Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-occurring TROJ_GEN.R49C7EB pop up on Trendmicro


  • This topic is locked This topic is locked
8 replies to this topic

#1 123user123

123user123

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 14 May 2012 - 01:43 AM

Hello, I get a re-occuring "problem solved" pop ups from Trend Micro Titanimum Maximum Security 2012 for the TROJ_GEN.R49C7EB and TROJ_GEN.RC1CCED occuring in C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\80000000.@ and C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\800000cb.@. I also have had a number of web threats removed. It says I have had 216 viruses stopped and 749 web threats removed! I had previously posted on another forum in which I which under there direction I got a HiJackThis log and a aswmbr log. And was also told to run combofix which was but it was unable to run, it only got upto the green extracting stage then it suddenly stopped.

I've added a HijackThis log and an aswmbr log. I've also added a .csv log from Trend Micro. tdds kiler also comes up clean, log attached



Any help would be greatly appreciated! Thanks!

-----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:38:40 PM, on 14/05/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Samuel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] "TMAS_OEMon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {5BCC24A7-7D3F-4CC9-AC86-4380FCD68D1E} (PCInfoOcxEN Control) - http://esupport.trendmicro.com/_layouts/1033/GetPCInfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245397278820
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F2FD65-4CA1-4E1E-BE81-A2D0A7C4D9CC} (GetInfo Class) - https://esupport.trendmicro.com/_layouts/1033/GetVBInfo.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 11160 bytes


-----------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-14 16:38:59
-----------------------------
16:38:59.687 OS Version: Windows 5.1.2600 Service Pack 2
16:38:59.687 Number of processors: 2 586 0x170A
16:38:59.687 ComputerName: OWNER-4CD07F57C UserName: Samuel
16:39:00.671 Initialize success
16:39:04.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
16:39:04.046 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01118 Size: 476938MB BusType: 3
16:39:04.046 Disk 0 MBR read successfully
16:39:04.062 Disk 0 MBR scan
16:39:04.062 Disk 0 Windows XP default MBR code
16:39:04.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
16:39:04.062 Disk 0 scanning sectors +976768065
16:39:04.125 Disk 0 scanning C:\WINDOWS\system32\drivers
16:39:08.718 Service scanning
16:39:16.250 Modules scanning
16:39:18.828 Disk 0 trace - called modules:
16:39:18.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:39:18.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0abab8]
16:39:18.843 3 CLASSPNP.SYS[b80e905b] -> nt!IofCallDriver -> \Device\00000069[0x8b093f18]
16:39:18.843 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x8b106d98]
16:39:18.843 Scan finished successfully
16:39:24.187 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Samuel\Desktop\MBR.dat"
16:39:24.187 The log file has been saved successfully to "C:\Documents and Settings\Samuel\Desktop\aswMBR.txt"
-----------------------------

