Service - ok
21:09:10.0418 6040 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:10.0423 6040 AdobeARMservice - ok
21:09:10.0470 6040 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:09:10.0482 6040 adp94xx - ok
21:09:10.0516 6040 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:09:10.0528 6040 adpahci - ok
21:09:10.0547 6040 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:09:10.0584 6040 adpu160m - ok
21:09:10.0606 6040 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:09:10.0649 6040 adpu320 - ok
21:09:10.0683 6040 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:09:10.0684 6040 AeLookupSvc - ok
21:09:10.0735 6040 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
21:09:10.0743 6040 AFD - ok
21:09:10.0760 6040 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:09:10.0826 6040 agp440 - ok
21:09:10.0864 6040 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:09:10.0927 6040 aic78xx - ok
21:09:10.0962 6040 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:09:10.0968 6040 ALG - ok
21:09:11.0028 6040 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:09:11.0031 6040 aliide - ok
21:09:11.0048 6040 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:09:11.0050 6040 amdagp - ok
21:09:11.0062 6040 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:09:11.0125 6040 amdide - ok
21:09:11.0160 6040 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:09:11.0163 6040 AmdK7 - ok
21:09:11.0176 6040 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:09:11.0210 6040 AmdK8 - ok
21:09:11.0239 6040 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:09:11.0241 6040 Appinfo - ok
21:09:11.0315 6040 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:11.0326 6040 Apple Mobile Device - ok
21:09:11.0430 6040 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:09:11.0464 6040 arc - ok
21:09:11.0495 6040 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:09:11.0501 6040 arcsas - ok
21:09:11.0515 6040 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:11.0517 6040 AsyncMac - ok
21:09:11.0544 6040 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:09:11.0576 6040 atapi - ok
21:09:11.0610 6040 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:09:11.0625 6040 AudioEndpointBuilder - ok
21:09:11.0632 6040 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:09:11.0637 6040 Audiosrv - ok
21:09:11.0653 6040 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:09:11.0657 6040 Beep - ok
21:09:11.0696 6040 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:09:11.0704 6040 BFE - ok
21:09:11.0802 6040 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe
21:09:11.0818 6040 bgsvcgen - ok
21:09:11.0857 6040 BITCOMET_HELPER_SERVICE - ok
21:09:11.0934 6040 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:09:11.0960 6040 BITS - ok
21:09:12.0000 6040 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:09:12.0010 6040 blbdrive - ok
21:09:12.0070 6040 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:09:12.0114 6040 Bonjour Service - ok
21:09:12.0164 6040 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
21:09:12.0224 6040 bowser - ok
21:09:12.0288 6040 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:09:12.0290 6040 BrFiltLo - ok
21:09:12.0297 6040 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:09:12.0300 6040 BrFiltUp - ok
21:09:12.0327 6040 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:09:12.0332 6040 Browser - ok
21:09:12.0358 6040 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:09:12.0368 6040 Brserid - ok
21:09:12.0429 6040 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:09:12.0432 6040 BrSerWdm - ok
21:09:12.0450 6040 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:09:12.0455 6040 BrUsbMdm - ok
21:09:12.0467 6040 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:09:12.0473 6040 BrUsbSer - ok
21:09:12.0491 6040 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:09:12.0525 6040 BTHMODEM - ok
21:09:12.0640 6040 catchme - ok
21:09:12.0665 6040 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:12.0668 6040 cdfs - ok
21:09:12.0698 6040 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
21:09:12.0701 6040 cdrbsdrv - ok
21:09:12.0729 6040 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:12.0732 6040 cdrom - ok
21:09:12.0756 6040 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:09:12.0759 6040 CertPropSvc - ok
21:09:12.0786 6040 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:09:12.0789 6040 circlass - ok
21:09:12.0806 6040 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:09:12.0814 6040 CLFS - ok
21:09:12.0871 6040 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:12.0886 6040 clr_optimization_v2.0.50727_32 - ok
21:09:12.0939 6040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:12.0951 6040 clr_optimization_v4.0.30319_32 - ok
21:09:13.0016 6040 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:09:13.0017 6040 cmdide - ok
21:09:13.0024 6040 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
21:09:13.0027 6040 Compbatt - ok
21:09:13.0036 6040 COMSysApp - ok
21:09:13.0049 6040 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:09:13.0051 6040 crcdisk - ok
21:09:13.0070 6040 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:09:13.0072 6040 Crusoe - ok
21:09:13.0108 6040 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:09:13.0112 6040 CryptSvc - ok
21:09:13.0167 6040 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:09:13.0185 6040 DcomLaunch - ok
21:09:13.0202 6040 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
21:09:13.0218 6040 DfsC - ok
21:09:13.0383 6040 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:09:13.0421 6040 DFSR - ok
21:09:13.0570 6040 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:09:13.0580 6040 Dhcp - ok
21:09:13.0669 6040 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:09:13.0672 6040 disk - ok
21:09:13.0752 6040 Dnscache (30a08728740e71947ae1e073b5ce69b4) C:\Windows\System32\dnsrslvr.dll
21:09:13.0755 6040 Dnscache - ok
21:09:13.0826 6040 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:09:13.0844 6040 dot3svc - ok
21:09:13.0876 6040 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:09:13.0888 6040 DPS - ok
21:09:13.0907 6040 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:09:13.0910 6040 drmkaud - ok
21:09:13.0962 6040 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:13.0977 6040 DXGKrnl - ok
21:09:14.0049 6040 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:09:14.0061 6040 E1G60 - ok
21:09:14.0099 6040 eamon (e31464ce787e3a0ffea55baa591897f0) C:\Windows\system32\DRIVERS\eamon.sys
21:09:14.0144 6040 eamon - ok
21:09:14.0215 6040 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:09:14.0219 6040 EapHost - ok
21:09:14.0285 6040 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:09:14.0289 6040 Ecache - ok
21:09:14.0369 6040 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\Windows\system32\DRIVERS\ehdrv.sys
21:09:14.0443 6040 ehdrv - ok
21:09:14.0553 6040 EhttpSrv (5e245b6c66122614000addfcd41cedce) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
21:09:14.0559 6040 EhttpSrv - ok
21:09:14.0627 6040 ekrn (a5f63285c1b6c4b396d9ace0dffc88ef) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
21:09:14.0640 6040 ekrn - ok
21:09:14.0692 6040 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:09:14.0705 6040 elxstor - ok
21:09:14.0815 6040 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:09:14.0826 6040 EMDMgmt - ok