17:01:36.0671 5392 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:01:37.0781 5392 ============================================================
17:01:37.0781 5392 Current date / time: 2012/05/14 17:01:37.0781
17:01:37.0781 5392 SystemInfo:
17:01:37.0781 5392
17:01:37.0781 5392 OS Version: 5.1.2600 ServicePack: 2.0
17:01:37.0781 5392 Product type: Workstation
17:01:37.0781 5392 ComputerName: OWNER-4CD07F57C
17:01:37.0781 5392 UserName: Samuel
17:01:37.0781 5392 Windows directory: C:\WINDOWS
17:01:37.0781 5392 System windows directory: C:\WINDOWS
17:01:37.0781 5392 Processor architecture: Intel x86
17:01:37.0781 5392 Number of processors: 2
17:01:37.0781 5392 Page size: 0x1000
17:01:37.0781 5392 Boot type: Normal boot
17:01:37.0781 5392 ============================================================
17:01:39.0562 5392 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:01:39.0609 5392 Drive \Device\Harddisk2\DR4 - Size: 0x78600000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:01:39.0609 5392 ============================================================
17:01:39.0609 5392 \Device\Harddisk0\DR0:
17:01:39.0609 5392 MBR partitions:
17:01:39.0609 5392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
17:01:39.0609 5392 \Device\Harddisk2\DR4:
17:01:39.0609 5392 MBR partitions:
17:01:39.0609 5392 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x3C1000
17:01:39.0609 5392 ============================================================
17:01:39.0671 5392 C: <-> \Device\Harddisk0\DR0\Partition0
17:01:39.0671 5392 ============================================================
17:01:39.0671 5392 Initialize success
17:01:39.0671 5392 ============================================================
17:01:40.0750 2660 ============================================================
17:01:40.0750 2660 Scan started
17:01:40.0750 2660 Mode: Manual;
17:01:40.0750 2660 ============================================================
17:01:41.0734 2660 Abiosdsk - ok
17:01:41.0734 2660 abp480n5 - ok
17:01:41.0765 2660 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:01:41.0765 2660 ACPI - ok
17:01:41.0812 2660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:01:41.0812 2660 ACPIEC - ok
17:01:41.0906 2660 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:01:41.0906 2660 AdobeFlashPlayerUpdateSvc - ok
17:01:41.0906 2660 adpu160m - ok
17:01:41.0937 2660 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:01:41.0937 2660 aec - ok
17:01:41.0984 2660 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:01:41.0984 2660 AFD - ok
17:01:41.0984 2660 Aha154x - ok
17:01:42.0000 2660 aic78u2 - ok
17:01:42.0000 2660 aic78xx - ok
17:01:42.0046 2660 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
17:01:42.0046 2660 Alerter - ok
17:01:42.0062 2660 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
17:01:42.0062 2660 ALG - ok
17:01:42.0062 2660 AliIde - ok
17:01:42.0062 2660 amsint - ok
17:01:42.0187 2660 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
17:01:42.0187 2660 Amsp - ok
17:01:42.0281 2660 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:01:42.0281 2660 Apple Mobile Device - ok
17:01:42.0281 2660 AppMgmt - ok
17:01:42.0281 2660 asc - ok
17:01:42.0281 2660 asc3350p - ok
17:01:42.0281 2660 asc3550 - ok
17:01:42.0359 2660 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:01:42.0359 2660 aspnet_state - ok
17:01:42.0390 2660 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:01:42.0390 2660 AsyncMac - ok
17:01:42.0421 2660 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:01:42.0421 2660 atapi - ok
17:01:42.0421 2660 Atdisk - ok
17:01:42.0437 2660 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:01:42.0437 2660 Atmarpc - ok
17:01:42.0453 2660 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
17:01:42.0453 2660 AudioSrv - ok
17:01:42.0484 2660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:01:42.0484 2660 audstub - ok
17:01:42.0531 2660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:01:42.0531 2660 Beep - ok
17:01:42.0578 2660 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
17:01:42.0578 2660 BITS - ok
17:01:42.0640 2660 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
17:01:42.0640 2660 Bonjour Service - ok
17:01:42.0656 2660 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
17:01:42.0656 2660 Browser - ok
17:01:42.0687 2660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:01:42.0687 2660 cbidf2k - ok
17:01:42.0687 2660 cd20xrnt - ok
17:01:42.0703 2660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:01:42.0703 2660 Cdaudio - ok
17:01:42.0718 2660 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:01:42.0718 2660 Cdfs - ok
17:01:42.0750 2660 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:01:42.0750 2660 Cdrom - ok
17:01:42.0750 2660 Changer - ok
17:01:42.0796 2660 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
17:01:42.0796 2660 CiSvc - ok
17:01:42.0812 2660 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
17:01:42.0812 2660 ClipSrv - ok
17:01:42.0843 2660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:01:42.0843 2660 clr_optimization_v2.0.50727_32 - ok
17:01:42.0906 2660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:01:42.0906 2660 clr_optimization_v4.0.30319_32 - ok
17:01:42.0906 2660 CmdIde - ok
17:01:42.0906 2660 COMSysApp - ok
17:01:42.0921 2660 Cpqarray - ok
17:01:42.0921 2660 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
17:01:42.0921 2660 CryptSvc - ok
17:01:42.0921 2660 dac2w2k - ok
17:01:42.0921 2660 dac960nt - ok
17:01:42.0953 2660 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
17:01:42.0953 2660 DcCam - ok
17:01:42.0984 2660 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
17:01:42.0984 2660 DcFpoint - ok
17:01:43.0000 2660 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
17:01:43.0000 2660 DCFS2K - ok
17:01:43.0015 2660 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
17:01:43.0015 2660 DcLps - ok
17:01:43.0062 2660 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:01:43.0078 2660 DcomLaunch - ok
17:01:43.0078 2660 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
17:01:43.0078 2660 DcPTP - ok
17:01:43.0109 2660 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
17:01:43.0109 2660 Dhcp - ok
17:01:43.0125 2660 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:01:43.0125 2660 Disk - ok
17:01:43.0125 2660 dmadmin - ok
17:01:43.0187 2660 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:01:43.0187 2660 dmboot - ok
17:01:43.0218 2660 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:01:43.0218 2660 dmio - ok
17:01:43.0234 2660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:01:43.0234 2660 dmload - ok
17:01:43.0250 2660 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
17:01:43.0250 2660 dmserver - ok
17:01:43.0281 2660 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:01:43.0281 2660 DMusic - ok
17:01:43.0296 2660 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
17:01:43.0296 2660 Dnscache - ok
17:01:43.0312 2660 dpti2o - ok
17:01:43.0312 2660 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:01:43.0312 2660 drmkaud - ok
17:01:43.0328 2660 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
17:01:43.0328 2660 ERSvc - ok
17:01:43.0343 2660 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:01:43.0343 2660 Eventlog - ok
17:01:43.0375 2660 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
17:01:43.0375 2660 EventSystem - ok
17:01:43.0421 2660 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
17:01:43.0421 2660 Exportit - ok
17:01:43.0421 2660 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:01:43.0421 2660 Fastfat - ok
17:01:43.0484 2660 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:01:43.0484 2660 FastUserSwitchingCompatibility - ok
17:01:43.0515 2660 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:01:43.0515 2660 Fdc - ok
17:01:43.0531 2660 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:01:43.0531 2660 Fips - ok
17:01:43.0531 2660 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:01:43.0531 2660 Flpydisk - ok
17:01:43.0531 2660 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:01:43.0531 2660 FltMgr - ok
17:01:43.0687 2660 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:01:43.0687 2660 FontCache3.0.0.0 - ok
17:01:43.0687 2660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:01:43.0687 2660 Fs_Rec - ok
17:01:43.0703 2660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:01:43.0703 2660 Ftdisk - ok
17:01:43.0734 2660 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
17:01:43.0734 2660 gdrv - ok
17:01:43.0750 2660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:01:43.0765 2660 GEARAspiWDM - ok
17:01:43.0765 2660 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:01:43.0765 2660 Gpc - ok
17:01:44.0250 2660 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:44.0250 2660 gupdate - ok
17:01:44.0250 2660 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:01:44.0250 2660 gupdatem - ok
17:01:44.0296 2660 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:01:44.0296 2660 HDAudBus - ok
17:01:44.0375 2660 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:01:44.0375 2660 helpsvc - ok
17:01:44.0406 2660 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
17:01:44.0406 2660 HidServ - ok
17:01:44.0406 2660 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:01:44.0406 2660 HidUsb - ok
17:01:44.0406 2660 hpn - ok
17:01:44.0453 2660 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:01:44.0453 2660 HTTP - ok
17:01:44.0500 2660 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
17:01:44.0500 2660 HTTPFilter - ok
17:01:44.0500 2660 i2omgmt - ok
17:01:44.0500 2660 i2omp - ok
17:01:44.0515 2660 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:01:44.0515 2660 i8042prt - ok
17:01:44.0578 2660 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:01:44.0578 2660 IDriverT - ok
17:01:44.0656 2660 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:01:44.0671 2660 idsvc - ok
17:01:44.0671 2660 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:01:44.0687 2660 Imapi - ok
17:01:44.0703 2660 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
17:01:44.0703 2660 ImapiService - ok
17:01:44.0718 2660 ini910u - ok
17:01:44.0921 2660 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:01:44.0953 2660 IntcAzAudAddService - ok
17:01:45.0000 2660 IntelIde - ok
17:01:45.0031 2660 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:01:45.0031 2660 intelppm - ok
17:01:45.0046 2660 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:01:45.0062 2660 Ip6Fw - ok
17:01:45.0078 2660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:01:45.0078 2660 IpFilterDriver - ok
17:01:45.0078 2660 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:01:45.0093 2660 IpInIp - ok
17:01:45.0109 2660 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:01:45.0109 2660 IpNat - ok
17:01:45.0218 2660 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
17:01:45.0218 2660 iPod Service - ok
17:01:45.0265 2660 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:01:45.0265 2660 IPSec - ok
17:01:45.0281 2660 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:01:45.0281 2660 IRENUM - ok
17:01:45.0312 2660 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:01:45.0312 2660 isapnp - ok