21:09:14.0858 6040 epfwwfpr (9798f4c71df8a86266bb0476205411f9) C:\Windows\system32\DRIVERS\epfwwfpr.sys
21:09:14.0863 6040 epfwwfpr - ok
21:09:14.0875 6040 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:09:14.0906 6040 ErrDev - ok
21:09:15.0008 6040 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:09:15.0016 6040 EventSystem - ok
21:09:15.0050 6040 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:09:15.0119 6040 exfat - ok
21:09:15.0174 6040 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:09:15.0227 6040 fastfat - ok
21:09:15.0268 6040 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:09:15.0298 6040 fdc - ok
21:09:15.0335 6040 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:09:15.0337 6040 fdPHost - ok
21:09:15.0403 6040 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:09:15.0405 6040 FDResPub - ok
21:09:15.0420 6040 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:09:15.0422 6040 FileInfo - ok
21:09:15.0430 6040 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:09:15.0451 6040 Filetrace - ok
21:09:15.0560 6040 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:09:15.0574 6040 FLEXnet Licensing Service - ok
21:09:15.0599 6040 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:15.0601 6040 flpydisk - ok
21:09:15.0663 6040 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:09:15.0667 6040 FltMgr - ok
21:09:15.0746 6040 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
21:09:15.0768 6040 FontCache - ok
21:09:15.0880 6040 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:09:15.0882 6040 FontCache3.0.0.0 - ok
21:09:15.0960 6040 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
21:09:15.0963 6040 fssfltr - ok
21:09:16.0114 6040 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:09:16.0156 6040 fsssvc - ok
21:09:16.0197 6040 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:16.0257 6040 Fs_Rec - ok
21:09:16.0314 6040 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:09:16.0317 6040 gagp30kx - ok
21:09:16.0332 6040 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:16.0335 6040 GEARAspiWDM - ok
21:09:16.0361 6040 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
21:09:16.0392 6040 ggflt - ok
21:09:16.0443 6040 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
21:09:16.0445 6040 ggsemc - ok
21:09:16.0449 6040 GMSIPCI - ok
21:09:16.0516 6040 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:09:16.0534 6040 gpsvc - ok
21:09:16.0674 6040 gupdate1ca15d8f4e6aeed (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:09:16.0686 6040 gupdate1ca15d8f4e6aeed - ok
21:09:16.0693 6040 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
21:09:16.0696 6040 gupdatem - ok
21:09:16.0720 6040 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:09:16.0734 6040 gusvc - ok
21:09:16.0767 6040 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:09:16.0776 6040 HdAudAddService - ok
21:09:16.0871 6040 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:16.0888 6040 HDAudBus - ok
21:09:16.0962 6040 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:09:16.0994 6040 HidBth - ok
21:09:17.0011 6040 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:09:17.0013 6040 HidIr - ok
21:09:17.0040 6040 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:09:17.0046 6040 hidserv - ok
21:09:17.0072 6040 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:17.0075 6040 HidUsb - ok
21:09:17.0140 6040 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:09:17.0147 6040 hkmsvc - ok
21:09:17.0158 6040 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:09:17.0220 6040 HpCISSs - ok
21:09:17.0249 6040 HTTP (abbc72793f1c588b1a7db0cac69a4fe8) C:\Windows\system32\drivers\HTTP.sys
21:09:17.0262 6040 HTTP - ok
21:09:17.0339 6040 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:09:17.0342 6040 i2omp - ok
21:09:17.0355 6040 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:17.0392 6040 i8042prt - ok
21:09:17.0417 6040 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:09:17.0426 6040 iaStorV - ok
21:09:17.0570 6040 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:09:17.0605 6040 idsvc - ok
21:09:17.0630 6040 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:09:17.0632 6040 iirsp - ok
21:09:17.0682 6040 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:09:17.0700 6040 IKEEXT - ok
21:09:17.0776 6040 iLokDrvr (70f8e874262ab5854ffc9d70f8b9b68c) C:\Windows\system32\DRIVERS\iLokDrvr.sys
21:09:17.0778 6040 iLokDrvr - ok
21:09:17.0969 6040 IntcAzAudAddService (da6303bbaed73eec30c3433359e7a311) C:\Windows\system32\drivers\RTKVHDA.sys
21:09:18.0176 6040 IntcAzAudAddService - ok
21:09:18.0264 6040 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:09:18.0298 6040 intelide - ok
21:09:18.0315 6040 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:18.0317 6040 intelppm - ok
21:09:18.0342 6040 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:09:18.0381 6040 IPBusEnum - ok
21:09:18.0413 6040 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:18.0415 6040 IpFilterDriver - ok
21:09:18.0446 6040 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
21:09:18.0456 6040 iphlpsvc - ok
21:09:18.0484 6040 IpInIp - ok
21:09:18.0528 6040 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:09:18.0531 6040 IPMIDRV - ok
21:09:18.0550 6040 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:09:18.0593 6040 IPNAT - ok
21:09:18.0704 6040 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:09:18.0782 6040 iPod Service - ok
21:09:18.0826 6040 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:09:18.0828 6040 IRENUM - ok
21:09:18.0843 6040 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:09:18.0876 6040 isapnp - ok
21:09:18.0954 6040 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:18.0995 6040 iScsiPrt - ok
21:09:19.0007 6040 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:09:19.0070 6040 iteatapi - ok
21:09:19.0136 6040 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:09:19.0139 6040 iteraid - ok
21:09:19.0150 6040 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:19.0153 6040 kbdclass - ok
21:09:19.0180 6040 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:19.0213 6040 kbdhid - ok
21:09:19.0236 6040 KeyIso (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
21:09:19.0241 6040 KeyIso - ok
21:09:19.0348 6040 KSecDD (ea7f1d605518486269f45bd80fa00907) C:\Windows\system32\Drivers\ksecdd.sys
21:09:19.0393 6040 KSecDD - ok
21:09:19.0452 6040 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:09:19.0476 6040 KtmRm - ok
21:09:19.0511 6040 LanmanServer (43446f197c74ef2030f84b3a4f39d570) C:\Windows\System32\srvsvc.dll
21:09:19.0523 6040 LanmanServer - ok
21:09:19.0556 6040 LanmanWorkstation (dec1a338b86c5d582c25c40836dd76c3) C:\Windows\System32\wkssvc.dll
21:09:19.0566 6040 LanmanWorkstation - ok
21:09:19.0639 6040 LightScribeService (4af65f3a2253df7d0b8d80812eae7a7c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:09:19.0644 6040 LightScribeService - ok
21:09:19.0713 6040 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:19.0715 6040 lltdio - ok
21:09:19.0764 6040 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:09:19.0775 6040 lltdsvc - ok
21:09:19.0839 6040 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:09:19.0841 6040 lmhosts - ok
21:09:19.0872 6040 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:09:19.0877 6040 LSI_FC - ok
21:09:19.0891 6040 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:09:19.0914 6040 LSI_SAS - ok
21:09:19.0929 6040 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:09:19.0951 6040 LSI_SCSI - ok