17:01:45.0406 2660 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
17:01:45.0406 2660 JavaQuickStarterService - ok
17:01:45.0453 2660 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:01:45.0453 2660 Kbdclass - ok
17:01:45.0468 2660 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:01:45.0468 2660 kbdhid - ok
17:01:45.0500 2660 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:01:45.0500 2660 kmixer - ok
17:01:45.0546 2660 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe
17:01:45.0546 2660 KodakCCS - ok
17:01:45.0562 2660 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:01:45.0578 2660 KSecDD - ok
17:01:45.0625 2660 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
17:01:45.0625 2660 lanmanserver - ok
17:01:45.0671 2660 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
17:01:45.0671 2660 lanmanworkstation - ok
17:01:45.0671 2660 lbrtfdc - ok
17:01:45.0703 2660 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
17:01:45.0703 2660 LmHosts - ok
17:01:45.0718 2660 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
17:01:45.0734 2660 Messenger - ok
17:01:45.0750 2660 MHIKEY10 (e8e2ca2a1b8b0f794b8fb9f8964c015c) C:\WINDOWS\system32\Drivers\MHIKEY10.sys
17:01:45.0750 2660 MHIKEY10 - ok
17:01:45.0828 2660 mi-raysat_3dsmax9_32 - ok
17:01:45.0843 2660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:01:45.0843 2660 mnmdd - ok
17:01:45.0875 2660 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
17:01:45.0875 2660 mnmsrvc - ok
17:01:45.0890 2660 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:01:45.0890 2660 Modem - ok
17:01:45.0906 2660 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:01:45.0906 2660 Mouclass - ok
17:01:45.0921 2660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:01:45.0921 2660 mouhid - ok
17:01:45.0937 2660 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:01:45.0937 2660 MountMgr - ok
17:01:45.0984 2660 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:01:45.0984 2660 MozillaMaintenance - ok
17:01:45.0984 2660 mraid35x - ok
17:01:46.0015 2660 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:01:46.0015 2660 MRxDAV - ok
17:01:46.0078 2660 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:01:46.0078 2660 MRxSmb - ok
17:01:46.0093 2660 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
17:01:46.0093 2660 MSDTC - ok
17:01:46.0109 2660 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:01:46.0109 2660 Msfs - ok
17:01:46.0109 2660 MSIServer - ok
17:01:46.0140 2660 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:01:46.0140 2660 MSKSSRV - ok
17:01:46.0156 2660 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:01:46.0156 2660 MSPCLOCK - ok
17:01:46.0171 2660 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:01:46.0171 2660 MSPQM - ok
17:01:46.0203 2660 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:01:46.0203 2660 mssmbios - ok
17:01:46.0203 2660 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:01:46.0203 2660 Mup - ok
17:01:46.0328 2660 NBService (5836b9e91863a00ec1b8e785efd86ecb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:01:46.0343 2660 NBService - ok
17:01:46.0343 2660 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:01:46.0343 2660 NDIS - ok
17:01:46.0390 2660 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:01:46.0390 2660 NdisTapi - ok
17:01:46.0406 2660 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:01:46.0406 2660 Ndisuio - ok
17:01:46.0421 2660 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:01:46.0421 2660 NdisWan - ok
17:01:46.0421 2660 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:01:46.0421 2660 NDProxy - ok
17:01:46.0421 2660 neokdss - ok
17:01:46.0437 2660 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:01:46.0437 2660 NetBIOS - ok
17:01:46.0453 2660 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:01:46.0453 2660 NetBT - ok
17:01:46.0468 2660 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:01:46.0468 2660 NetDDE - ok
17:01:46.0468 2660 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:01:46.0468 2660 NetDDEdsdm - ok
17:01:46.0500 2660 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:01:46.0500 2660 Netlogon - ok
17:01:46.0546 2660 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
17:01:46.0546 2660 Netman - ok
17:01:46.0656 2660 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:01:46.0656 2660 NetTcpPortSharing - ok
17:01:46.0687 2660 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
17:01:46.0687 2660 Nla - ok
17:01:46.0796 2660 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:01:46.0812 2660 NMIndexingService - ok
17:01:46.0828 2660 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:01:46.0828 2660 Npfs - ok
17:01:46.0875 2660 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:01:46.0875 2660 Ntfs - ok
17:01:46.0875 2660 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:01:46.0875 2660 NtLmSsp - ok
17:01:46.0921 2660 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
17:01:46.0937 2660 NtmsSvc - ok
17:01:46.0968 2660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:01:46.0968 2660 Null - ok
17:01:47.0375 2660 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:01:47.0421 2660 nv - ok
17:01:47.0515 2660 nvsvc (cc4f8220ead1f6a38d51679708f435b9) C:\WINDOWS\system32\nvsvc32.exe
17:01:47.0531 2660 nvsvc - ok
17:01:47.0562 2660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:01:47.0562 2660 NwlnkFlt - ok
17:01:47.0562 2660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:01:47.0562 2660 NwlnkFwd - ok
17:01:47.0593 2660 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:01:47.0593 2660 NwlnkIpx - ok
17:01:47.0609 2660 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:01:47.0609 2660 NwlnkNb - ok
17:01:47.0609 2660 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:01:47.0609 2660 NwlnkSpx - ok
17:01:47.0640 2660 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:01:47.0640 2660 Parport - ok
17:01:47.0656 2660 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:01:47.0656 2660 PartMgr - ok
17:01:47.0687 2660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:01:47.0687 2660 ParVdm - ok
17:01:47.0718 2660 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:01:47.0718 2660 PCI - ok
17:01:47.0718 2660 PCIDump - ok
17:01:47.0718 2660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:01:47.0718 2660 PCIIde - ok
17:01:47.0750 2660 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:01:47.0750 2660 Pcmcia - ok
17:01:47.0750 2660 PDCOMP - ok
17:01:47.0750 2660 PDFRAME - ok
17:01:47.0750 2660 PDRELI - ok
17:01:47.0750 2660 PDRFRAME - ok
17:01:47.0750 2660 perc2 - ok
17:01:47.0765 2660 perc2hib - ok
17:01:47.0796 2660 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:01:47.0796 2660 PlugPlay - ok
17:01:47.0843 2660 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
17:01:47.0843 2660 PnkBstrA - ok
17:01:47.0875 2660 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
17:01:47.0875 2660 Point32 - ok
17:01:47.0875 2660 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:01:47.0875 2660 PolicyAgent - ok
17:01:47.0890 2660 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:01:47.0890 2660 PptpMiniport - ok
17:01:47.0890 2660 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:01:47.0890 2660 ProtectedStorage - ok
17:01:47.0906 2660 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:01:47.0906 2660 PSched - ok
17:01:47.0906 2660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:01:47.0906 2660 Ptilink - ok
17:01:47.0921 2660 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:01:47.0921 2660 PxHelp20 - ok
17:01:47.0921 2660 ql1080 - ok
17:01:47.0921 2660 Ql10wnt - ok
17:01:47.0937 2660 ql12160 - ok
17:01:47.0937 2660 ql1240 - ok
17:01:47.0937 2660 ql1280 - ok
17:01:47.0953 2660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:01:47.0953 2660 RasAcd - ok
17:01:47.0984 2660 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
17:01:47.0984 2660 RasAuto - ok
17:01:48.0000 2660 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:01:48.0000 2660 Rasl2tp - ok
17:01:48.0031 2660 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
17:01:48.0031 2660 RasMan - ok
17:01:48.0281 2660 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:01:48.0281 2660 RasPppoe - ok
17:01:48.0281 2660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:01:48.0281 2660 Raspti - ok
17:01:48.0312 2660 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:01:48.0312 2660 Rdbss - ok
17:01:48.0312 2660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:01:48.0312 2660 RDPCDD - ok
17:01:48.0359 2660 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:01:48.0359 2660 RDPWD - ok
17:01:48.0406 2660 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
17:01:48.0406 2660 RDSessMgr - ok
17:01:48.0453 2660 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:01:48.0453 2660 redbook - ok
17:01:48.0484 2660 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
17:01:48.0484 2660 RemoteAccess - ok
17:01:48.0640 2660 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:01:48.0640 2660 RichVideo - ok
17:01:48.0656 2660 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
17:01:48.0656 2660 RpcLocator - ok
17:01:48.0703 2660 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:01:48.0703 2660 RpcSs - ok
17:01:48.0734 2660 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:01:48.0734 2660 RSVP - ok
17:01:48.0734 2660 RT73 - ok
17:01:48.0781 2660 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:01:48.0781 2660 RTLE8023xp - ok
17:01:48.0828 2660 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:01:48.0828 2660 SamSs - ok
17:01:48.0828 2660 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
17:01:48.0828 2660 SCardSvr - ok
17:01:48.0875 2660 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
17:01:48.0890 2660 Schedule - ok
17:01:48.0921 2660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:01:48.0921 2660 Secdrv - ok
17:01:48.0953 2660 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
17:01:48.0953 2660 seclogon - ok
17:01:48.0968 2660 Security Activity Dashboard Service - ok
17:01:48.0984 2660 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
17:01:48.0984 2660 SENS - ok
17:01:48.0984 2660 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:01:48.0984 2660 serenum - ok
17:01:48.0984 2660 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:01:48.0984 2660 Serial - ok
17:01:49.0000 2660 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:01:49.0000 2660 Sfloppy - ok
17:01:49.0046 2660 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:01:49.0046 2660 ShellHWDetection - ok
17:01:49.0046 2660 Simbad - ok
17:01:49.0062 2660 Sparrow - ok
17:01:49.0093 2660 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:01:49.0093 2660 splitter - ok
17:01:49.0125 2660 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
17:01:49.0125 2660 Spooler - ok
17:01:49.0140 2660 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:01:49.0140 2660 sr - ok
17:01:49.0156 2660 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
17:01:49.0156 2660 srservice - ok
17:01:49.0187 2660 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:01:49.0187 2660 Srv - ok
17:01:49.0203 2660 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
17:01:49.0203 2660 SSDPSRV - ok