21:09:19.0965 6040 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:09:19.0988 6040 luafv - ok
21:09:20.0047 6040 lxddCATSCustConnectService (deb8a241d5671f7d4188f86e2aeb6960) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
21:09:20.0091 6040 lxddCATSCustConnectService - ok
21:09:20.0124 6040 lxdd_device - ok
21:09:20.0151 6040 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
21:09:20.0156 6040 MBAMProtector - ok
21:09:20.0223 6040 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:09:20.0240 6040 MBAMService - ok
21:09:20.0260 6040 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:09:20.0262 6040 megasas - ok
21:09:20.0293 6040 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:09:20.0314 6040 MegaSR - ok
21:09:20.0374 6040 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:09:20.0389 6040 Microsoft Office Groove Audit Service - ok
21:09:20.0458 6040 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:09:20.0461 6040 MMCSS - ok
21:09:20.0474 6040 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:09:20.0476 6040 Modem - ok
21:09:20.0488 6040 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:09:20.0491 6040 monitor - ok
21:09:20.0506 6040 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:20.0509 6040 mouclass - ok
21:09:20.0517 6040 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:20.0519 6040 mouhid - ok
21:09:20.0531 6040 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:09:20.0575 6040 MountMgr - ok
21:09:20.0634 6040 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:09:20.0647 6040 MozillaMaintenance - ok
21:09:20.0712 6040 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:09:20.0717 6040 mpio - ok
21:09:20.0733 6040 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:09:20.0804 6040 mpsdrv - ok
21:09:20.0868 6040 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:09:20.0881 6040 MpsSvc - ok
21:09:20.0895 6040 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:09:20.0896 6040 Mraid35x - ok
21:09:20.0927 6040 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:09:20.0978 6040 MRxDAV - ok
21:09:20.0990 6040 mrxsmb (317eb668973951bad512ee8bebf9ed25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:21.0020 6040 mrxsmb - ok
21:09:21.0059 6040 mrxsmb10 (05716f0203b5c774a87384a1ff7b968f) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:21.0068 6040 mrxsmb10 - ok
21:09:21.0084 6040 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:21.0108 6040 mrxsmb20 - ok
21:09:21.0122 6040 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:09:21.0142 6040 msahci - ok
21:09:21.0213 6040 MSCamSvc (b018c3e820e7193ddda18c7c0ac3cf95) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:09:21.0225 6040 MSCamSvc - ok
21:09:21.0240 6040 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:09:21.0245 6040 msdsm - ok
21:09:21.0292 6040 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:09:21.0330 6040 MSDTC - ok
21:09:21.0427 6040 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:09:21.0429 6040 Msfs - ok
21:09:21.0456 6040 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
21:09:21.0458 6040 MSHUSBVideo - ok
21:09:21.0471 6040 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:09:21.0474 6040 msisadrv - ok
21:09:21.0509 6040 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:09:21.0547 6040 MSiSCSI - ok
21:09:21.0588 6040 msiserver - ok
21:09:21.0606 6040 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:09:21.0608 6040 MSKSSRV - ok
21:09:21.0614 6040 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:21.0617 6040 MSPCLOCK - ok
21:09:21.0629 6040 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:09:21.0631 6040 MSPQM - ok
21:09:21.0718 6040 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:09:21.0728 6040 MsRPC - ok
21:09:21.0744 6040 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:21.0747 6040 mssmbios - ok
21:09:21.0760 6040 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:09:21.0762 6040 MSTEE - ok
21:09:21.0776 6040 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:09:21.0811 6040 Mup - ok
21:09:21.0853 6040 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:09:21.0869 6040 napagent - ok
21:09:21.0915 6040 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:09:21.0927 6040 NativeWifiP - ok
21:09:22.0033 6040 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files\Nero\Update\NASvc.exe
21:09:22.0051 6040 NAUpdate - ok
21:09:22.0077 6040 NBVol (e240f3204e86b7b6ccf266b2a2ad32b4) C:\Windows\system32\DRIVERS\NBVol.sys
21:09:22.0079 6040 NBVol - ok
21:09:22.0099 6040 NBVolUp (c0cf3cccce3c75f7280c89029ab47866) C:\Windows\system32\DRIVERS\NBVolUp.sys
21:09:22.0105 6040 NBVolUp - ok
21:09:22.0162 6040 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:09:22.0180 6040 NDIS - ok
21:09:22.0203 6040 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:22.0207 6040 NdisTapi - ok
21:09:22.0222 6040 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:22.0254 6040 Ndisuio - ok
21:09:22.0285 6040 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:22.0297 6040 NdisWan - ok
21:09:22.0311 6040 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:09:22.0374 6040 NDProxy - ok
21:09:22.0516 6040 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
21:09:22.0551 6040 Nero BackItUp Scheduler 3 - ok
21:09:22.0564 6040 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:09:22.0597 6040 NetBIOS - ok
21:09:22.0681 6040 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:09:22.0692 6040 netbt - ok
21:09:22.0720 6040 Netlogon (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
21:09:22.0723 6040 Netlogon - ok
21:09:22.0745 6040 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:09:22.0762 6040 Netman - ok
21:09:22.0787 6040 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:09:22.0804 6040 netprofm - ok
21:09:22.0857 6040 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:22.0871 6040 NetTcpPortSharing - ok
21:09:22.0942 6040 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:09:22.0945 6040 nfrd960 - ok
21:09:22.0970 6040 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:09:22.0981 6040 NlaSvc - ok
21:09:23.0134 6040 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:09:23.0163 6040 NMIndexingService - ok
21:09:23.0192 6040 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
21:09:23.0238 6040 NPF - ok
21:09:23.0291 6040 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:09:23.0325 6040 Npfs - ok
21:09:23.0358 6040 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:09:23.0363 6040 nsi - ok
21:09:23.0381 6040 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:09:23.0442 6040 nsiproxy - ok
21:09:23.0548 6040 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:09:23.0674 6040 Ntfs - ok
21:09:23.0691 6040 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:09:23.0723 6040 ntrigdigi - ok
21:09:23.0735 6040 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:09:23.0738 6040 Null - ok
21:09:23.0820 6040 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:09:23.0856 6040 NVENETFD - ok
21:09:24.0248 6040 nvlddmkm (170d59b88f7c124204ca4e5f22c80480) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:24.0436 6040 nvlddmkm - ok
21:09:24.0558 6040 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:09:24.0631 6040 nvraid - ok
21:09:24.0653 6040 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
21:09:24.0656 6040 nvsmu - ok
21:09:24.0674 6040 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:09:24.0676 6040 nvstor - ok
21:09:24.0690 6040 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:09:24.0702 6040 nv_agp - ok
21:09:24.0707 6040 NwlnkFlt - ok
21:09:24.0715 6040 NwlnkFwd - ok
21:09:24.0813 6040 odserv (e54aa592a65f317390eee386a8821692) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:09:24.0857 6040 odserv - ok
21:09:24.0910 6040 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:09:24.0912 6040 ohci1394 - ok
21:09:24.0938 6040 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:24.0951 6040 ose - ok
21:09:25.0005 6040 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:09:25.0018 6040 p2pimsvc - ok
21:09:25.0054 6040 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:09:25.0061 6040 p2psvc - ok
21:09:25.0098 6040 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:09:25.0101 6040 Parport - ok
21:09:25.0118 6040 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:09:25.0120 6040 partmgr - ok
21:09:25.0131 6040 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:09:25.0133 6040 Parvdm - ok
21:09:25.0154 6040 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:09:25.0161 6040 PcaSvc - ok
21:09:25.0200 6040 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:09:25.0212 6040 pci - ok
21:09:25.0226 6040 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:09:25.0247 6040 pciide - ok
21:09:25.0270 6040 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:09:25.0275 6040 pcmcia - ok
21:09:25.0337 6040 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:09:25.0362 6040 PEAUTH - ok
21:09:25.0412 6040 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\Windows\system32\drivers\pfc.sys
21:09:25.0437 6040 pfc - ok
21:09:25.0578 6040 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:09:25.0617 6040 pla - ok
21:09:25.0700 6040 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
21:09:25.0710 6040 PLFlash DeviceIoControl Service - ok
21:09:25.0753 6040 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:09:25.0761 6040 PlugPlay - ok
21:09:25.0865 6040 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:09:25.0876 6040 PNRPAutoReg - ok
21:09:25.0888 6040 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:09:25.0898 6040 PNRPsvc - ok
21:09:25.0988 6040 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:09:26.0002 6040 PolicyAgent - ok
21:09:26.0051 6040 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:09:26.0117 6040 PptpMiniport - ok
21:09:26.0154 6040 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:09:26.0187 6040 Processor - ok
21:09:26.0224 6040 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:09:26.0238 6040 ProfSvc - ok
21:09:26.0261 6040 ProtectedStorage (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
21:09:26.0264 6040 ProtectedStorage - ok
21:09:26.0302 6040 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:09:26.0304 6040 PSched - ok
21:09:26.0396 6040 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:09:26.0461 6040 ql2300 - ok
21:09:26.0479 6040 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:09:26.0523 6040 ql40xx - ok
21:09:26.0559 6040 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:09:26.0577 6040 QWAVE - ok
21:09:26.0593 6040 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:09:26.0596 6040 QWAVEdrv - ok
21:09:26.0682 6040 RapportCerberus_32029 (9919c63e9150af648c42d28b5d72a32f) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
21:09:26.0752 6040 RapportCerberus_32029 - ok
21:09:26.0845 6040 RapportEI (9dd8f690701f6c591d71c5169d8e26b5) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
21:09:26.0848 6040 RapportEI - ok
21:09:26.0863 6040 RapportKELL (96cb50f2774a2bc3224e06f71882fe3c) C:\Windows\system32\Drivers\RapportKELL.sys
21:09:26.0866 6040 RapportKELL - ok
21:09:26.0936 6040 RapportMgmtService (7df2ca6b87835bc00b05f0219422aace) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
21:09:26.0968 6040 RapportMgmtService - ok
21:09:27.0001 6040 RapportPG (df35d6916fa4355e5f5f56b0d47babfb) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
21:09:27.0012 6040 RapportPG - ok
21:09:27.0038 6040 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:09:27.0041 6040 RasAcd - ok
21:09:27.0123 6040 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:09:27.0135 6040 RasAuto - ok
21:09:27.0200 6040 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:27.0206 6040 Rasl2tp - ok
21:09:27.0248 6040 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:09:27.0264 6040 RasMan - ok
21:09:27.0335 6040 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:27.0339 6040 RasPppoe - ok
21:09:27.0359 6040 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:09:27.0362 6040 RasSstp - ok
21:09:27.0400 6040 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:09:27.0412 6040 rdbss - ok
21:09:27.0427 6040 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:27.0429 6040 RDPCDD - ok
21:09:27.0512 6040 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:09:27.0520 6040 rdpdr - ok
21:09:27.0527 6040 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:09:27.0530 6040 RDPENCDD - ok
21:09:27.0569 6040 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:09:27.0637 6040 RDPWD - ok
21:09:27.0694 6040 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:09:27.0700 6040 RemoteAccess - ok
21:09:27.0779 6040 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:09:27.0794 6040 RemoteRegistry - ok
21:09:27.0881 6040 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
21:09:27.0898 6040 rpcapd - ok
21:09:27.0922 6040 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:09:27.0954 6040 RpcLocator - ok
21:09:28.0028 6040 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:09:28.0038 6040 RpcSs - ok
21:09:28.0108 6040 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:28.0111 6040 rspndr - ok
21:09:28.0136 6040 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:09:28.0169 6040 RTL8023xp - ok
21:09:28.0201 6040 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
21:09:28.0206 6040 s0016bus - ok
21:09:28.0230 6040 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:09:28.0232 6040 s0016mdfl - ok
21:09:28.0305 6040 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
21:09:28.0317 6040 s0016mdm - ok
21:09:28.0352 6040 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:09:28.0365 6040 s0016mgmt - ok
21:09:28.0397 6040 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
21:09:28.0400 6040 s0016nd5 - ok
21:09:28.0428 6040 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
21:09:28.0471 6040 s0016obex - ok
21:09:28.0509 6040 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
21:09:28.0552 6040 s0016unic - ok
21:09:28.0582 6040 s1039bus (d0eedc88876b20d42157cdcca3e647f3) C:\Windows\system32\DRIVERS\s1039bus.sys
21:09:28.0595 6040 s1039bus - ok
21:09:28.0613 6040 s1039mdfl (7b35091a7bb597c86262c589b0b57d06) C:\Windows\system32\DRIVERS\s1039mdfl.sys
21:09:28.0645 6040 s1039mdfl - ok
21:09:28.0713 6040 s1039mdm (4cb1ab13c9813cbf3e4c6406f8043ec2) C:\Windows\system32\DRIVERS\s1039mdm.sys
21:09:28.0725 6040 s1039mdm - ok
21:09:28.0749 6040 s1039mgmt (2649ca09585a7531126dcc116ad1f88c) C:\Windows\system32\DRIVERS\s1039mgmt.sys
21:09:28.0789 6040 s1039mgmt - ok
21:09:28.0808 6040 s1039nd5 (6d3f549efd6daedd7d12f3de2175053f) C:\Windows\system32\DRIVERS\s1039nd5.sys
21:09:28.0866 6040 s1039nd5 - ok
21:09:28.0878 6040 s1039obex (305e3e3aca0037af2e2c1b50a383c91b) C:\Windows\system32\DRIVERS\s1039obex.sys
21:09:28.0882 6040 s1039obex - ok