17:01:49.0218 2660 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
17:01:49.0218 2660 StarOpen - ok
17:01:49.0250 2660 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:01:49.0250 2660 StillCam - ok
17:01:49.0265 2660 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
17:01:49.0265 2660 stisvc - ok
17:01:49.0265 2660 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:01:49.0265 2660 swenum - ok
17:01:49.0312 2660 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:01:49.0312 2660 swmidi - ok
17:01:49.0312 2660 SwPrv - ok
17:01:49.0312 2660 symc810 - ok
17:01:49.0312 2660 symc8xx - ok
17:01:49.0312 2660 sym_hi - ok
17:01:49.0312 2660 sym_u3 - ok
17:01:49.0328 2660 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:01:49.0328 2660 sysaudio - ok
17:01:49.0343 2660 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
17:01:49.0343 2660 SysmonLog - ok
17:01:49.0375 2660 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
17:01:49.0375 2660 TapiSrv - ok
17:01:49.0421 2660 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:01:49.0437 2660 Tcpip - ok
17:01:49.0468 2660 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:01:49.0468 2660 TDPIPE - ok
17:01:49.0484 2660 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:01:49.0484 2660 TDTCP - ok
17:01:49.0500 2660 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:01:49.0500 2660 TermDD - ok
17:01:49.0531 2660 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
17:01:49.0531 2660 TermService - ok
17:01:49.0546 2660 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:01:49.0546 2660 Themes - ok
17:01:49.0593 2660 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
17:01:49.0593 2660 tmactmon - ok
17:01:49.0609 2660 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
17:01:49.0609 2660 tmcomm - ok
17:01:49.0625 2660 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
17:01:49.0625 2660 tmevtmgr - ok
17:01:49.0625 2660 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
17:01:49.0625 2660 tmtdi - ok
17:01:49.0640 2660 TosIde - ok
17:01:49.0687 2660 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
17:01:49.0687 2660 TrkWks - ok
17:01:49.0734 2660 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:01:49.0734 2660 Udfs - ok
17:01:49.0734 2660 ultra - ok
17:01:49.0765 2660 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
17:01:49.0781 2660 Update - ok
17:01:49.0828 2660 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
17:01:49.0828 2660 upnphost - ok
17:01:49.0843 2660 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
17:01:49.0843 2660 UPS - ok
17:01:49.0890 2660 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:01:49.0890 2660 USBAAPL - ok
17:01:49.0937 2660 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:01:49.0937 2660 usbccgp - ok
17:01:49.0968 2660 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:01:49.0968 2660 usbehci - ok
17:01:49.0968 2660 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:01:49.0968 2660 usbhub - ok
17:01:50.0015 2660 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:01:50.0015 2660 usbprint - ok
17:01:50.0015 2660 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:01:50.0015 2660 usbscan - ok
17:01:50.0031 2660 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:01:50.0031 2660 USBSTOR - ok
17:01:50.0078 2660 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:01:50.0078 2660 usbuhci - ok
17:01:50.0125 2660 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:01:50.0125 2660 VgaSave - ok
17:01:50.0125 2660 ViaIde - ok
17:01:50.0125 2660 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:01:50.0125 2660 VolSnap - ok
17:01:50.0140 2660 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
17:01:50.0140 2660 VSS - ok
17:01:50.0187 2660 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
17:01:50.0203 2660 W32Time - ok
17:01:50.0218 2660 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:01:50.0218 2660 Wanarp - ok
17:01:50.0218 2660 WDICA - ok
17:01:50.0265 2660 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:01:50.0265 2660 wdmaud - ok
17:01:50.0296 2660 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
17:01:50.0296 2660 WebClient - ok
17:01:50.0531 2660 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:01:50.0546 2660 winmgmt - ok
17:01:50.0578 2660 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
17:01:50.0578 2660 WmdmPmSN - ok
17:01:50.0687 2660 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:01:50.0687 2660 WmiApSrv - ok
17:01:52.0109 2660 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:01:52.0109 2660 WMPNetworkSvc - ok
17:01:52.0296 2660 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:01:52.0296 2660 WPFFontCache_v0400 - ok
17:01:52.0359 2660 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:01:52.0375 2660 WS2IFSL - ok
17:01:52.0406 2660 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
17:01:52.0406 2660 wscsvc - ok
17:01:52.0437 2660 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
17:01:52.0453 2660 wuauserv - ok
17:01:52.0468 2660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:01:52.0468 2660 WudfPf - ok
17:01:52.0500 2660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:01:52.0500 2660 WudfRd - ok
17:01:52.0500 2660 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:01:52.0500 2660 WudfSvc - ok
17:01:52.0546 2660 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
17:01:52.0546 2660 WZCSVC - ok
17:01:52.0562 2660 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
17:01:52.0562 2660 xmlprov - ok
17:01:52.0578 2660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:01:52.0765 2660 \Device\Harddisk0\DR0 - ok
17:01:52.0765 2660 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR4
17:01:52.0765 2660 \Device\Harddisk2\DR4 - ok
17:01:52.0765 2660 Boot (0x1200) (fe33cc92637855d5e134218d0329a8d9) \Device\Harddisk0\DR0\Partition0
17:01:52.0765 2660 \Device\Harddisk0\DR0\Partition0 - ok
17:01:52.0781 2660 Boot (0x1200) (9034418023471ce8bbbca9da9d1855ff) \Device\Harddisk2\DR4\Partition0
17:01:52.0781 2660 \Device\Harddisk2\DR4\Partition0 - ok
17:01:52.0781 2660 ============================================================
17:01:52.0781 2660 Scan finished
17:01:52.0781 2660 ============================================================
17:01:52.0781 4192 Detected object count: 0
17:01:52.0781 4192 Actual detected object count: 0
17:04:36.0265 4612 ============================================================
17:04:36.0265 4612 Scan started
17:04:36.0265 4612 Mode: Manual;
17:04:36.0265 4612 ============================================================
17:04:37.0671 4612 Abiosdsk - ok
17:04:37.0671 4612 abp480n5 - ok
17:04:37.0718 4612 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:04:37.0718 4612 ACPI - ok
17:04:37.0765 4612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:04:37.0765 4612 ACPIEC - ok
17:04:37.0843 4612 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:04:37.0843 4612 AdobeFlashPlayerUpdateSvc - ok
17:04:37.0843 4612 adpu160m - ok
17:04:37.0890 4612 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
17:04:37.0890 4612 aec - ok
17:04:37.0937 4612 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
17:04:37.0937 4612 AFD - ok
17:04:37.0937 4612 Aha154x - ok
17:04:37.0937 4612 aic78u2 - ok
17:04:37.0937 4612 aic78xx - ok
17:04:37.0968 4612 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
17:04:37.0968 4612 Alerter - ok
17:04:38.0000 4612 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
17:04:38.0000 4612 ALG - ok
17:04:38.0000 4612 AliIde - ok
17:04:38.0000 4612 amsint - ok
17:04:38.0125 4612 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
17:04:38.0125 4612 Amsp - ok
17:04:38.0218 4612 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:04:38.0218 4612 Apple Mobile Device - ok
17:04:38.0218 4612 AppMgmt - ok
17:04:38.0218 4612 asc - ok
17:04:38.0218 4612 asc3350p - ok
17:04:38.0218 4612 asc3550 - ok
17:04:38.0312 4612 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:04:38.0312 4612 aspnet_state - ok
17:04:38.0328 4612 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:04:38.0328 4612 AsyncMac - ok
17:04:38.0359 4612 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:04:38.0359 4612 atapi - ok
17:04:38.0359 4612 Atdisk - ok
17:04:38.0375 4612 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:04:38.0390 4612 Atmarpc - ok
17:04:38.0390 4612 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
17:04:38.0390 4612 AudioSrv - ok
17:04:38.0421 4612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:04:38.0421 4612 audstub - ok
17:04:38.0468 4612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:04:38.0468 4612 Beep - ok
17:04:38.0515 4612 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
17:04:38.0531 4612 BITS - ok
17:04:38.0625 4612 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
17:04:38.0625 4612 Bonjour Service - ok
17:04:38.0625 4612 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
17:04:38.0625 4612 Browser - ok
17:04:38.0656 4612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:04:38.0656 4612 cbidf2k - ok
17:04:38.0671 4612 cd20xrnt - ok
17:04:38.0671 4612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:04:38.0687 4612 Cdaudio - ok
17:04:38.0687 4612 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
17:04:38.0687 4612 Cdfs - ok
17:04:38.0718 4612 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:04:38.0718 4612 Cdrom - ok
17:04:38.0734 4612 Changer - ok
17:04:38.0734 4612 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
17:04:38.0734 4612 CiSvc - ok
17:04:38.0750 4612 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
17:04:38.0750 4612 ClipSrv - ok
17:04:38.0781 4612 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:04:38.0781 4612 clr_optimization_v2.0.50727_32 - ok
17:04:38.0843 4612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:04:38.0843 4612 clr_optimization_v4.0.30319_32 - ok
17:04:38.0843 4612 CmdIde - ok
17:04:38.0859 4612 COMSysApp - ok
17:04:38.0859 4612 Cpqarray - ok
17:04:38.0859 4612 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
17:04:38.0859 4612 CryptSvc - ok
17:04:38.0875 4612 dac2w2k - ok
17:04:38.0875 4612 dac960nt - ok
17:04:38.0890 4612 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
17:04:38.0890 4612 DcCam - ok
17:04:38.0921 4612 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
17:04:38.0921 4612 DcFpoint - ok
17:04:38.0937 4612 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
17:04:38.0937 4612 DCFS2K - ok
17:04:38.0953 4612 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
17:04:38.0953 4612 DcLps - ok
17:04:39.0000 4612 DcomLaunch (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:04:39.0015 4612 DcomLaunch - ok
17:04:39.0015 4612 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
17:04:39.0015 4612 DcPTP - ok
17:04:39.0046 4612 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
17:04:39.0046 4612 Dhcp - ok
17:04:39.0062 4612 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
17:04:39.0062 4612 Disk - ok
17:04:39.0062 4612 dmadmin - ok
17:04:39.0125 4612 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
17:04:39.0125 4612 dmboot - ok
17:04:39.0156 4612 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
17:04:39.0156 4612 dmio - ok
17:04:39.0171 4612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:04:39.0171 4612 dmload - ok
17:04:39.0187 4612 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
17:04:39.0187 4612 dmserver - ok
17:04:39.0218 4612 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
17:04:39.0218 4612 DMusic - ok
17:04:39.0234 4612 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
17:04:39.0250 4612 Dnscache - ok
17:04:39.0250 4612 dpti2o - ok
17:04:39.0250 4612 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
17:04:39.0250 4612 drmkaud - ok
17:04:39.0281 4612 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
17:04:39.0281 4612 ERSvc - ok
17:04:39.0296 4612 Eventlog (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:04:39.0296 4612 Eventlog - ok
17:04:39.0343 4612 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
17:04:39.0343 4612 EventSystem - ok
17:04:39.0390 4612 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
17:04:39.0390 4612 Exportit - ok
17:04:39.0390 4612 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
17:04:39.0390 4612 Fastfat - ok
17:04:39.0437 4612 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:04:39.0437 4612 FastUserSwitchingCompatibility - ok
17:04:39.0468 4612 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
17:04:39.0468 4612 Fdc - ok
17:04:39.0468 4612 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
17:04:39.0468 4612 Fips - ok
17:04:39.0468 4612 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:04:39.0468 4612 Flpydisk - ok
17:04:39.0500 4612 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:04:39.0500 4612 FltMgr - ok
17:04:39.0671 4612 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:04:39.0671 4612 FontCache3.0.0.0 - ok
17:04:39.0671 4612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:04:39.0671 4612 Fs_Rec - ok
17:04:39.0718 4612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:04:39.0718 4612 Ftdisk - ok
17:04:39.0734 4612 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
17:04:39.0750 4612 gdrv - ok
17:04:39.0765 4612 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:04:39.0765 4612 GEARAspiWDM - ok
17:04:39.0781 4612 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:04:39.0781 4612 Gpc - ok
17:04:39.0875 4612 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:04:39.0875 4612 gupdate - ok
17:04:39.0890 4612 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
17:04:39.0890 4612 gupdatem - ok
17:04:39.0921 4612 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:04:39.0921 4612 HDAudBus - ok
17:04:39.0984 4612 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:04:39.0984 4612 helpsvc - ok
17:04:40.0000 4612 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS\System32\hidserv.dll
17:04:40.0000 4612 HidServ - ok
17:04:40.0015 4612 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:04:40.0015 4612 HidUsb - ok
17:04:40.0015 4612 hpn - ok
17:04:40.0062 4612 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
17:04:40.0062 4612 HTTP - ok
17:04:40.0093 4612 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
17:04:40.0093 4612 HTTPFilter - ok
17:04:40.0093 4612 i2omgmt - ok
17:04:40.0093 4612 i2omp - ok
17:04:40.0125 4612 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:04:40.0125 4612 i8042prt - ok
17:04:40.0203 4612 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:04:40.0203 4612 IDriverT - ok
17:04:40.0265 4612 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:04:40.0265 4612 idsvc - ok
17:04:40.0281 4612 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:04:40.0281 4612 Imapi - ok
17:04:40.0312 4612 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
17:04:40.0312 4612 ImapiService - ok
17:04:40.0312 4612 ini910u - ok
17:04:40.0531 4612 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:04:40.0562 4612 IntcAzAudAddService - ok
17:04:40.0625 4612 IntelIde - ok
17:04:40.0656 4612 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:04:40.0656 4612 intelppm - ok
17:04:40.0671 4612 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:04:40.0671 4612 Ip6Fw - ok
17:04:40.0703 4612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:04:40.0703 4612 IpFilterDriver - ok
17:04:40.0703 4612 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:04:40.0703 4612 IpInIp - ok
17:04:40.0734 4612 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:04:40.0734 4612 IpNat - ok
17:04:40.0843 4612 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
17:04:40.0843 4612 iPod Service - ok
17:04:40.0906 4612 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:04:40.0906 4612 IPSec - ok
17:04:40.0921 4612 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:04:40.0921 4612 IRENUM - ok
17:04:40.0953 4612 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:04:40.0953 4612 isapnp - ok
17:04:41.0046 4612 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
17:04:41.0046 4612 JavaQuickStarterService - ok
17:04:41.0093 4612 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:04:41.0093 4612 Kbdclass - ok
17:04:41.0109 4612 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:04:41.0109 4612 kbdhid - ok
17:04:41.0156 4612 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
17:04:41.0156 4612 kmixer - ok
17:04:41.0187 4612 KodakCCS (4e1060d2f3b745931cf83b3649be8a57) C:\WINDOWS\system32\drivers\KodakCCS.exe
17:04:41.0187 4612 KodakCCS - ok
17:04:41.0218 4612 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
17:04:41.0218 4612 KSecDD - ok
17:04:41.0265 4612 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
17:04:41.0265 4612 lanmanserver - ok
17:04:41.0312 4612 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
17:04:41.0312 4612 lanmanworkstation - ok
17:04:41.0312 4612 lbrtfdc - ok
17:04:41.0359 4612 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
17:04:41.0359 4612 LmHosts - ok
17:04:41.0390 4612 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
17:04:41.0390 4612 Messenger - ok
17:04:41.0421 4612 MHIKEY10 (e8e2ca2a1b8b0f794b8fb9f8964c015c) C:\WINDOWS\system32\Drivers\MHIKEY10.sys
17:04:41.0421 4612 MHIKEY10 - ok
17:04:41.0484 4612 mi-raysat_3dsmax9_32 - ok
17:04:41.0500 4612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:04:41.0500 4612 mnmdd - ok
17:04:41.0531 4612 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
17:04:41.0531 4612 mnmsrvc - ok
17:04:41.0562 4612 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
17:04:41.0562 4612 Modem - ok
17:04:41.0578 4612 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:04:41.0578 4612 Mouclass - ok
17:04:41.0593 4612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:04:41.0593 4612 mouhid - ok
17:04:41.0593 4612 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
17:04:41.0593 4612 MountMgr - ok
17:04:41.0625 4612 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:04:41.0625 4612 MozillaMaintenance - ok
17:04:41.0625 4612 mraid35x - ok
17:04:41.0656 4612 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:04:41.0656 4612 MRxDAV - ok
17:04:41.0718 4612 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:04:41.0718 4612 MRxSmb - ok
17:04:41.0734 4612 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
17:04:41.0734 4612 MSDTC - ok
17:04:41.0750 4612 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
17:04:41.0750 4612 Msfs - ok
17:04:41.0750 4612 MSIServer - ok
17:04:41.0781 4612 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:04:41.0781 4612 MSKSSRV - ok
17:04:41.0796 4612 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:04:41.0796 4612 MSPCLOCK - ok
17:04:41.0812 4612 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
17:04:41.0812 4612 MSPQM - ok
17:04:41.0843 4612 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:04:41.0843 4612 mssmbios - ok
17:04:41.0843 4612 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
17:04:41.0859 4612 Mup - ok
17:04:41.0984 4612 NBService (5836b9e91863a00ec1b8e785efd86ecb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:04:41.0984 4612 NBService - ok
17:04:42.0000 4612 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
17:04:42.0000 4612 NDIS - ok
17:04:42.0031 4612 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:04:42.0031 4612 NdisTapi - ok
17:04:42.0062 4612 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:04:42.0062 4612 Ndisuio - ok
17:04:42.0093 4612 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:04:42.0093 4612 NdisWan - ok
17:04:42.0093 4612 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
17:04:42.0093 4612 NDProxy - ok
17:04:42.0093 4612 neokdss - ok
17:04:42.0093 4612 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:04:42.0093 4612 NetBIOS - ok
17:04:42.0109 4612 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:04:42.0109 4612 NetBT - ok
17:04:42.0140 4612 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:04:42.0140 4612 NetDDE - ok
17:04:42.0140 4612 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
17:04:42.0140 4612 NetDDEdsdm - ok
17:04:42.0156 4612 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:04:42.0156 4612 Netlogon - ok
17:04:42.0203 4612 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
17:04:42.0203 4612 Netman - ok
17:04:42.0312 4612 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:04:42.0312 4612 NetTcpPortSharing - ok
17:04:42.0343 4612 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
17:04:42.0343 4612 Nla - ok
17:04:42.0453 4612 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:04:42.0468 4612 NMIndexingService - ok
17:04:42.0484 4612 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
17:04:42.0484 4612 Npfs - ok
17:04:42.0515 4612 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
17:04:42.0531 4612 Ntfs - ok
17:04:42.0531 4612 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:04:42.0531 4612 NtLmSsp - ok
17:04:42.0578 4612 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
17:04:42.0578 4612 NtmsSvc - ok
17:04:42.0609 4612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:04:42.0609 4612 Null - ok
17:04:43.0031 4612 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:04:43.0078 4612 nv - ok
17:04:43.0171 4612 nvsvc (cc4f8220ead1f6a38d51679708f435b9) C:\WINDOWS\system32\nvsvc32.exe
17:04:43.0171 4612 nvsvc - ok
17:04:43.0218 4612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:04:43.0218 4612 NwlnkFlt - ok
17:04:43.0218 4612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:04:43.0218 4612 NwlnkFwd - ok
17:04:43.0250 4612 NwlnkIpx (79ea3fcda7067977625b3363a2657c80) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:04:43.0250 4612 NwlnkIpx - ok
17:04:43.0265 4612 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
17:04:43.0265 4612 NwlnkNb - ok
17:04:43.0265 4612 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
17:04:43.0265 4612 NwlnkSpx - ok
17:04:43.0296 4612 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
17:04:43.0296 4612 Parport - ok
17:04:43.0312 4612 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
17:04:43.0312 4612 PartMgr - ok
17:04:43.0343 4612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:04:43.0343 4612 ParVdm - ok
17:04:43.0375 4612 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
17:04:43.0375 4612 PCI - ok
17:04:43.0375 4612 PCIDump - ok
17:04:43.0375 4612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:04:43.0375 4612 PCIIde - ok
17:04:43.0406 4612 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:04:43.0406 4612 Pcmcia - ok
17:04:43.0406 4612 PDCOMP - ok