21:09:28.0919 6040 s1039unic (7dd02a58277c84c043442561589914f4) C:\Windows\system32\DRIVERS\s1039unic.sys
21:09:28.0938 6040 s1039unic - ok
21:09:29.0011 6040 SamSs (dcf733788c7d088d814e5f80eb4b3e0f) C:\Windows\system32\lsass.exe
21:09:29.0014 6040 SamSs - ok
21:09:29.0034 6040 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:09:29.0040 6040 sbp2port - ok
21:09:29.0073 6040 SBRE (4019149e4e296072831c8855605d9fdc) C:\Windows\system32\drivers\SBREdrv.sys
21:09:29.0091 6040 SBRE - ok
21:09:29.0123 6040 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:09:29.0137 6040 SCardSvr - ok
21:09:29.0210 6040 SCDEmu (c23dbd9bfba8b1170706e0896b3cf7da) C:\Windows\system32\drivers\SCDEmu.sys
21:09:29.0245 6040 SCDEmu - ok
21:09:29.0300 6040 Schedule (323ae0bdfd2eb15b668dda50cc597329) C:\Windows\system32\schedsvc.dll
21:09:29.0333 6040 Schedule - ok
21:09:29.0372 6040 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:09:29.0374 6040 SCPolicySvc - ok
21:09:29.0406 6040 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:09:29.0420 6040 SDRSVC - ok
21:09:29.0504 6040 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:09:29.0549 6040 SeaPort - ok
21:09:29.0597 6040 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:09:29.0599 6040 secdrv - ok
21:09:29.0608 6040 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:09:29.0614 6040 seclogon - ok
21:09:29.0673 6040 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:09:29.0680 6040 SENS - ok
21:09:29.0704 6040 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:09:29.0707 6040 Serenum - ok
21:09:29.0727 6040 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:09:29.0732 6040 Serial - ok
21:09:29.0743 6040 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:09:29.0746 6040 sermouse - ok
21:09:29.0827 6040 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:09:29.0842 6040 SessionEnv - ok
21:09:29.0858 6040 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:09:29.0890 6040 sffdisk - ok
21:09:29.0903 6040 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:09:29.0907 6040 sffp_mmc - ok
21:09:29.0913 6040 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:09:29.0947 6040 sffp_sd - ok
21:09:29.0980 6040 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:09:30.0014 6040 sfloppy - ok
21:09:30.0095 6040 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:09:30.0110 6040 SharedAccess - ok
21:09:30.0200 6040 ShellHWDetection (c818c44c201898399bf999bb6b35d4e3) C:\Windows\System32\shsvcs.dll
21:09:30.0214 6040 ShellHWDetection - ok
21:09:30.0287 6040 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:09:30.0294 6040 sisagp - ok
21:09:30.0317 6040 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:09:30.0320 6040 SiSRaid2 - ok
21:09:30.0336 6040 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:09:30.0351 6040 SiSRaid4 - ok
21:09:30.0420 6040 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:09:30.0431 6040 SkypeUpdate - ok
21:09:30.0630 6040 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:09:30.0701 6040 slsvc - ok
21:09:30.0860 6040 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:09:30.0874 6040 SLUINotify - ok
21:09:30.0913 6040 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:09:30.0976 6040 Smb - ok
21:09:31.0042 6040 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:09:31.0048 6040 SNMPTRAP - ok
21:09:31.0134 6040 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:09:31.0149 6040 Sony Ericsson PCCompanion - ok
21:09:31.0176 6040 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:09:31.0179 6040 spldr - ok
21:09:31.0218 6040 Spooler (524bfbea40e6e404737ccbc754647a2e) C:\Windows\System32\spoolsv.exe
21:09:31.0230 6040 Spooler - ok
21:09:31.0319 6040 srv (baa6018a27857b5ff0c03ce756b4a7a2) C:\Windows\system32\DRIVERS\srv.sys
21:09:31.0374 6040 srv - ok
21:09:31.0394 6040 srv2 (d69b44e3b000c2ff583f10c65489b4fb) C:\Windows\system32\DRIVERS\srv2.sys
21:09:31.0405 6040 srv2 - ok
21:09:31.0435 6040 srvnet (2d10de9022822772adaa120b15a9bd03) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:31.0453 6040 srvnet - ok
21:09:31.0495 6040 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:09:31.0506 6040 SSDPSRV - ok
21:09:31.0518 6040 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:09:31.0530 6040 SstpSvc - ok
21:09:31.0608 6040 Steam Client Service - ok
21:09:31.0649 6040 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:09:31.0660 6040 stisvc - ok
21:09:31.0694 6040 StMp3Rec (833ac40f6e7be17951d6d9a956829547) C:\Windows\system32\Drivers\StMp3Rec.sys
21:09:31.0708 6040 StMp3Rec - ok
21:09:31.0739 6040 SuperMounter - ok
21:09:31.0787 6040 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:09:31.0790 6040 swenum - ok
21:09:31.0917 6040 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:09:31.0966 6040 SwitchBoard - ok
21:09:32.0023 6040 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:09:32.0037 6040 swprv - ok
21:09:32.0053 6040 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:09:32.0055 6040 Symc8xx - ok
21:09:32.0069 6040 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:09:32.0070 6040 Sym_hi - ok
21:09:32.0135 6040 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:09:32.0137 6040 Sym_u3 - ok
21:09:32.0173 6040 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:09:32.0218 6040 SysMain - ok
21:09:32.0262 6040 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:09:32.0268 6040 TabletInputService - ok
21:09:32.0344 6040 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:09:32.0360 6040 TapiSrv - ok
21:09:32.0427 6040 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:09:32.0442 6040 TBS - ok
21:09:32.0501 6040 Tcpip (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\drivers\tcpip.sys
21:09:32.0634 6040 Tcpip - ok
21:09:32.0653 6040 Tcpip6 (0e6b0885c3d5e4643ed2d043de3433d8) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:32.0665 6040 Tcpip6 - ok
21:09:32.0696 6040 tcpipreg (b085a1c98f96ba7882a27b001becf5ac) C:\Windows\system32\drivers\tcpipreg.sys
21:09:32.0730 6040 tcpipreg - ok
21:09:32.0804 6040 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:09:32.0837 6040 TDPIPE - ok
21:09:32.0854 6040 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:09:32.0858 6040 TDTCP - ok
21:09:32.0892 6040 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:09:32.0896 6040 tdx - ok
21:09:32.0927 6040 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:09:32.0929 6040 TermDD - ok
21:09:32.0965 6040 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:09:32.0980 6040 TermService - ok
21:09:33.0065 6040 Themes (c818c44c201898399bf999bb6b35d4e3) C:\Windows\system32\shsvcs.dll
21:09:33.0071 6040 Themes - ok
21:09:33.0107 6040 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:09:33.0110 6040 THREADORDER - ok
21:09:33.0189 6040 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:09:33.0202 6040 TrkWks - ok
21:09:33.0295 6040 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:09:33.0297 6040 TrustedInstaller - ok
21:09:33.0338 6040 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:33.0343 6040 tssecsrv - ok
21:09:33.0361 6040 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:09:33.0363 6040 tunmp - ok
21:09:33.0386 6040 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:33.0415 6040 tunnel - ok
21:09:33.0471 6040 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:09:33.0473 6040 uagp35 - ok
21:09:33.0508 6040 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:09:33.0517 6040 udfs - ok
21:09:33.0555 6040 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:09:33.0589 6040 UI0Detect - ok
21:09:33.0632 6040 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:09:33.0634 6040 uliagpkx - ok
21:09:33.0656 6040 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:09:33.0665 6040 uliahci - ok
21:09:33.0679 6040 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:09:33.0683 6040 UlSata - ok
21:09:33.0704 6040 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:09:33.0717 6040 ulsata2 - ok
21:09:33.0741 6040 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:09:33.0743 6040 umbus - ok
21:09:33.0818 6040 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:09:33.0834 6040 upnphost - ok
21:09:33.0868 6040 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:09:33.0870 6040 USBAAPL - ok
21:09:33.0904 6040 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:09:33.0908 6040 usbaudio - ok
21:09:33.0940 6040 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:33.0943 6040 usbccgp - ok
21:09:33.0962 6040 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:09:33.0965 6040 usbcir - ok
21:09:34.0028 6040 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:09:34.0049 6040 usbehci - ok
21:09:34.0071 6040 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:34.0081 6040 usbhub - ok
21:09:34.0147 6040 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:09:34.0171 6040 usbohci - ok
21:09:34.0195 6040 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:34.0219 6040 usbprint - ok
21:09:34.0243 6040 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:09:34.0245 6040 usbscan - ok
21:09:34.0273 6040 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:34.0274 6040 USBSTOR - ok
21:09:34.0296 6040 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:34.0298 6040 usbuhci - ok
21:09:34.0324 6040 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:09:34.0336 6040 usbvideo - ok
21:09:34.0366 6040 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:09:34.0370 6040 UxSms - ok
21:09:34.0404 6040 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:09:34.0418 6040 vds - ok
21:09:34.0435 6040 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:34.0437 6040 vga - ok
21:09:34.0452 6040 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:09:34.0454 6040 VgaSave - ok
21:09:34.0471 6040 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:09:34.0474 6040 viaagp - ok
21:09:34.0490 6040 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:09:34.0492 6040 ViaC7 - ok
21:09:34.0504 6040 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:09:34.0507 6040 viaide - ok
21:09:34.0522 6040 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:09:34.0524 6040 volmgr - ok
21:09:34.0566 6040 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:09:34.0572 6040 volmgrx - ok
21:09:34.0650 6040 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:09:34.0655 6040 volsnap - ok
21:09:34.0674 6040 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:09:34.0740 6040 vsmraid - ok
21:09:34.0844 6040 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:09:34.0871 6040 VSS - ok
21:09:34.0954 6040 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:09:34.0972 6040 W32Time - ok
21:09:35.0065 6040 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:09:35.0067 6040 WacomPen - ok
21:09:35.0087 6040 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:35.0137 6040 Wanarp - ok
21:09:35.0167 6040 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:35.0169 6040 Wanarpv6 - ok
21:09:35.0229 6040 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:09:35.0253 6040 wcncsvc - ok
21:09:35.0274 6040 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:09:35.0280 6040 WcsPlugInService - ok
21:09:35.0305 6040 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:09:35.0308 6040 Wd - ok
21:09:35.0347 6040 Wdf01000 (6ed4faa0734a392d0fa7d78502a68db8) C:\Windows\system32\drivers\Wdf01000.sys
21:09:35.0423 6040 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 6ed4faa0734a392d0fa7d78502a68db8, Fake md5: b6f0a7ad6d4bd325fbcd8bac96cd8d96
21:09:35.0426 6040 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
21:09:35.0426 6040 Wdf01000 - detected Virus.Win32.Rloader.a (0)
21:09:35.0444 6040 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:09:35.0487 6040 WdiServiceHost - ok
21:09:35.0519 6040 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:09:35.0525 6040 WdiSystemHost - ok
21:09:35.0611 6040 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:09:35.0621 6040 WebClient - ok
21:09:35.0651 6040 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll
21:09:35.0663 6040 Wecsvc - ok
21:09:35.0729 6040 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:09:35.0744 6040 wercplsupport - ok
21:09:35.0778 6040 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:09:35.0790 6040 WerSvc - ok
21:09:35.0852 6040 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:09:35.0864 6040 WinDefend - ok
21:09:35.0875 6040 WinHttpAutoProxySvc - ok
21:09:35.0976 6040 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:09:35.0986 6040 Winmgmt - ok
21:09:36.0044 6040 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll
21:09:36.0075 6040 WinRM - ok
21:09:36.0185 6040 Wlansvc (766fdcf7e9aed0d0bef8a36c27d0ef91) C:\Windows\System32\wlansvc.dll
21:09:36.0202 6040 Wlansvc - ok
21:09:36.0290 6040 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:09:36.0293 6040 WmiAcpi - ok
21:09:36.0420 6040 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:09:36.0466 6040 wmiApSrv - ok
21:09:36.0589 6040 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:09:36.0623 6040 WMPNetworkSvc - ok
21:09:36.0663 6040 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:09:36.0675 6040 WPCSvc - ok
21:09:36.0746 6040 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
21:09:36.0760 6040 WPDBusEnum - ok
21:09:36.0807 6040 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:09:36.0842 6040 WpdUsb - ok
21:09:36.0966 6040 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:09:36.0991 6040 WPFFontCache_v0400 - ok
21:09:37.0060 6040 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:37.0094 6040 ws2ifsl - ok
21:09:37.0124 6040 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:09:37.0140 6040 wscsvc - ok
21:09:37.0147 6040 WSearch - ok
21:09:37.0320 6040 wuauserv (84a03bfe004b06e93408618976dc9c14) C:\Windows\system32\wuaueng.dll
21:09:37.0368 6040 wuauserv - ok
21:09:37.0472 6040 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:37.0480 6040 WUDFRd - ok
21:09:37.0503 6040 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:09:37.0518 6040 wudfsvc - ok
21:09:37.0605 6040 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:09:37.0816 6040 \Device\Harddisk0\DR0 - ok
21:09:37.0821 6040 Boot (0x1200) (efec10ccf4cb2be97fe79a24c19b5057) \Device\Harddisk0\DR0\Partition0
21:09:37.0823 6040 \Device\Harddisk0\DR0\Partition0 - ok
21:09:37.0825 6040 ============================================================
21:09:37.0826 6040 Scan finished
21:09:37.0826 6040 ============================================================
21:09:37.0847 2296 Detected object count: 1
21:09:37.0847 2296 Actual detected object count: 1
21:09:50.0143 2296 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
21:10:10.0207 2296 Backup copy not found, trying to cure infected file..
21:10:10.0213 2296 Cure success, using it..
21:10:10.0518 2296 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
21:10:10.0518 2296 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
21:10:28.0944 3804 Deinitialize success