17:04:43.0406 4612 PDFRAME - ok
17:04:43.0406 4612 PDRELI - ok
17:04:43.0406 4612 PDRFRAME - ok
17:04:43.0406 4612 perc2 - ok
17:04:43.0421 4612 perc2hib - ok
17:04:43.0453 4612 PlugPlay (37561f8d4160d62da86d24ae41fae8de) C:\WINDOWS\system32\services.exe
17:04:43.0453 4612 PlugPlay - ok
17:04:43.0500 4612 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
17:04:43.0515 4612 PnkBstrA - ok
17:04:43.0546 4612 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
17:04:43.0546 4612 Point32 - ok
17:04:43.0546 4612 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:04:43.0546 4612 PolicyAgent - ok
17:04:43.0562 4612 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:04:43.0562 4612 PptpMiniport - ok
17:04:43.0562 4612 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:04:43.0562 4612 ProtectedStorage - ok
17:04:43.0562 4612 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
17:04:43.0578 4612 PSched - ok
17:04:43.0578 4612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:04:43.0578 4612 Ptilink - ok
17:04:43.0593 4612 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
17:04:43.0593 4612 PxHelp20 - ok
17:04:43.0593 4612 ql1080 - ok
17:04:43.0593 4612 Ql10wnt - ok
17:04:43.0593 4612 ql12160 - ok
17:04:43.0609 4612 ql1240 - ok
17:04:43.0609 4612 ql1280 - ok
17:04:43.0640 4612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:04:43.0640 4612 RasAcd - ok
17:04:43.0671 4612 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
17:04:43.0671 4612 RasAuto - ok
17:04:43.0687 4612 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:04:43.0687 4612 Rasl2tp - ok
17:04:43.0734 4612 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
17:04:43.0734 4612 RasMan - ok
17:04:43.0750 4612 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:04:43.0750 4612 RasPppoe - ok
17:04:43.0750 4612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:04:43.0750 4612 Raspti - ok
17:04:43.0781 4612 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:04:43.0781 4612 Rdbss - ok
17:04:43.0781 4612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:04:43.0781 4612 RDPCDD - ok
17:04:43.0828 4612 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
17:04:43.0828 4612 RDPWD - ok
17:04:43.0875 4612 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
17:04:43.0875 4612 RDSessMgr - ok
17:04:43.0921 4612 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:04:43.0921 4612 redbook - ok
17:04:43.0968 4612 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
17:04:43.0968 4612 RemoteAccess - ok
17:04:44.0109 4612 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:04:44.0125 4612 RichVideo - ok
17:04:44.0140 4612 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
17:04:44.0140 4612 RpcLocator - ok
17:04:44.0187 4612 RpcSs (01095febf33beea00c2a0730b9b3ec28) C:\WINDOWS\system32\rpcss.dll
17:04:44.0187 4612 RpcSs - ok
17:04:44.0203 4612 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:04:44.0218 4612 RSVP - ok
17:04:44.0218 4612 RT73 - ok
17:04:44.0265 4612 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:04:44.0265 4612 RTLE8023xp - ok
17:04:44.0296 4612 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
17:04:44.0296 4612 SamSs - ok
17:04:44.0312 4612 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
17:04:44.0312 4612 SCardSvr - ok
17:04:44.0343 4612 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
17:04:44.0343 4612 Schedule - ok
17:04:44.0375 4612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:04:44.0375 4612 Secdrv - ok
17:04:44.0421 4612 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
17:04:44.0421 4612 seclogon - ok
17:04:44.0437 4612 Security Activity Dashboard Service - ok
17:04:44.0437 4612 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
17:04:44.0437 4612 SENS - ok
17:04:44.0453 4612 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:04:44.0453 4612 serenum - ok
17:04:44.0453 4612 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
17:04:44.0453 4612 Serial - ok
17:04:44.0468 4612 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:04:44.0484 4612 Sfloppy - ok
17:04:44.0515 4612 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:04:44.0531 4612 ShellHWDetection - ok
17:04:44.0531 4612 Simbad - ok
17:04:44.0531 4612 Sparrow - ok
17:04:44.0578 4612 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
17:04:44.0578 4612 splitter - ok
17:04:44.0609 4612 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
17:04:44.0609 4612 Spooler - ok
17:04:44.0640 4612 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
17:04:44.0640 4612 sr - ok
17:04:44.0656 4612 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
17:04:44.0656 4612 srservice - ok
17:04:44.0703 4612 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
17:04:44.0703 4612 Srv - ok
17:04:44.0703 4612 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
17:04:44.0703 4612 SSDPSRV - ok
17:04:44.0734 4612 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
17:04:44.0734 4612 StarOpen - ok
17:04:44.0750 4612 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:04:44.0750 4612 StillCam - ok
17:04:44.0812 4612 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
17:04:44.0812 4612 stisvc - ok
17:04:44.0812 4612 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:04:44.0812 4612 swenum - ok
17:04:44.0859 4612 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
17:04:44.0859 4612 swmidi - ok
17:04:44.0859 4612 SwPrv - ok
17:04:44.0859 4612 symc810 - ok
17:04:44.0859 4612 symc8xx - ok
17:04:44.0859 4612 sym_hi - ok
17:04:44.0875 4612 sym_u3 - ok
17:04:44.0875 4612 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
17:04:44.0875 4612 sysaudio - ok
17:04:44.0906 4612 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
17:04:44.0906 4612 SysmonLog - ok
17:04:44.0953 4612 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
17:04:44.0953 4612 TapiSrv - ok
17:04:45.0000 4612 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:04:45.0000 4612 Tcpip - ok
17:04:45.0031 4612 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:04:45.0031 4612 TDPIPE - ok
17:04:45.0046 4612 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
17:04:45.0046 4612 TDTCP - ok
17:04:45.0046 4612 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:04:45.0046 4612 TermDD - ok
17:04:45.0078 4612 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
17:04:45.0093 4612 TermService - ok
17:04:45.0125 4612 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
17:04:45.0125 4612 Themes - ok
17:04:45.0171 4612 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
17:04:45.0171 4612 tmactmon - ok
17:04:45.0187 4612 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
17:04:45.0187 4612 tmcomm - ok
17:04:45.0203 4612 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
17:04:45.0203 4612 tmevtmgr - ok
17:04:45.0203 4612 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
17:04:45.0203 4612 tmtdi - ok
17:04:45.0218 4612 TosIde - ok
17:04:45.0250 4612 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
17:04:45.0250 4612 TrkWks - ok
17:04:45.0296 4612 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
17:04:45.0296 4612 Udfs - ok
17:04:45.0296 4612 ultra - ok
17:04:45.0343 4612 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
17:04:45.0343 4612 Update - ok
17:04:45.0390 4612 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
17:04:45.0406 4612 upnphost - ok
17:04:45.0421 4612 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
17:04:45.0421 4612 UPS - ok
17:04:45.0453 4612 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:04:45.0468 4612 USBAAPL - ok
17:04:45.0500 4612 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:04:45.0500 4612 usbccgp - ok
17:04:45.0531 4612 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:04:45.0531 4612 usbehci - ok
17:04:45.0531 4612 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:04:45.0531 4612 usbhub - ok
17:04:45.0578 4612 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:04:45.0578 4612 usbprint - ok
17:04:45.0578 4612 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:04:45.0578 4612 usbscan - ok
17:04:45.0609 4612 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:04:45.0609 4612 USBSTOR - ok
17:04:45.0640 4612 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:04:45.0640 4612 usbuhci - ok
17:04:45.0687 4612 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
17:04:45.0687 4612 VgaSave - ok
17:04:45.0687 4612 ViaIde - ok
17:04:45.0687 4612 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
17:04:45.0687 4612 VolSnap - ok
17:04:45.0703 4612 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
17:04:45.0703 4612 VSS - ok
17:04:45.0734 4612 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
17:04:45.0734 4612 W32Time - ok
17:04:45.0750 4612 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:04:45.0750 4612 Wanarp - ok
17:04:45.0750 4612 WDICA - ok
17:04:45.0796 4612 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
17:04:45.0796 4612 wdmaud - ok
17:04:45.0828 4612 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
17:04:45.0843 4612 WebClient - ok
17:04:45.0921 4612 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:04:45.0921 4612 winmgmt - ok
17:04:45.0953 4612 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
17:04:45.0968 4612 WmdmPmSN - ok
17:04:45.0968 4612 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:04:45.0968 4612 WmiApSrv - ok
17:04:46.0093 4612 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:04:46.0093 4612 WMPNetworkSvc - ok
17:04:46.0265 4612 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:04:46.0281 4612 WPFFontCache_v0400 - ok
17:04:46.0359 4612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:04:46.0359 4612 WS2IFSL - ok
17:04:46.0390 4612 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
17:04:46.0390 4612 wscsvc - ok
17:04:46.0437 4612 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
17:04:46.0437 4612 wuauserv - ok
17:04:46.0468 4612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:04:46.0468 4612 WudfPf - ok
17:04:46.0484 4612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:04:46.0484 4612 WudfRd - ok
17:04:46.0500 4612 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:04:46.0500 4612 WudfSvc - ok
17:04:46.0531 4612 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
17:04:46.0531 4612 WZCSVC - ok
17:04:46.0562 4612 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
17:04:46.0562 4612 xmlprov - ok
17:04:46.0578 4612 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:04:46.0750 4612 \Device\Harddisk0\DR0 - ok
17:04:46.0750 4612 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR4
17:04:46.0750 4612 \Device\Harddisk2\DR4 - ok
17:04:46.0750 4612 Boot (0x1200) (fe33cc92637855d5e134218d0329a8d9) \Device\Harddisk0\DR0\Partition0
17:04:46.0750 4612 \Device\Harddisk0\DR0\Partition0 - ok
17:04:46.0750 4612 Boot (0x1200) (9034418023471ce8bbbca9da9d1855ff) \Device\Harddisk2\DR4\Partition0
17:04:46.0750 4612 \Device\Harddisk2\DR4\Partition0 - ok
17:04:46.0750 4612 ============================================================
17:04:46.0750 4612 Scan finished
17:04:46.0750 4612 ============================================================
17:04:46.0765 3408 Detected object count: 0
17:04:46.0765 3408 Actual detected object count: 0
17:04:51.0031 2364 Deinitialize success

-----
This is what the Trend Micro log includes, and it repeated over 200 times.

14/05/2012 12:02 C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\800000cb.@ TROJ_GEN.RC1CCED Malware Removed
14/05/2012 12:02 C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\80000000.@ TROJ_GEN.R49C7EB Threat Removed
14/05/2012 12:06 C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\80000000.@ TROJ_GEN.R49C7EB Threat Removed
14/05/2012 12:07 C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\800000cb.@ TROJ_GEN.RC1CCED Malware Removed

-----

I ran a another TDSS killer and it gave me this http://i.imgur.com/U31VO.png
I would repost a log but it would make the post too long

Edited by 123user123, 14 May 2012 - 07:08 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 AM

Posted 14 May 2012 - 12:08 PM

Hello and welcome to BleepingComputer! :)



I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce.


As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us.

If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature).
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.



Please generate another DDS log (download it from here if you haven't already) and post it in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.



Thank you very much for your patience.




Regards,

Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 123user123

123user123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 15 May 2012 - 05:35 AM

Thanks for your reply!!! :thumbsup:

The pop-up warnings from Trend are still occuring.

I tried running DDS but it did not successfully create a log. The program would start and "#"'s would appear along it then it would suddenly exit, I left it for half an hour and still nothing appeared. I tried disabling my AV, but it still didn't work. Then I tried running it in safe mode, but I am unable to enter safemode, I get to the screen ( http://img.bleepingcomputer.com/swr-guides/smitfraudfix/safe-mode.jpg )but I can't select safe mode, despite trying the up/down arrow key and I also tried every key. I'm usuing a wired keyboard, but it doesn't seem to turn on until it logs on normally. I also do not have access to an alternative keyboard.

I am currently running GMER for around 5 hours and it has identified something in red, so I will leave it to complete its scan.

Also before I recieved your help I ran a scan usuing the AVP Tool ( http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ ) . And it found multiple things. I have made sure not run any programs since as you stated in your message, and will not. But I will post the logs of the AVPTool just incase because it identifies some threats.


Status: Disinfected (events: 2)
14/05/2012 6:04:59 PM Disinfected Trojan program Trojan-Downloader.Win32.Agent.edil C:\Documents and Settings\Samuel\Desktop\random\h\old\Desktop\aoe_tc_vegmod_en.zip High
14/05/2012 6:04:59 PM Disinfected Trojan program Trojan-Downloader.Win32.Agent.edil C:\Documents and Settings\Samuel\Desktop\random\h\old\Desktop\aoe_tc_vegmod_en.zip/wndmode.dll High
Status: Deleted (events: 3)
14/05/2012 6:11:42 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.edil C:\Documents and Settings\Samuel\Desktop\random\h\old\Desktop\aoe_tc_vegmod_en\wndmode.dll High
14/05/2012 8:47:31 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.edil C:\System Volume Information\_restore{87981969-B949-4C08-AE92-8C15502449E1}\RP158\A0068402.dll High
14/05/2012 9:23:04 PM Deleted Trojan program Trojan.Win32.Zapchast.abrq C:\WINDOWS\Installer\{54c3cc2f-4614-91ce-f755-6d829c347a54}\U\800000cb.@ High

---------------------------------------------

Gathering system information: completed <1 minute ago (events: 257, time: 00:01:46)
14/05/2012 9:35:42 PM Task completed Gathering system information
14/05/2012 9:35:42 PM Main script of analysis
14/05/2012 9:35:42 PM Deleting service/driver: uje4njq3
14/05/2012 9:35:42 PM Delete file:C:\WINDOWS\system32\Drivers\ute4njq3.sys
14/05/2012 9:35:42 PM [microprogram of healing]> registry key deleted HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ute4njq3
14/05/2012 9:35:42 PM Deleting service/driver: ute4njq3
14/05/2012 9:35:42 PM System Analysis - complete
14/05/2012 9:34:35 PM System Analysis in progress
14/05/2012 9:34:34 PM >> Windows Explorer - show extensions of known file types
14/05/2012 9:34:34 PM >> Disable removable media autorun
14/05/2012 9:34:34 PM >> Disable CD/DVD autorun
14/05/2012 9:34:34 PM >> Disable autorun from network drives
14/05/2012 9:34:34 PM >> Disable HDD autorun
14/05/2012 9:34:31 PM >> Security: sending Remote Assistant queries is enabled
14/05/2012 9:34:31 PM >> Security: anonymous user access is enabled
14/05/2012 9:34:31 PM >> Security: administrative shares (C$, D$ ...) are enabled
14/05/2012 9:34:31 PM >> Security: disk drives' autorun is enabled
14/05/2012 9:34:31 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
14/05/2012 9:34:31 PM >> Services: potentially dangerous service allowed: RDSessMgr (Remote Desktop Help Session Manager)
14/05/2012 9:34:31 PM >> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting Remote Desktop Sharing)
14/05/2012 9:34:31 PM >> Services: potentially dangerous service allowed: Schedule (Task Scheduler)
14/05/2012 9:34:31 PM >> Services: potentially dangerous service allowed: TlntSvr ()
14/05/2012 9:34:31 PM >> Services: potentially dangerous service allowed: SSDPSRV (SSDP Discovery Service)
14/05/2012 9:34:31 PM >> Services: potentially dangerous service allowed: TermService (Terminal Services)
14/05/2012 9:34:03 PM Checking - complete
14/05/2012 9:34:03 PM Driver loaded successfully
14/05/2012 9:34:03 PM 1.5 Checking of IRP handlers
14/05/2012 9:34:03 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
14/05/2012 9:34:03 PM 1.4 Searching for masking processes and drivers
14/05/2012 9:34:01 PM Checking IDT and SYSENTER - complete
14/05/2012 9:34:01 PM Disable callback OK
14/05/2012 9:34:01 PM CmpCallCallBacks = 00092D3C
14/05/2012 9:34:01 PM Analysis for CPU 2
14/05/2012 9:34:01 PM Analysis for CPU 1
14/05/2012 9:34:01 PM 1.3 Checking IDT and SYSENTER
14/05/2012 9:34:01 PM Functions checked: 284, intercepted: 63, restored: 65
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function IoIsOperationSynchronous (804EF828) - machine code modification Method of JmpTo. jmp B12BA3AC \SystemRoot\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function FsRtlCheckLockForReadAccess (804EAEA0) - machine code modification Method of JmpTo. jmp B12B9FD0 \SystemRoot\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtWriteVirtualMemory (115) intercepted (805B2E10->B12C7B52), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtUnmapViewOfSection (10B) intercepted (805B188C->B12CB552), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtTerminateThread (102) intercepted (805D1432->B12C79C8), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtTerminateProcess (101) intercepted (805D1238->B12C7A68), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSystemDebugControl (FF) intercepted (80615F98->B12CAA3E), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSuspendThread (FE) intercepted (805D314A->B12CBA2A), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSuspendProcess (FD) intercepted (805D32D8->B12CB8F0), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSetValueKey (F7) intercepted (806207EE->B12C6816), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSetSystemInformation (F0) intercepted (8060DC1E->B12CB7FE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSetSecurityObject (ED) intercepted (805BE9BA->B12CADAA), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSetInformationToken (E6) intercepted (805F8736->B12CA154), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSetContextThread (D5) intercepted (805CFFEE->B12C7E38), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSecureConnectPort (D2) intercepted (805A283A->B12C8B0E), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtSaveKey (CF) intercepted (806205D8->B12C5EAE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtResumeThread (CE) intercepted (805D3210->B12CBBC8), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtRestoreKey (CC) intercepted (80620536->B12C628E), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtRequestWaitReplyPort (C8) intercepted (805A184C->B12CA8B4), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtReplyWaitReceivePort (C3) intercepted (805A4F8A->B12C96F2), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtReplyPort (C2) intercepted (805A3FC2->B12C982C), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtReplaceKey (C1) intercepted (80623D4A->B12C5F16), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtRenameKey (C0) intercepted (80621B68->B12C6C2C), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtQueueApcThread (B4) intercepted (805CFB2A->B12CAFA0), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtQueryValueKey (B1) intercepted (806201E8->B12C699C), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtQuerySection (A7) intercepted (805B7024->B12CB6AE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtQueryMultipleValueKey (A1) intercepted (80621310->B12C6D72), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtQueryKey (A0) intercepted (80623824->B12C713A), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtOpenThread (80) intercepted (805C9F9A->B12C77BE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtOpenSemaphore (7E) intercepted (80613026->B12C94C8), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtOpenSection (7D) intercepted (805A8EC2->B12CB10E), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtOpenProcess (7A) intercepted (805C9D0E->B12C78CC), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:01 PM >>> Hook code blocked
14/05/2012 9:34:01 PM >>> Function restored successfully !
14/05/2012 9:34:01 PM Function NtOpenMutant (78) intercepted (80615654->B12C9288), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtOpenKey (77) intercepted (806234E4->B12C66C0), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtOpenFile (74) intercepted (80578FC8->B12C8016), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtOpenEvent (72) intercepted (8060CF66->B12C93A8), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtNotifyChangeKey (6F) intercepted (80623E64->B12C71CE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtMapViewOfSection (6C) intercepted (805B0A7E->B12CB374), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtLoadKey2 (63) intercepted (80623AE4->B12C64EE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtLoadKey (62) intercepted (80623E9A->B12C64DC), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtLoadDriver (61) intercepted (80582EA6->B12CAC0C), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtFsControlFile (54) intercepted (805780C4->B12C8500), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtEnumerateValueKey (49) intercepted (80622BF8->B12C70A2), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtEnumerateKey (47) intercepted (8062298E->B12C700A), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtDuplicateObject (44) intercepted (805BC950->B12CBD26), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtDeviceIoControlFile (42) intercepted (80578090->B12C86F2), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtDeleteValueKey (41) intercepted (806227AE->B12C6EBE), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtDeleteKey (3F) intercepted (806225DE->B12C6B0A), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtDebugActiveProcess (39) intercepted (806412A2->B12CAB1A), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateWaitablePort (38) intercepted (805A3BE6->B12C9162), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateThread (35) intercepted (805CF8CC->B12C7C1C), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateSymbolicLinkObject (34) intercepted (805C36A8->8AC678C0), hook not defined
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateSemaphore (33) intercepted (80612F2C->B12C9432), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateSection (32) intercepted (805A9E9E->B12C7426), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateProcessEx (30) intercepted (805CFA2E->8A207880), hook not defined
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateProcess (2F) intercepted (805CFAE4->8A207580), hook not defined
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreatePort (2E) intercepted (805A3BC2->B12C90CC), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateNamedPipeFile (2C) intercepted (80577F04->B12C727E), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateMutant (2B) intercepted (8061557C->B12C91F8), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateKey (29) intercepted (80622142->B12C6500), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateFile (25) intercepted (80577ECA->B12C8270), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtCreateEvent (23) intercepted (8060CE66->B12C9312), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtConnectPort (1F) intercepted (805A30A6->B12C8DC8), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtClose (19) intercepted (805BAF74->B12C7F94), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM >>> Hook code blocked
14/05/2012 9:34:00 PM >>> Function restored successfully !
14/05/2012 9:34:00 PM Function NtAdjustPrivilegesToken (0B) intercepted (805EA398->B12C7690), hook C:\WINDOWS\system32\DRIVERS\3350756drv.sys, driver recognized as trusted
14/05/2012 9:34:00 PM KiST = 8050396C (284)
14/05/2012 9:34:00 PM SDT = 8055B6E0
14/05/2012 9:34:00 PM Kernel ntkrnlpa.exe found in memory at address 804D7000
14/05/2012 9:34:00 PM SDT found (RVA=0846E0)
14/05/2012 9:34:00 PM Driver loaded successfully
14/05/2012 9:34:00 PM 1.2 Searching for kernel-mode API hooks
14/05/2012 9:33:59 PM Analysis: netapi32.dll, export table found in section .text
14/05/2012 9:33:59 PM Analysis: urlmon.dll, export table found in section .text
14/05/2012 9:33:59 PM Analysis: rasapi32.dll, export table found in section .text
14/05/2012 9:33:59 PM Analysis: wininet.dll, export table found in section .text
14/05/2012 9:33:59 PM Analysis: ws2_32.dll, export table found in section .text
14/05/2012 9:33:58 PM Analysis: advapi32.dll, export table found in section .text
14/05/2012 9:33:58 PM Analysis: user32.dll, export table found in section .text
14/05/2012 9:33:58 PM Analysis: ntdll.dll, export table found in section .text
14/05/2012 9:33:58 PM IAT modification detected: GetProcAddress - 00BA0390<>7C80ADB0
14/05/2012 9:33:58 PM IAT modification detected: LoadLibraryA - 00BA0320<>7C801D77
14/05/2012 9:33:58 PM IAT modification detected: LoadLibraryW - 00BA02B0<>7C80AE5B
14/05/2012 9:33:58 PM IAT modification detected: CreateProcessW - 00BA01D0<>7C802332
14/05/2012 9:33:58 PM IAT modification detected: GetModuleFileNameW - 00BA0160<>7C80B3E5
14/05/2012 9:33:58 PM IAT modification detected: FreeLibrary - 00BA00F0<>7C80ABEE
14/05/2012 9:33:58 PM IAT modification detected: GetModuleFileNameA - 00BA0080<>7C80B4DF
14/05/2012 9:33:58 PM IAT modification detected: CreateProcessA - 00BA0010<>7C802367
14/05/2012 9:33:58 PM Analysis: kernel32.dll, export table found in section .text
14/05/2012 9:33:58 PM 1.1 Searching for user-mode API hooks
14/05/2012 9:33:57 PM System Restore: enabled
14/05/2012 9:33:57 PM Windows version: Microsoft Windows XP, Build=2600, SP="Service Pack 2"
14/05/2012 9:33:57 PM Main script of analysis
14/05/2012 9:33:56 PM Task started Gathering system information

#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 AM

Posted 15 May 2012 - 07:12 AM

I will be waiting for your GMER log before giving further instructions. :)







Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#5 123user123

123user123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 15 May 2012 - 07:27 AM

Hi,

When GMER finished, it had a one or two red items from the list I could see without scrolling down, but my mouse was disabled, and I also had 2 error messages, when I pressed enter on my keyboard, as this was the only thing was working, it closed the error box and GMER itself and disabled my keyboard!! I had to manually shutdown and reboot the computer, and when I did the Windows Loading screen was extremmely slow. After that I attemped to re-run GMER in an attempt to see if the log was still there and then the restarted itself in the few seconds I had left it! I then rebooted again and did not try to reopen GMER and the Trend warning pop-ups are still continuing.

I then tried to run in safe mode again but to no avail... I got into it with F8 but I could not select up or down to select the safe mode option <_<

So is the GMER log stored somewhere, or would it be there when I re-run the program? Where should I go from here? Also should I be disconnecting my computer from the Internet, and how dangerous is this trojan/malware/virus? Sorry for all the questions :P

I'll be back tommorow as its nightime here. Thanks for your continued support!!

Edited by 123user123, 15 May 2012 - 07:33 AM.


#6 123user123

123user123
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 17 May 2012 - 02:11 AM

Anyone?

I am unable to send Blind Faith a PM as "The member Blind Faith cannot receive any new messages"

Thanks!

#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 AM

Posted 17 May 2012 - 06:18 AM

Hi there,


Have a bit of patience, I am still under supervision of a coach, I shall come with a reply as soon as my reply is approved.




We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Elle

Edited by Blind Faith, 17 May 2012 - 06:19 AM.

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:13 AM

Posted 20 May 2012 - 07:39 AM

Hi there,



Do you still need help? Please let us know.




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:13 PM

Posted 20 May 2012 - 04:12 PM

Since it appears you are currently receiving help here this thread is closed.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users