Edited by Hbosses, 22 May 2012 - 11:04 AM.

  • 0

#19
Hbosses
Posted 22 May 2012 - 11:05 AM

Hbosses

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I highlighted the infected file for you
  • 0

#20
ali.B
Posted 25 May 2012 - 09:16 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#21
Hbosses
Posted 04 June 2012 - 08:30 AM

Hbosses

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Its here if you still want it.

OTL logfile created on: 04/06/2012 14:32:51 - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\HSBC-05\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 52.33% Memory free
4.11 Gb Paging File | 2.99 Gb Available in Paging File | 72.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 56.72 Gb Free Space | 19.03% Space Free | Partition Type: NTFS

Computer Name: HSBC-05-PC | User Name: HSBC-05 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 22:36:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\HSBC-05\Downloads\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/06/11 20:27:23 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/04/30 09:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/18 14:15:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/11/18 14:12:58 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/11/18 14:12:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/11/18 14:12:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/11/18 14:12:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/11/18 14:11:52 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/11/18 14:11:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/05 16:32:36 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/06/11 20:27:23 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:15 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:21 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:25 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:51 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 08:16:47 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 17:10:05 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/29 11:06:32 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/05 14:00:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/14 00:19:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/25 10:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 10:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (SuperMounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/05/31 03:52:39 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010/04/25 13:50:46 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/15 11:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010/03/15 11:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010/03/15 11:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010/03/15 11:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010/03/15 11:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010/03/15 11:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010/03/15 11:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010/03/01 20:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/12/02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/15 21:30:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/10/15 21:30:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/14 15:49:34 | 000,093,312 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/10/04 10:14:00 | 007,625,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/15 15:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006/11/02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F2E04335-8180-4232-A501-BC6DFCCA78B3}: "URL" = http://search.condui...&ctid=CT2418376

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {AA9B9DFA-1AAA-4E89-B7D7-ECC40A6521CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B95D70D-0B2E-4AC6-8636-7E71F7851810}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AA9B9DFA-1AAA-4E89-B7D7-ECC40A6521CE}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{BDAF4D72-83DF-44FF-B8D4-8915CFF88265}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1462
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}:1.9.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/25 13:02:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/25 13:02:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/08/12 16:08:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}: C:\Users\HSBC-05\AppData\Local\{5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}\ [2011/08/24 00:22:18 | 000,000,000 | ---D | M]

[2009/02/08 19:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Extensions
[2012/05/04 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions
[2011/12/22 13:16:58 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/09/13 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/08/08 23:54:27 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\[email protected]
[2010/11/23 13:02:06 | 000,000,919 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\searchplugins\conduit.xml
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\searchplugins\startsear.xml
[2012/01/11 00:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/12 16:15:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 14:00:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/17 22:09:10 | 000,045,056 | ---- | M] (Info Technology Supply Ltd) -- C:\Program Files\mozilla firefox\plugins\nppstart.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/05/05 14:00:49 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/15 23:25:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/05 14:00:49 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/05 14:00:49 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/05 14:00:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/05 14:00:49 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/19 13:14:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A55E92B-3446-45B5-8525-30971FEB2DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 14:32:08 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\Text folders
[2012/05/25 13:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 21:09:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/21 21:04:44 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\Desktop\tdsskiller
[2012/05/19 13:19:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/19 13:14:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/19 12:52:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/19 12:52:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/19 12:52:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/19 12:52:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/19 12:52:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/19 12:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/19 12:49:41 | 004,498,946 | R--- | C] (Swearware) -- C:\Users\HSBC-05\Desktop\ComboFix.exe
[2012/05/19 12:35:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/18 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/05/18 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Autodesk
[2012/05/18 22:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/05/17 21:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/16 18:14:00 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Jtypkl
[2012/05/12 16:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/12 16:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/11 00:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2012/05/11 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IK Multimedia
[2012/05/11 00:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Extreme Sample Converter 3
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/04 13:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/04 13:17:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 13:17:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 12:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/04 11:17:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/04 11:17:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/03 23:14:56 | 000,214,016 | ---- | M] () -- C:\Users\HSBC-05\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/03 20:36:59 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 20:36:59 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/30 19:36:05 | 000,028,614 | ---- | M] () -- C:\ProgramData\lxdd
[2012/05/23 20:58:21 | 001,946,062 | ---- | M] () -- C:\Users\HSBC-05\Tite.mp3
[2012/05/20 19:35:17 | 000,007,944 | ---- | M] () -- C:\Users\HSBC-05\AppData\Local\d3d9caps.dat
[2012/05/19 13:14:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/19 12:50:22 | 004,498,946 | R--- | M] (Swearware) -- C:\Users\HSBC-05\Desktop\ComboFix.exe
[2012/05/18 22:19:10 | 000,001,976 | ---- | M] () -- C:\Users\HSBC-05\Desktop\Autodesk 123D Catch.lnk
[2012/05/12 16:13:18 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/12 00:12:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/19 12:52:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/19 12:52:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/19 12:52:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/19 12:52:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/19 12:52:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/18 22:19:10 | 000,001,976 | ---- | C] () -- C:\Users\HSBC-05\Desktop\Autodesk 123D Catch.lnk
[2012/05/12 16:13:18 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/05/02 01:12:40 | 000,001,116 | ---- | C] () -- C:\Users\HSBC-05\AppData\Roaming\DVDSubEdit.ini
[2012/02/21 01:37:22 | 000,000,132 | ---- | C] () -- C:\Users\HSBC-05\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/18 13:39:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/18 13:37:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/11 22:45:36 | 000,000,335 | ---- | C] () -- C:\Windows\setting.ini
[2011/10/06 01:14:57 | 000,000,080 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\X-Plane Installer.prf

========== LOP Check ==========

[2011/08/26 15:08:22 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\3FD3B5BBFB9EFAE8D3B3F62F8C26F3F5
[2010/09/29 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Amazon
[2012/05/18 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Autodesk
[2011/08/22 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Avbelo
[2012/06/04 02:33:28 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\BitComet
[2009/09/04 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\com.adobe.ExMan
[2011/09/07 23:07:52 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/17 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ecmu
[2011/08/04 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Egheor
[2009/03/10 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ESET
[2011/08/26 13:15:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ewgale
[2010/07/26 21:33:57 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Football Superstars
[2011/04/24 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\fz1gxedr2bthxaupsepiqaqzooajnua2
[2009/04/06 22:17:57 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\GeoVid
[2009/06/18 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\GetRightToGo
[2011/08/07 16:04:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\go
[2010/10/20 13:15:48 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ImTOO
[2010/10/02 13:17:54 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ImTOO Software Studio
[2011/08/04 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ivdye
[2012/05/16 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Jtypkl
[2009/02/07 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Lexmark Productivity Studio
[2009/04/05 13:16:51 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\MOVAVI
[2009/06/20 22:55:48 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\MPEG Streamclip
[2010/08/18 00:18:30 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Nanex
[2010/09/13 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\PACE Anti-Piracy
[2009/06/11 15:48:14 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Panasonic
[2011/07/17 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Paypcu
[2011/10/09 14:01:12 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\pokerth
[2011/01/16 14:55:35 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Replay Media Catcher 4
[2011/08/24 01:18:34 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Siev
[2011/09/07 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sony
[2009/10/15 21:27:11 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sony Setup
[2011/11/02 03:03:21 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sports Interactive
[2011/07/02 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\StreamTorrent
[2011/09/10 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Thinstall
[2011/02/10 19:25:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Trusteer
[2009/03/10 18:27:51 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\www.pro-evo.xooit.fr
[2011/09/27 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Xi
[2011/05/09 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Xilisoft
[2012/06/04 03:49:05 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\HSBC-05\GD.avi:TOC.WMV

< End of report >
  • 0

#22
ali.B
Posted 05 June 2012 - 11:04 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2011/04/24 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\fz1gxedr2bthxaupsepiqaqzooajnua2

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#23
Hbosses
Posted 05 June 2012 - 01:28 PM

Hbosses

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here it is;

All processes killed
========== OTL ==========
C:\Users\HSBC-05\AppData\Roaming\fz1gxedr2bthxaupsepiqaqzooajnua2 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: HSBC-05
->Temp folder emptied: 1559794043 bytes
->Temporary Internet Files folder emptied: 328074 bytes
->Java cache emptied: 9732 bytes
->FireFox cache emptied: 49585250 bytes
->Flash cache emptied: 470 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 972409527 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,463.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 06052012_201526

Files\Folders moved on Reboot...
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9094.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF909D.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF90C2.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF90CB.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF90F8.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9101.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9126.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF912F.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF915B.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9164.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9189.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9192.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF91BE.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF91D0.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF91F5.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF91FE.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF922A.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9233.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9257.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9260.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF9284.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF928D.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF92B9.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF92C2.tmp not found!
File\Folder C:\Users\HSBC-05\AppData\Local\Temp\~DF92E6.tmp not found!

Registry entries deleted on Reboot...
  • 0

#24
ali.B
Posted 08 June 2012 - 12:00 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    Posted Image

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes


Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.


  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Click Here to learn how to keep a backup of your important files

  • FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Stay safe :wave:
  • 1

#25
Hbosses
Posted 11 June 2012 - 05:58 PM

Hbosses

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay thanks very much, I appreciate you taking your time out to help me

:thumbsup:



Hbosses.
  • 0

Advertisements

#26
ali.B
Posted 14 June 2012 - 01:32 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP