Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit? (Hijack This log appended)


  • This topic is locked This topic is locked
15 replies to this topic

#1 Damon125

Damon125

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 14 May 2012 - 07:08 AM

Hi,

Hoping someone can save me the bother of formatting my hard-drive and re-installing Windows XP? :)

I have repeatedly run full scans with Trend Micro Titanium 2012 antivirus and Malwarebyte's Anti-Malware. About a week ago Trend Micro antivirus i.d.'d 6 trojans on the system, but the threat log has now disappeared. A couple of days later, Malwarebytes found: "Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully". Trend Micro's RootkitBuster did not detect a rootkit, but given the symptoms, I suspect there is one hiding.

Symptoms - Trend Micro antivirus stops responding during scans and sometimes turns itself off without explaination; MS Security Centre fails to automatically download and install security updates, even though auto updates are turned on; Browser re-directs; Programs are slow to open and pages slow to load on browser (I have done a full de-frag, disabled add-ons in Firefox, etc., without improving things).

Cheers, Damon.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:19 PM, on 14/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Documents and Settings\Toshiba Owner\My Documents\Downloads\RootkitBuster_v5_1061.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Toshiba Owner\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ThpSrv] c:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [OE] "C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_OE\TMAS_OEMon.exe"
O4 - HKLM\..\Run: [WLM] "C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1336741066000
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9786 bytes

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 14 May 2012 - 07:56 PM

Hi Damon125, and welcome to the Malware Removal Forums!! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

==========

:step1:
I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results. And attach.txt will be minimized.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

==========

:step2:
I also need a new log from the GMER anti-rootkit Scanner, please also do the following:

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


==========

What I would like to see in your next reply!

  • The DDS log
  • The minimized attach.txt from the DDS scan
  • The GMER log
bloopie

#3 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 15 May 2012 - 08:14 AM

Hi bloopie,

Thank you for responding so quickly! :)

OK -

Trend Micro antivirus consistently stopped responding 57% through a scan, three times this morning. I've uninstalled it and I'm getting by with MS Security Essentials for the time being. I bought my laptop with Windows XP pre-installed - it's not pirated, but I don't have the CD ROM/s.

Logs requested:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Toshiba Owner at 22:57:13 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1015.269 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Toshiba Owner\My Documents\Downloads\mugkhrp4.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigpond.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NVRotateSysTray] rundll32.exe c:\windows\system32\nvsysrot.dll,Enable
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFncKy] TFncKy.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [TFNF5] TFNF5.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [000_TmTdiUninstall] rundll32 c:\windows\tmnscins.dll,douninstalltmtdi c:\windows\TmTdi.inf
mRunOnce: [000_TmeextUninstall] rundll32 c:\windows\eextuins.dll,runonce_eextuins c:\windows\tmeext.inf
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\toshib~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1336741066000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{C93BA7CE-339D-4374-8547-02CB851D62C8} : DhcpNameServer = 10.0.0.138
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\toshiba owner\application data\mozilla\firefox\profiles\8k57b5gk.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-4-16 6144]
R1 MpKslafe5d354;MpKslafe5d354;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853cb8c1-1639-4bf9-9c3a-8791075c1fd6}\MpKslafe5d354.sys [2012-5-15 29904]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2009-4-16 5888]
R2 Tmesbs;Tmesbs32;c:\program files\toshiba\tme3\TMESBS32.EXE [2009-4-16 77824]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2009-4-16 118784]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-4-16 36352]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-2-18 17792]
RUnknown tmeext;tmeext; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-8 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-27 129976]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2009-4-16 595072]
.
=============== Created Last 30 ================
.
2012-05-15 10:59:53 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853cb8c1-1639-4bf9-9c3a-8791075c1fd6}\offreg.dll
2012-05-15 10:59:53 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853cb8c1-1639-4bf9-9c3a-8791075c1fd6}\MpKslafe5d354.sys
2012-05-15 10:50:24 6734704 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{853cb8c1-1639-4bf9-9c3a-8791075c1fd6}\mpengine.dll
2012-05-15 10:49:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-15 10:46:45 84752 ----a-w- c:\windows\tmeext.sys
2012-05-15 10:46:45 83472 ----a-w- c:\windows\eextuins.dll
2012-05-15 10:46:43 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-05-15 10:46:43 204816 ----a-w- c:\windows\TmNSCIns.dll
2012-05-15 10:37:34 -------- d-----w- c:\program files\msn gaming zone
2012-05-14 10:52:21 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-05-12 06:25:15 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-12 06:25:14 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-12 00:20:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 11:46:45 -------- d-----w- c:\documents and settings\toshiba owner\application data\Malwarebytes
2012-05-11 11:46:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-11 11:46:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-05-11 11:46:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 11:46:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-08 11:36:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 11:33:38 -------- d-----w- c:\program files\TMRBLog
2012-05-08 10:53:44 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-27 12:58:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 12:58:00 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-27 12:58:00 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-12 01:47:31 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 10:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 01:46:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-17 01:46:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 23:02:42.21 ===============


-------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-15 22:53:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080BH_PL rev.0000002A
Running: mugkhrp4.exe; Driver: C:\DOCUME~1\TOSHIB~1\LOCALS~1\Temp\pwrdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

? system32\DRIVERS\tmeext.sys The system cannot find the path specified. !
? C:\DOCUME~1\TOSHIB~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0121C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 0144E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 0144E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3880] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 0144E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3944] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3944] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3944] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3944] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmeext.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmeext.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmeext.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmeext.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?0?R?&??? ???????2?????D62???????????\???B???????z???>???????s???????????B?????????dAC???????????N?????????e_{???????z???>???????????>???????z???A???????s???z?z?z?z?z?z?z?z?z?z?z?z?z??? ???????y??????????????????????????????????????? ???????z????????#??y?1??????4?0???&????????????????????}??multi(0)disk(0)rdisk(0)partition(1)?{b??????????????????????????d????z???z??????????????????????????d????m?m?m?m?m?m?m?m?m?m?m?m?m?m?m?m ??{4D36E97D-E325-11CE-BFC1-08002BE10318}\0030?mr?? System??????????????e??? H??n?u?u?v?v?x?x?x?z?x?x?z?z?zte???z???z0??????z???x?????????z? ??? ???????5??????????0?????x?{8ECC055D-047F-11D1-A537-0000F8753ED1}\0000?.1??adapters????scecli??:\WINDOWS\system32\srrstr.dll????????????6????????e?????0.0.0.0??????????????x???????sX?? ?u?????????????????????????????????????????n?n?n?n?n?n?n?n?n?n?n?n?n??\??\C:\Program Files\Trend Micro\UniClient\workflows\workflows\*.*??????????????????0?????P??????z???z????????(?? ???z?????????.?????????????t???????????d???z????????????X?? ???z????????????0????

---- EOF - GMER 1.0.15 ----

Attached Files



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 16 May 2012 - 07:14 AM

Hello again,

Please refrain from making any changes to your system without my instruction to do so. This could hamper the cleaning process. However, now that you've made the change to Microsoft Security Essentials, it's okay to continue using it.

If you still have the Trend Micro's log or a list of the threats it found, please post it here.

==========

Let's try the following:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

bloopie

#5 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 17 May 2012 - 05:46 AM

Hi bloopie,

Unfortunately, Trend Micro antivirus' threat logs disappeared days before the software failed altogether. No threats were identified by TDSSKiller.

Log as follows:

20:29:58.0390 3140 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
20:29:59.0234 3140 ============================================================
20:29:59.0234 3140 Current date / time: 2012/05/17 20:29:59.0234
20:29:59.0234 3140 SystemInfo:
20:29:59.0234 3140
20:29:59.0234 3140 OS Version: 5.1.2600 ServicePack: 3.0
20:29:59.0234 3140 Product type: Workstation
20:29:59.0234 3140 ComputerName: TOSHIBA
20:29:59.0234 3140 UserName: Toshiba Owner
20:29:59.0234 3140 Windows directory: C:\WINDOWS
20:29:59.0234 3140 System windows directory: C:\WINDOWS
20:29:59.0234 3140 Processor architecture: Intel x86
20:29:59.0234 3140 Number of processors: 2
20:29:59.0234 3140 Page size: 0x1000
20:29:59.0234 3140 Boot type: Normal boot
20:29:59.0234 3140 ============================================================
20:30:02.0328 3140 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:30:02.0328 3140 ============================================================
20:30:02.0328 3140 \Device\Harddisk0\DR0:
20:30:02.0328 3140 MBR partitions:
20:30:02.0328 3140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
20:30:02.0328 3140 ============================================================
20:30:02.0343 3140 C: <-> \Device\Harddisk0\DR0\Partition0
20:30:02.0343 3140 ============================================================
20:30:02.0343 3140 Initialize success
20:30:02.0343 3140 ============================================================
20:30:19.0015 3476 ============================================================
20:30:19.0015 3476 Scan started
20:30:19.0015 3476 Mode: Manual;
20:30:19.0015 3476 ============================================================
20:30:19.0359 3476 Abiosdsk - ok
20:30:19.0375 3476 abp480n5 - ok
20:30:19.0437 3476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:19.0437 3476 ACPI - ok
20:30:19.0468 3476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:19.0468 3476 ACPIEC - ok
20:30:19.0562 3476 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:19.0578 3476 AdobeFlashPlayerUpdateSvc - ok
20:30:19.0578 3476 adpu160m - ok
20:30:19.0640 3476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:30:19.0640 3476 aec - ok
20:30:19.0687 3476 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:30:19.0718 3476 AegisP - ok
20:30:19.0765 3476 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:30:19.0765 3476 AFD - ok
20:30:19.0890 3476 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:30:19.0953 3476 AgereSoftModem - ok
20:30:19.0953 3476 Aha154x - ok
20:30:19.0968 3476 aic78u2 - ok
20:30:19.0968 3476 aic78xx - ok
20:30:20.0000 3476 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:30:20.0000 3476 Alerter - ok
20:30:20.0031 3476 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:30:20.0031 3476 ALG - ok
20:30:20.0031 3476 AliIde - ok
20:30:20.0046 3476 amsint - ok
20:30:20.0062 3476 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:30:20.0062 3476 ApfiltrService - ok
20:30:20.0109 3476 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:30:20.0109 3476 AppMgmt - ok
20:30:20.0125 3476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:30:20.0125 3476 Arp1394 - ok
20:30:20.0125 3476 asc - ok
20:30:20.0140 3476 asc3350p - ok
20:30:20.0140 3476 asc3550 - ok
20:30:20.0156 3476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:20.0156 3476 AsyncMac - ok
20:30:20.0203 3476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:20.0203 3476 atapi - ok
20:30:20.0203 3476 Atdisk - ok
20:30:20.0234 3476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:20.0234 3476 Atmarpc - ok
20:30:20.0281 3476 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:30:20.0281 3476 AudioSrv - ok
20:30:20.0328 3476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:20.0328 3476 audstub - ok
20:30:20.0343 3476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:30:20.0343 3476 Beep - ok
20:30:20.0421 3476 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:30:20.0515 3476 BITS - ok
20:30:20.0531 3476 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:30:20.0531 3476 Browser - ok
20:30:20.0546 3476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:20.0546 3476 cbidf2k - ok
20:30:20.0546 3476 cd20xrnt - ok
20:30:20.0578 3476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:20.0578 3476 Cdaudio - ok
20:30:20.0625 3476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:20.0625 3476 Cdfs - ok
20:30:20.0656 3476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:20.0656 3476 Cdrom - ok
20:30:20.0796 3476 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:30:20.0828 3476 CFSvcs - ok
20:30:20.0828 3476 Changer - ok
20:30:20.0859 3476 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:30:20.0859 3476 CiSvc - ok
20:30:20.0875 3476 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:30:20.0875 3476 ClipSrv - ok
20:30:20.0875 3476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:30:20.0875 3476 CmBatt - ok
20:30:20.0875 3476 CmdIde - ok
20:30:20.0906 3476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:30:20.0921 3476 Compbatt - ok
20:30:20.0921 3476 COMSysApp - ok
20:30:20.0921 3476 Cpqarray - ok
20:30:20.0968 3476 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:30:20.0984 3476 CryptSvc - ok
20:30:20.0984 3476 dac2w2k - ok
20:30:20.0984 3476 dac960nt - ok
20:30:21.0062 3476 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:30:21.0093 3476 DcomLaunch - ok
20:30:21.0109 3476 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:30:21.0109 3476 Dhcp - ok
20:30:21.0125 3476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:21.0125 3476 Disk - ok
20:30:21.0125 3476 dmadmin - ok
20:30:21.0187 3476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:30:21.0250 3476 dmboot - ok
20:30:21.0281 3476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:30:21.0281 3476 dmio - ok
20:30:21.0296 3476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:30:21.0296 3476 dmload - ok
20:30:21.0312 3476 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:30:21.0312 3476 dmserver - ok
20:30:21.0359 3476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:30:21.0359 3476 DMusic - ok
20:30:21.0390 3476 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:30:21.0390 3476 Dnscache - ok
20:30:21.0421 3476 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:30:21.0421 3476 Dot3svc - ok
20:30:21.0421 3476 dpti2o - ok
20:30:21.0421 3476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:21.0421 3476 drmkaud - ok
20:30:21.0484 3476 e1express (05e35fca7e7b2921dd7bcaa72f3903c6) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:30:21.0484 3476 e1express - ok
20:30:21.0515 3476 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:30:21.0515 3476 EapHost - ok
20:30:21.0546 3476 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:30:21.0546 3476 ERSvc - ok
20:30:21.0593 3476 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:21.0593 3476 Eventlog - ok
20:30:21.0656 3476 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:30:21.0671 3476 EventSystem - ok
20:30:21.0796 3476 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:30:21.0890 3476 EvtEng - ok
20:30:21.0921 3476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:21.0937 3476 Fastfat - ok
20:30:21.0968 3476 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:22.0000 3476 FastUserSwitchingCompatibility - ok
20:30:22.0031 3476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:30:22.0031 3476 Fdc - ok
20:30:22.0046 3476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:30:22.0046 3476 Fips - ok
20:30:22.0046 3476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:30:22.0046 3476 Flpydisk - ok
20:30:22.0109 3476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:30:22.0109 3476 FltMgr - ok
20:30:22.0140 3476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:22.0140 3476 Fs_Rec - ok
20:30:22.0156 3476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:22.0156 3476 Ftdisk - ok
20:30:22.0187 3476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:22.0187 3476 Gpc - ok
20:30:22.0187 3476 gusvc - ok
20:30:22.0250 3476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:30:22.0250 3476 HDAudBus - ok
20:30:22.0296 3476 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:30:22.0328 3476 helpsvc - ok
20:30:22.0328 3476 HidServ - ok
20:30:22.0375 3476 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:30:22.0375 3476 hkmsvc - ok
20:30:22.0375 3476 hpn - ok
20:30:22.0421 3476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:22.0437 3476 HTTP - ok
20:30:22.0468 3476 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:30:22.0484 3476 HTTPFilter - ok
20:30:22.0484 3476 i2omgmt - ok
20:30:22.0500 3476 i2omp - ok
20:30:22.0531 3476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:30:22.0531 3476 i8042prt - ok
20:30:22.0640 3476 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:30:22.0703 3476 ialm - ok
20:30:22.0812 3476 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:30:22.0859 3476 IDriverT - ok
20:30:22.0875 3476 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
20:30:22.0875 3476 IFXTPM - ok
20:30:22.0968 3476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:22.0968 3476 Imapi - ok
20:30:23.0031 3476 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:30:23.0031 3476 ImapiService - ok
20:30:23.0046 3476 ini910u - ok
20:30:23.0328 3476 IntcAzAudAddService (255c82c31a570e6ef06f4b098521da52) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:30:23.0531 3476 IntcAzAudAddService - ok
20:30:23.0625 3476 IntelIde - ok
20:30:23.0656 3476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:30:23.0671 3476 intelppm - ok
20:30:23.0687 3476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:30:23.0703 3476 Ip6Fw - ok
20:30:23.0718 3476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:23.0718 3476 IpFilterDriver - ok
20:30:23.0718 3476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:23.0718 3476 IpInIp - ok
20:30:23.0765 3476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:23.0765 3476 IpNat - ok
20:30:23.0781 3476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:23.0781 3476 IPSec - ok
20:30:23.0828 3476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:23.0828 3476 IRENUM - ok
20:30:23.0859 3476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:23.0859 3476 isapnp - ok
20:30:23.0984 3476 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
20:30:23.0984 3476 JavaQuickStarterService - ok
20:30:24.0031 3476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:24.0031 3476 Kbdclass - ok
20:30:24.0093 3476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:30:24.0093 3476 kmixer - ok
20:30:24.0125 3476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:24.0125 3476 KSecDD - ok
20:30:24.0171 3476 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:30:24.0171 3476 LanmanServer - ok
20:30:24.0234 3476 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:30:24.0234 3476 lanmanworkstation - ok
20:30:24.0234 3476 lbrtfdc - ok
20:30:24.0296 3476 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:30:24.0296 3476 LmHosts - ok
20:30:24.0328 3476 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:30:24.0328 3476 Messenger - ok
20:30:24.0359 3476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:24.0359 3476 mnmdd - ok
20:30:24.0406 3476 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:30:24.0406 3476 mnmsrvc - ok
20:30:24.0437 3476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:30:24.0437 3476 Modem - ok
20:30:24.0468 3476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:24.0468 3476 Mouclass - ok
20:30:24.0500 3476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:24.0500 3476 MountMgr - ok
20:30:24.0578 3476 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:30:24.0578 3476 MozillaMaintenance - ok
20:30:24.0625 3476 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:30:24.0625 3476 MpFilter - ok
20:30:24.0640 3476 mraid35x - ok
20:30:24.0671 3476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:24.0671 3476 MRxDAV - ok
20:30:24.0750 3476 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:24.0781 3476 MRxSmb - ok
20:30:24.0828 3476 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:30:24.0828 3476 MSDTC - ok
20:30:24.0843 3476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:30:24.0843 3476 Msfs - ok
20:30:24.0843 3476 MSIServer - ok
20:30:24.0859 3476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:24.0859 3476 MSKSSRV - ok
20:30:24.0953 3476 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:30:24.0953 3476 MsMpSvc - ok
20:30:24.0984 3476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:24.0984 3476 MSPCLOCK - ok
20:30:25.0015 3476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:25.0015 3476 MSPQM - ok
20:30:25.0046 3476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:25.0046 3476 mssmbios - ok
20:30:25.0078 3476 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:30:25.0078 3476 Mup - ok
20:30:25.0109 3476 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:30:25.0125 3476 napagent - ok
20:30:25.0140 3476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:30:25.0156 3476 NDIS - ok
20:30:25.0203 3476 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:25.0203 3476 NdisTapi - ok
20:30:25.0218 3476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:25.0218 3476 Ndisuio - ok
20:30:25.0218 3476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:25.0218 3476 NdisWan - ok
20:30:25.0250 3476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:25.0250 3476 NDProxy - ok
20:30:25.0281 3476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:25.0281 3476 NetBIOS - ok
20:30:25.0296 3476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:25.0296 3476 NetBT - ok
20:30:25.0343 3476 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:30:25.0343 3476 NetDDE - ok
20:30:25.0343 3476 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:30:25.0343 3476 NetDDEdsdm - ok
20:30:25.0359 3476 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:30:25.0375 3476 Netdevio - ok
20:30:25.0406 3476 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:25.0406 3476 Netlogon - ok
20:30:25.0468 3476 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:30:25.0468 3476 Netman - ok
20:30:25.0609 3476 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
20:30:25.0687 3476 NETw3x32 - ok
20:30:25.0781 3476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:30:25.0781 3476 NIC1394 - ok
20:30:25.0843 3476 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:30:25.0843 3476 Nla - ok
20:30:25.0859 3476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:30:25.0859 3476 Npfs - ok
20:30:25.0906 3476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:25.0937 3476 Ntfs - ok
20:30:25.0984 3476 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:30:26.0000 3476 NTIDrvr - ok
20:30:26.0000 3476 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:26.0000 3476 NtLmSsp - ok
20:30:26.0046 3476 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:30:26.0078 3476 NtmsSvc - ok
20:30:26.0109 3476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:30:26.0109 3476 Null - ok
20:30:26.0359 3476 nv (5445c6e4b1db1d9ecfc63d3f8d6b7884) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:30:26.0468 3476 nv - ok
20:30:26.0593 3476 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
20:30:26.0609 3476 nvport - ok
20:30:26.0640 3476 NVSvc (7bf996cd7ffd7d5b1af8ec5f1dc800cb) C:\WINDOWS\system32\nvsvc32.exe
20:30:26.0640 3476 NVSvc - ok
20:30:26.0687 3476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:26.0687 3476 NwlnkFlt - ok
20:30:26.0687 3476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:26.0687 3476 NwlnkFwd - ok
20:30:26.0718 3476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:30:26.0718 3476 ohci1394 - ok
20:30:26.0781 3476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:30:26.0781 3476 Parport - ok
20:30:26.0781 3476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:26.0796 3476 PartMgr - ok
20:30:26.0812 3476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:26.0812 3476 ParVdm - ok
20:30:26.0828 3476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:26.0828 3476 PCI - ok
20:30:26.0843 3476 PCIDump - ok
20:30:26.0843 3476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:30:26.0843 3476 PCIIde - ok
20:30:26.0875 3476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:30:26.0875 3476 Pcmcia - ok
20:30:26.0890 3476 PDCOMP - ok
20:30:26.0890 3476 PDFRAME - ok
20:30:26.0890 3476 PDRELI - ok
20:30:26.0906 3476 PDRFRAME - ok
20:30:26.0906 3476 perc2 - ok
20:30:26.0906 3476 perc2hib - ok
20:30:26.0921 3476 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
20:30:26.0921 3476 pfc - ok
20:30:26.0968 3476 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:26.0984 3476 PlugPlay - ok
20:30:26.0984 3476 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:26.0984 3476 PolicyAgent - ok
20:30:27.0000 3476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:27.0000 3476 PptpMiniport - ok
20:30:27.0000 3476 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:27.0015 3476 ProtectedStorage - ok
20:30:27.0015 3476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:27.0015 3476 PSched - ok
20:30:27.0046 3476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:27.0046 3476 Ptilink - ok
20:30:27.0046 3476 ql1080 - ok
20:30:27.0062 3476 Ql10wnt - ok
20:30:27.0062 3476 ql12160 - ok
20:30:27.0062 3476 ql1240 - ok
20:30:27.0078 3476 ql1280 - ok
20:30:27.0093 3476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:30:27.0093 3476 RasAcd - ok
20:30:27.0125 3476 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:30:27.0125 3476 RasAuto - ok
20:30:27.0156 3476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:30:27.0156 3476 Rasl2tp - ok
20:30:27.0187 3476 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:30:27.0187 3476 RasMan - ok
20:30:27.0187 3476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:30:27.0187 3476 RasPppoe - ok
20:30:27.0203 3476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:30:27.0203 3476 Raspti - ok
20:30:27.0218 3476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:30:27.0234 3476 Rdbss - ok
20:30:27.0250 3476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:30:27.0250 3476 RDPCDD - ok
20:30:27.0296 3476 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:30:27.0296 3476 rdpdr - ok
20:30:27.0343 3476 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:30:27.0343 3476 RDPWD - ok
20:30:27.0375 3476 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:30:27.0375 3476 RDSessMgr - ok
20:30:27.0421 3476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:30:27.0421 3476 redbook - ok
20:30:27.0546 3476 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:30:27.0640 3476 RegSrvc - ok
20:30:27.0671 3476 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:30:27.0671 3476 RemoteAccess - ok
20:30:27.0718 3476 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:30:27.0718 3476 RemoteRegistry - ok
20:30:27.0750 3476 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:30:27.0750 3476 RpcLocator - ok
20:30:27.0828 3476 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:30:27.0828 3476 RpcSs - ok
20:30:27.0875 3476 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:30:27.0890 3476 RSVP - ok
20:30:27.0984 3476 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:30:28.0265 3476 S24EventMonitor - ok
20:30:28.0296 3476 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:30:28.0312 3476 s24trans - ok
20:30:28.0312 3476 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:28.0312 3476 SamSs - ok
20:30:28.0359 3476 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:30:28.0359 3476 SCardSvr - ok
20:30:28.0406 3476 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:30:28.0406 3476 Schedule - ok
20:30:28.0421 3476 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:30:28.0421 3476 sdbus - ok
20:30:28.0453 3476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:30:28.0453 3476 Secdrv - ok
20:30:28.0453 3476 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:30:28.0453 3476 seclogon - ok
20:30:28.0468 3476 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:30:28.0468 3476 SENS - ok
20:30:28.0515 3476 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:30:28.0515 3476 serenum - ok
20:30:28.0515 3476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:30:28.0515 3476 Serial - ok
20:30:28.0531 3476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:30:28.0546 3476 Sfloppy - ok
20:30:28.0609 3476 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:30:28.0625 3476 SharedAccess - ok
20:30:28.0687 3476 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:28.0687 3476 ShellHWDetection - ok
20:30:28.0687 3476 Simbad - ok
20:30:28.0703 3476 Sparrow - ok
20:30:28.0750 3476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:30:28.0750 3476 splitter - ok
20:30:28.0781 3476 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:30:28.0796 3476 Spooler - ok
20:30:28.0828 3476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:30:28.0843 3476 sr - ok
20:30:28.0859 3476 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:30:28.0859 3476 srservice - ok
20:30:28.0921 3476 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:30:28.0937 3476 Srv - ok
20:30:29.0000 3476 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:30:29.0000 3476 SSDPSRV - ok
20:30:29.0093 3476 STHDA (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
20:30:29.0140 3476 STHDA - ok
20:30:29.0187 3476 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:30:29.0187 3476 stisvc - ok
20:30:29.0203 3476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:30:29.0203 3476 swenum - ok
20:30:29.0234 3476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:30:29.0234 3476 swmidi - ok
20:30:29.0234 3476 SwPrv - ok
20:30:29.0250 3476 symc810 - ok
20:30:29.0250 3476 symc8xx - ok
20:30:29.0250 3476 sym_hi - ok
20:30:29.0265 3476 sym_u3 - ok
20:30:29.0296 3476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:30:29.0296 3476 sysaudio - ok
20:30:29.0328 3476 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:30:29.0328 3476 SysmonLog - ok
20:30:29.0375 3476 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:30:29.0375 3476 TapiSrv - ok
20:30:29.0484 3476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:30:29.0500 3476 Tcpip - ok
20:30:29.0546 3476 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
20:30:29.0546 3476 TcUsb - ok
20:30:29.0578 3476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:30:29.0578 3476 TDPIPE - ok
20:30:29.0578 3476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:30:29.0578 3476 TDTCP - ok
20:30:29.0640 3476 TEchoCan (4a80e7a7d65560aa26e10b4c0a77d87a) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
20:30:29.0687 3476 TEchoCan - ok
20:30:29.0718 3476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:30:29.0718 3476 TermDD - ok
20:30:29.0765 3476 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:30:29.0765 3476 TermService - ok
20:30:29.0828 3476 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:29.0828 3476 Themes - ok
20:30:29.0875 3476 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
20:30:29.0906 3476 Thpdrv - ok
20:30:29.0906 3476 Thpevm (51b3dfbe72ce64faf326c07ccbb5d632) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
20:30:29.0906 3476 Thpevm - ok
20:30:29.0921 3476 Thpsrv (9f06ffa1a13f07305e2bd287e8546c3a) C:\WINDOWS\system32\ThpSrv.exe
20:30:29.0968 3476 Thpsrv - ok
20:30:30.0015 3476 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:30:30.0015 3476 TlntSvr - ok
20:30:30.0046 3476 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
20:30:30.0062 3476 TMEI3E - ok
20:30:30.0156 3476 Tmesbs (9b526ce4e47c1d89dc232dd1c9337253) C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
20:30:30.0187 3476 Tmesbs - ok
20:30:30.0203 3476 Tmesrv (7072a39464884b1df9bb3709c5a47a15) C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
20:30:30.0250 3476 Tmesrv - ok
20:30:30.0296 3476 TOSHIBA Bluetooth Service (d9a627a7f98c3e1a47ec7d8724f06c4f) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:30:30.0296 3476 TOSHIBA Bluetooth Service - ok
20:30:30.0296 3476 TosIde - ok
20:30:30.0312 3476 Tosrfcom - ok
20:30:30.0359 3476 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:30:30.0359 3476 TrkWks - ok
20:30:30.0390 3476 TVALZ (ccf4f8f8240f7057bf864ef73e91dcbb) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
20:30:30.0406 3476 TVALZ - ok
20:30:30.0453 3476 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
20:30:30.0468 3476 UBHelper - ok
20:30:30.0515 3476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:30:30.0515 3476 Udfs - ok
20:30:30.0515 3476 ultra - ok
20:30:30.0625 3476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:30:30.0671 3476 Update - ok
20:30:30.0703 3476 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:30:30.0703 3476 upnphost - ok
20:30:30.0718 3476 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:30:30.0718 3476 UPS - ok
20:30:30.0765 3476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:30:30.0765 3476 usbehci - ok
20:30:30.0781 3476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:30:30.0781 3476 usbhub - ok
20:30:30.0828 3476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:30:30.0828 3476 usbscan - ok
20:30:30.0859 3476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:30:30.0859 3476 USBSTOR - ok
20:30:30.0906 3476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:30:30.0906 3476 usbuhci - ok
20:30:30.0953 3476 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
20:30:30.0953 3476 VCSVADHWSer - ok
20:30:30.0984 3476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:30:30.0984 3476 VgaSave - ok
20:30:30.0984 3476 ViaIde - ok
20:30:31.0015 3476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:30:31.0015 3476 VolSnap - ok
20:30:31.0078 3476 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:30:31.0093 3476 VSS - ok
20:30:31.0140 3476 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:30:31.0140 3476 W32Time - ok
20:30:31.0156 3476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:30:31.0156 3476 Wanarp - ok
20:30:31.0156 3476 WDICA - ok
20:30:31.0234 3476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:30:31.0234 3476 wdmaud - ok
20:30:31.0296 3476 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:30:31.0296 3476 WebClient - ok
20:30:31.0406 3476 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:30:31.0453 3476 winmgmt - ok
20:30:31.0484 3476 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:30:31.0484 3476 WmdmPmSN - ok
20:30:31.0562 3476 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:30:31.0609 3476 Wmi - ok
20:30:31.0640 3476 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:30:31.0703 3476 WmiApSrv - ok
20:30:31.0875 3476 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:30:31.0921 3476 WMPNetworkSvc - ok
20:30:31.0984 3476 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:30:32.0000 3476 WpdUsb - ok
20:30:32.0031 3476 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:30:32.0046 3476 wscsvc - ok
20:30:32.0093 3476 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:30:32.0093 3476 wuauserv - ok
20:30:32.0140 3476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:30:32.0140 3476 WudfPf - ok
20:30:32.0187 3476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:30:32.0187 3476 WudfRd - ok
20:30:32.0218 3476 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:30:32.0234 3476 WudfSvc - ok
20:30:32.0265 3476 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:30:32.0296 3476 WZCSVC - ok
20:30:32.0343 3476 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:30:32.0343 3476 xmlprov - ok
20:30:32.0375 3476 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:30:32.0828 3476 \Device\Harddisk0\DR0 - ok
20:30:32.0828 3476 Boot (0x1200) (fb6675a5828e77e51b124ee56f57aed9) \Device\Harddisk0\DR0\Partition0
20:30:32.0828 3476 \Device\Harddisk0\DR0\Partition0 - ok
20:30:32.0828 3476 ============================================================
20:30:32.0828 3476 Scan finished
20:30:32.0828 3476 ============================================================
20:30:32.0843 2680 Detected object count: 0
20:30:32.0843 2680 Actual detected object count: 0
20:30:52.0906 3052 ============================================================
20:30:52.0906 3052 Scan started
20:30:52.0906 3052 Mode: Manual;
20:30:52.0906 3052 ============================================================
20:30:53.0281 3052 Abiosdsk - ok
20:30:53.0296 3052 abp480n5 - ok
20:30:53.0328 3052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:30:53.0328 3052 ACPI - ok
20:30:53.0375 3052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:30:53.0375 3052 ACPIEC - ok
20:30:53.0453 3052 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:30:53.0468 3052 AdobeFlashPlayerUpdateSvc - ok
20:30:53.0468 3052 adpu160m - ok
20:30:53.0515 3052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:30:53.0515 3052 aec - ok
20:30:53.0562 3052 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:30:53.0562 3052 AegisP - ok
20:30:53.0625 3052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:30:53.0625 3052 AFD - ok
20:30:53.0750 3052 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:30:53.0750 3052 AgereSoftModem - ok
20:30:53.0750 3052 Aha154x - ok
20:30:53.0765 3052 aic78u2 - ok
20:30:53.0765 3052 aic78xx - ok
20:30:53.0796 3052 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:30:53.0796 3052 Alerter - ok
20:30:53.0828 3052 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:30:53.0828 3052 ALG - ok
20:30:53.0828 3052 AliIde - ok
20:30:53.0843 3052 amsint - ok
20:30:53.0859 3052 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:30:53.0859 3052 ApfiltrService - ok
20:30:53.0890 3052 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:30:53.0890 3052 AppMgmt - ok
20:30:53.0906 3052 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:30:53.0906 3052 Arp1394 - ok
20:30:53.0921 3052 asc - ok
20:30:53.0921 3052 asc3350p - ok
20:30:53.0921 3052 asc3550 - ok
20:30:53.0953 3052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:30:53.0953 3052 AsyncMac - ok
20:30:53.0984 3052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:30:53.0984 3052 atapi - ok
20:30:54.0000 3052 Atdisk - ok
20:30:54.0031 3052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:30:54.0031 3052 Atmarpc - ok
20:30:54.0062 3052 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:30:54.0062 3052 AudioSrv - ok
20:30:54.0109 3052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:30:54.0109 3052 audstub - ok
20:30:54.0125 3052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:30:54.0125 3052 Beep - ok
20:30:54.0187 3052 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:30:54.0187 3052 BITS - ok
20:30:54.0250 3052 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:30:54.0250 3052 Browser - ok
20:30:54.0265 3052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:30:54.0265 3052 cbidf2k - ok
20:30:54.0281 3052 cd20xrnt - ok
20:30:54.0312 3052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:30:54.0312 3052 Cdaudio - ok
20:30:54.0343 3052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:30:54.0343 3052 Cdfs - ok
20:30:54.0375 3052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:30:54.0375 3052 Cdrom - ok
20:30:54.0468 3052 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:30:54.0468 3052 CFSvcs - ok
20:30:54.0484 3052 Changer - ok
20:30:54.0500 3052 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:30:54.0500 3052 CiSvc - ok
20:30:54.0515 3052 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:30:54.0515 3052 ClipSrv - ok
20:30:54.0546 3052 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:30:54.0546 3052 CmBatt - ok
20:30:54.0546 3052 CmdIde - ok
20:30:54.0562 3052 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:30:54.0562 3052 Compbatt - ok
20:30:54.0578 3052 COMSysApp - ok
20:30:54.0578 3052 Cpqarray - ok
20:30:54.0593 3052 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:30:54.0593 3052 CryptSvc - ok
20:30:54.0593 3052 dac2w2k - ok
20:30:54.0609 3052 dac960nt - ok
20:30:54.0671 3052 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:30:54.0687 3052 DcomLaunch - ok
20:30:54.0703 3052 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:30:54.0703 3052 Dhcp - ok
20:30:54.0703 3052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:30:54.0703 3052 Disk - ok
20:30:54.0718 3052 dmadmin - ok
20:30:54.0781 3052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:30:54.0796 3052 dmboot - ok
20:30:54.0843 3052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:30:54.0843 3052 dmio - ok
20:30:54.0875 3052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:30:54.0875 3052 dmload - ok
20:30:54.0890 3052 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:30:54.0890 3052 dmserver - ok
20:30:54.0937 3052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:30:54.0937 3052 DMusic - ok
20:30:54.0968 3052 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:30:54.0968 3052 Dnscache - ok
20:30:55.0000 3052 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:30:55.0000 3052 Dot3svc - ok
20:30:55.0000 3052 dpti2o - ok
20:30:55.0000 3052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:30:55.0000 3052 drmkaud - ok
20:30:55.0093 3052 e1express (05e35fca7e7b2921dd7bcaa72f3903c6) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:30:55.0093 3052 e1express - ok
20:30:55.0125 3052 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:30:55.0125 3052 EapHost - ok
20:30:55.0156 3052 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:30:55.0156 3052 ERSvc - ok
20:30:55.0203 3052 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:55.0203 3052 Eventlog - ok
20:30:55.0265 3052 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:30:55.0265 3052 EventSystem - ok
20:30:55.0343 3052 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:30:55.0343 3052 EvtEng - ok
20:30:55.0390 3052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:30:55.0390 3052 Fastfat - ok
20:30:55.0437 3052 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:30:55.0437 3052 FastUserSwitchingCompatibility - ok
20:30:55.0484 3052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:30:55.0484 3052 Fdc - ok
20:30:55.0484 3052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:30:55.0484 3052 Fips - ok
20:30:55.0500 3052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:30:55.0500 3052 Flpydisk - ok
20:30:55.0562 3052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:30:55.0562 3052 FltMgr - ok
20:30:55.0578 3052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:30:55.0578 3052 Fs_Rec - ok
20:30:55.0593 3052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:30:55.0593 3052 Ftdisk - ok
20:30:55.0625 3052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:30:55.0625 3052 Gpc - ok
20:30:55.0625 3052 gusvc - ok
20:30:55.0687 3052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:30:55.0687 3052 HDAudBus - ok
20:30:55.0750 3052 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:30:55.0750 3052 helpsvc - ok
20:30:55.0750 3052 HidServ - ok
20:30:55.0796 3052 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:30:55.0796 3052 hkmsvc - ok
20:30:55.0796 3052 hpn - ok
20:30:55.0843 3052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:30:55.0859 3052 HTTP - ok
20:30:55.0890 3052 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:30:55.0890 3052 HTTPFilter - ok
20:30:55.0890 3052 i2omgmt - ok
20:30:55.0906 3052 i2omp - ok
20:30:55.0937 3052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:30:55.0953 3052 i8042prt - ok
20:30:56.0062 3052 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:30:56.0078 3052 ialm - ok
20:30:56.0187 3052 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:30:56.0187 3052 IDriverT - ok
20:30:56.0203 3052 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
20:30:56.0203 3052 IFXTPM - ok
20:30:56.0234 3052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:30:56.0234 3052 Imapi - ok
20:30:56.0312 3052 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:30:56.0312 3052 ImapiService - ok
20:30:56.0312 3052 ini910u - ok
20:30:56.0625 3052 IntcAzAudAddService (255c82c31a570e6ef06f4b098521da52) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:30:56.0656 3052 IntcAzAudAddService - ok
20:30:56.0734 3052 IntelIde - ok
20:30:56.0796 3052 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:30:56.0796 3052 intelppm - ok
20:30:56.0828 3052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:30:56.0828 3052 Ip6Fw - ok
20:30:56.0843 3052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:30:56.0843 3052 IpFilterDriver - ok
20:30:56.0859 3052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:30:56.0859 3052 IpInIp - ok
20:30:56.0890 3052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:30:56.0890 3052 IpNat - ok
20:30:56.0906 3052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:56.0921 3052 IPSec - ok
20:30:56.0953 3052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:56.0953 3052 IRENUM - ok
20:30:57.0000 3052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:57.0000 3052 isapnp - ok
20:30:57.0125 3052 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
20:30:57.0125 3052 JavaQuickStarterService - ok
20:30:57.0171 3052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:57.0171 3052 Kbdclass - ok
20:30:57.0234 3052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:30:57.0234 3052 kmixer - ok
20:30:57.0265 3052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:57.0265 3052 KSecDD - ok
20:30:57.0312 3052 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:30:57.0312 3052 LanmanServer - ok
20:30:57.0359 3052 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:30:57.0359 3052 lanmanworkstation - ok
20:30:57.0375 3052 lbrtfdc - ok
20:30:57.0421 3052 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:30:57.0437 3052 LmHosts - ok
20:30:57.0453 3052 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:30:57.0453 3052 Messenger - ok
20:30:57.0500 3052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:57.0500 3052 mnmdd - ok
20:30:57.0531 3052 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:30:57.0531 3052 mnmsrvc - ok
20:30:57.0562 3052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:30:57.0562 3052 Modem - ok
20:30:57.0593 3052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:57.0593 3052 Mouclass - ok
20:30:57.0640 3052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:57.0640 3052 MountMgr - ok
20:30:57.0687 3052 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:30:57.0687 3052 MozillaMaintenance - ok
20:30:57.0734 3052 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:30:57.0734 3052 MpFilter - ok
20:30:57.0750 3052 mraid35x - ok
20:30:57.0781 3052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:57.0781 3052 MRxDAV - ok
20:30:57.0859 3052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:57.0859 3052 MRxSmb - ok
20:30:57.0890 3052 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:30:57.0890 3052 MSDTC - ok
20:30:57.0890 3052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:30:57.0890 3052 Msfs - ok
20:30:57.0906 3052 MSIServer - ok
20:30:57.0921 3052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:57.0921 3052 MSKSSRV - ok
20:30:58.0000 3052 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:30:58.0000 3052 MsMpSvc - ok
20:30:58.0031 3052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:58.0046 3052 MSPCLOCK - ok
20:30:58.0046 3052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:58.0046 3052 MSPQM - ok
20:30:58.0078 3052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:58.0093 3052 mssmbios - ok
20:30:58.0140 3052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:30:58.0140 3052 Mup - ok
20:30:58.0187 3052 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:30:58.0187 3052 napagent - ok
20:30:58.0218 3052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:30:58.0218 3052 NDIS - ok
20:30:58.0265 3052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:58.0265 3052 NdisTapi - ok
20:30:58.0328 3052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:58.0328 3052 Ndisuio - ok
20:30:58.0359 3052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:58.0359 3052 NdisWan - ok
20:30:58.0375 3052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:58.0375 3052 NDProxy - ok
20:30:58.0375 3052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:58.0375 3052 NetBIOS - ok
20:30:58.0406 3052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:58.0406 3052 NetBT - ok
20:30:58.0453 3052 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:30:58.0453 3052 NetDDE - ok
20:30:58.0453 3052 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:30:58.0453 3052 NetDDEdsdm - ok
20:30:58.0484 3052 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:30:58.0484 3052 Netdevio - ok
20:30:58.0500 3052 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:58.0515 3052 Netlogon - ok
20:30:58.0531 3052 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:30:58.0546 3052 Netman - ok
20:30:58.0687 3052 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
20:30:58.0703 3052 NETw3x32 - ok
20:30:58.0812 3052 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:30:58.0812 3052 NIC1394 - ok
20:30:58.0859 3052 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:30:58.0875 3052 Nla - ok
20:30:58.0890 3052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:30:58.0890 3052 Npfs - ok
20:30:58.0921 3052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:58.0921 3052 Ntfs - ok
20:30:59.0000 3052 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:30:59.0000 3052 NTIDrvr - ok
20:30:59.0031 3052 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:59.0031 3052 NtLmSsp - ok
20:30:59.0062 3052 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:30:59.0078 3052 NtmsSvc - ok
20:30:59.0109 3052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:30:59.0125 3052 Null - ok
20:30:59.0375 3052 nv (5445c6e4b1db1d9ecfc63d3f8d6b7884) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:30:59.0406 3052 nv - ok
20:30:59.0515 3052 nvport (add596f11d3a23e55d960d4cce6e9b3a) C:\WINDOWS\system32\Drivers\nvport.sys
20:30:59.0515 3052 nvport - ok
20:30:59.0531 3052 NVSvc (7bf996cd7ffd7d5b1af8ec5f1dc800cb) C:\WINDOWS\system32\nvsvc32.exe
20:30:59.0531 3052 NVSvc - ok
20:30:59.0578 3052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:59.0578 3052 NwlnkFlt - ok
20:30:59.0578 3052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:59.0578 3052 NwlnkFwd - ok
20:30:59.0593 3052 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:30:59.0593 3052 ohci1394 - ok
20:30:59.0640 3052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:30:59.0640 3052 Parport - ok
20:30:59.0671 3052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:59.0671 3052 PartMgr - ok
20:30:59.0687 3052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:59.0687 3052 ParVdm - ok
20:30:59.0718 3052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:59.0718 3052 PCI - ok
20:30:59.0718 3052 PCIDump - ok
20:30:59.0734 3052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:30:59.0734 3052 PCIIde - ok
20:30:59.0765 3052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:30:59.0765 3052 Pcmcia - ok
20:30:59.0781 3052 PDCOMP - ok
20:30:59.0781 3052 PDFRAME - ok
20:30:59.0781 3052 PDRELI - ok
20:30:59.0796 3052 PDRFRAME - ok
20:30:59.0796 3052 perc2 - ok
20:30:59.0796 3052 perc2hib - ok
20:30:59.0812 3052 pfc (da86016f0672ada925f589ede715f185) C:\WINDOWS\system32\drivers\pfc.sys
20:30:59.0812 3052 pfc - ok
20:30:59.0875 3052 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:30:59.0875 3052 PlugPlay - ok
20:30:59.0906 3052 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:59.0906 3052 PolicyAgent - ok
20:30:59.0937 3052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:59.0937 3052 PptpMiniport - ok
20:30:59.0937 3052 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:30:59.0937 3052 ProtectedStorage - ok
20:30:59.0953 3052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:59.0953 3052 PSched - ok
20:30:59.0968 3052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:59.0968 3052 Ptilink - ok
20:30:59.0968 3052 ql1080 - ok
20:30:59.0984 3052 Ql10wnt - ok
20:30:59.0984 3052 ql12160 - ok
20:30:59.0984 3052 ql1240 - ok
20:31:00.0000 3052 ql1280 - ok
20:31:00.0015 3052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:31:00.0015 3052 RasAcd - ok
20:31:00.0046 3052 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:31:00.0046 3052 RasAuto - ok
20:31:00.0078 3052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:31:00.0078 3052 Rasl2tp - ok
20:31:00.0109 3052 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:31:00.0109 3052 RasMan - ok
20:31:00.0109 3052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:31:00.0109 3052 RasPppoe - ok
20:31:00.0125 3052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:31:00.0125 3052 Raspti - ok
20:31:00.0140 3052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:31:00.0156 3052 Rdbss - ok
20:31:00.0171 3052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:31:00.0171 3052 RDPCDD - ok
20:31:00.0234 3052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:31:00.0234 3052 rdpdr - ok
20:31:00.0296 3052 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:31:00.0296 3052 RDPWD - ok
20:31:00.0328 3052 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:31:00.0328 3052 RDSessMgr - ok
20:31:00.0359 3052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:31:00.0359 3052 redbook - ok
20:31:00.0484 3052 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:31:00.0484 3052 RegSrvc - ok
20:31:00.0531 3052 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:31:00.0531 3052 RemoteAccess - ok
20:31:00.0578 3052 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:31:00.0578 3052 RemoteRegistry - ok
20:31:00.0625 3052 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:31:00.0625 3052 RpcLocator - ok
20:31:00.0687 3052 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:31:00.0687 3052 RpcSs - ok
20:31:00.0750 3052 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:31:00.0750 3052 RSVP - ok
20:31:00.0828 3052 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:31:00.0843 3052 S24EventMonitor - ok
20:31:00.0859 3052 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:31:00.0859 3052 s24trans - ok
20:31:00.0875 3052 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:31:00.0875 3052 SamSs - ok
20:31:00.0906 3052 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:31:00.0906 3052 SCardSvr - ok
20:31:00.0953 3052 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:31:00.0953 3052 Schedule - ok
20:31:00.0968 3052 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:31:00.0984 3052 sdbus - ok
20:31:01.0000 3052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:31:01.0000 3052 Secdrv - ok
20:31:01.0015 3052 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:31:01.0015 3052 seclogon - ok
20:31:01.0015 3052 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:31:01.0015 3052 SENS - ok
20:31:01.0062 3052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:31:01.0062 3052 serenum - ok
20:31:01.0078 3052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:31:01.0078 3052 Serial - ok
20:31:01.0093 3052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:31:01.0093 3052 Sfloppy - ok
20:31:01.0156 3052 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:31:01.0156 3052 SharedAccess - ok
20:31:01.0218 3052 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:31:01.0218 3052 ShellHWDetection - ok
20:31:01.0218 3052 Simbad - ok
20:31:01.0234 3052 Sparrow - ok
20:31:01.0281 3052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:31:01.0281 3052 splitter - ok
20:31:01.0312 3052 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:31:01.0328 3052 Spooler - ok
20:31:01.0375 3052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:31:01.0375 3052 sr - ok
20:31:01.0390 3052 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:31:01.0390 3052 srservice - ok
20:31:01.0453 3052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:31:01.0468 3052 Srv - ok
20:31:01.0515 3052 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:31:01.0531 3052 SSDPSRV - ok
20:31:01.0609 3052 STHDA (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
20:31:01.0625 3052 STHDA - ok
20:31:01.0656 3052 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:31:01.0671 3052 stisvc - ok
20:31:01.0718 3052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:31:01.0718 3052 swenum - ok
20:31:01.0750 3052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:31:01.0750 3052 swmidi - ok
20:31:01.0750 3052 SwPrv - ok
20:31:01.0750 3052 symc810 - ok
20:31:01.0765 3052 symc8xx - ok
20:31:01.0765 3052 sym_hi - ok
20:31:01.0765 3052 sym_u3 - ok
20:31:01.0812 3052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:31:01.0812 3052 sysaudio - ok
20:31:01.0843 3052 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:31:01.0843 3052 SysmonLog - ok
20:31:01.0875 3052 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:31:01.0875 3052 TapiSrv - ok
20:31:01.0953 3052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:31:01.0953 3052 Tcpip - ok
20:31:01.0984 3052 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
20:31:02.0000 3052 TcUsb - ok
20:31:02.0015 3052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:31:02.0015 3052 TDPIPE - ok
20:31:02.0015 3052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:31:02.0015 3052 TDTCP - ok
20:31:02.0093 3052 TEchoCan (4a80e7a7d65560aa26e10b4c0a77d87a) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
20:31:02.0093 3052 TEchoCan - ok
20:31:02.0140 3052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:31:02.0140 3052 TermDD - ok
20:31:02.0171 3052 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:31:02.0171 3052 TermService - ok
20:31:02.0234 3052 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:31:02.0250 3052 Themes - ok
20:31:02.0296 3052 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
20:31:02.0296 3052 Thpdrv - ok
20:31:02.0296 3052 Thpevm (51b3dfbe72ce64faf326c07ccbb5d632) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
20:31:02.0296 3052 Thpevm - ok
20:31:02.0328 3052 Thpsrv (9f06ffa1a13f07305e2bd287e8546c3a) C:\WINDOWS\system32\ThpSrv.exe
20:31:02.0328 3052 Thpsrv - ok
20:31:02.0359 3052 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:31:02.0375 3052 TlntSvr - ok
20:31:02.0406 3052 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
20:31:02.0406 3052 TMEI3E - ok
20:31:02.0515 3052 Tmesbs (9b526ce4e47c1d89dc232dd1c9337253) C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
20:31:02.0515 3052 Tmesbs - ok
20:31:02.0531 3052 Tmesrv (7072a39464884b1df9bb3709c5a47a15) C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
20:31:02.0531 3052 Tmesrv - ok
20:31:02.0562 3052 TOSHIBA Bluetooth Service (d9a627a7f98c3e1a47ec7d8724f06c4f) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:31:02.0562 3052 TOSHIBA Bluetooth Service - ok
20:31:02.0562 3052 TosIde - ok
20:31:02.0578 3052 Tosrfcom - ok
20:31:02.0609 3052 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:31:02.0609 3052 TrkWks - ok
20:31:02.0625 3052 TVALZ (ccf4f8f8240f7057bf864ef73e91dcbb) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
20:31:02.0625 3052 TVALZ - ok
20:31:02.0671 3052 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
20:31:02.0671 3052 UBHelper - ok
20:31:02.0718 3052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:31:02.0734 3052 Udfs - ok
20:31:02.0734 3052 ultra - ok
20:31:02.0812 3052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:31:02.0812 3052 Update - ok
20:31:02.0859 3052 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:31:02.0859 3052 upnphost - ok
20:31:02.0890 3052 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:31:02.0890 3052 UPS - ok
20:31:02.0921 3052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:31:02.0921 3052 usbehci - ok
20:31:02.0953 3052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:31:02.0953 3052 usbhub - ok
20:31:03.0000 3052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:31:03.0000 3052 usbscan - ok
20:31:03.0031 3052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:31:03.0031 3052 USBSTOR - ok
20:31:03.0062 3052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:31:03.0062 3052 usbuhci - ok
20:31:03.0125 3052 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
20:31:03.0125 3052 VCSVADHWSer - ok
20:31:03.0156 3052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:31:03.0156 3052 VgaSave - ok
20:31:03.0156 3052 ViaIde - ok
20:31:03.0187 3052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:31:03.0187 3052 VolSnap - ok
20:31:03.0218 3052 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:31:03.0234 3052 VSS - ok
20:31:03.0265 3052 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:31:03.0265 3052 W32Time - ok
20:31:03.0281 3052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:31:03.0281 3052 Wanarp - ok
20:31:03.0296 3052 WDICA - ok
20:31:03.0343 3052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:31:03.0343 3052 wdmaud - ok
20:31:03.0375 3052 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:31:03.0375 3052 WebClient - ok
20:31:03.0484 3052 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:31:03.0484 3052 winmgmt - ok
20:31:03.0515 3052 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:31:03.0531 3052 WmdmPmSN - ok
20:31:03.0609 3052 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:31:03.0609 3052 Wmi - ok
20:31:03.0640 3052 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:31:03.0656 3052 WmiApSrv - ok
20:31:03.0828 3052 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:31:03.0828 3052 WMPNetworkSvc - ok
20:31:03.0890 3052 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:31:03.0890 3052 WpdUsb - ok
20:31:03.0921 3052 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:31:03.0921 3052 wscsvc - ok
20:31:03.0968 3052 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:31:03.0984 3052 wuauserv - ok
20:31:04.0046 3052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:31:04.0046 3052 WudfPf - ok
20:31:04.0093 3052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:31:04.0093 3052 WudfRd - ok
20:31:04.0109 3052 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:31:04.0109 3052 WudfSvc - ok
20:31:04.0156 3052 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:31:04.0156 3052 WZCSVC - ok
20:31:04.0203 3052 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:31:04.0203 3052 xmlprov - ok
20:31:04.0250 3052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:31:04.0703 3052 \Device\Harddisk0\DR0 - ok
20:31:04.0718 3052 Boot (0x1200) (fb6675a5828e77e51b124ee56f57aed9) \Device\Harddisk0\DR0\Partition0
20:31:04.0718 3052 \Device\Harddisk0\DR0\Partition0 - ok
20:31:04.0718 3052 ============================================================
20:31:04.0718 3052 Scan finished
20:31:04.0718 3052 ============================================================
20:31:04.0718 2592 Detected object count: 0
20:31:04.0718 2592 Actual detected object count: 0

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 17 May 2012 - 10:59 AM

Hi again,

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you. Please include that report in your next reply!

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

How is your computer running now?

bloopie

#7 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 18 May 2012 - 06:44 AM

Hi bloopie,

ComboFix identified the XP Recovery Console as disabled/missing, and re-installed it. The desktop also seemed to load more quickly after I restarted Windows. :)

ComboFix 12-05-17.08 - Toshiba Owner 18/05/2012 19:45:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1015.481 [GMT 10:00]
Running from: c:\documents and settings\Toshiba Owner\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Toshiba Owner\Application Data\Pypex
c:\documents and settings\Toshiba Owner\Application Data\Pypex\ivoh.seq
c:\documents and settings\Toshiba Owner\Application Data\toshiba
c:\documents and settings\Toshiba Owner\Application Data\toshiba\pcdiag\v3.0\wbeminfo.log
c:\documents and settings\Toshiba Owner\Application Data\Urfaap
c:\documents and settings\Toshiba Owner\Application Data\Urfaap\lezy.ytn
c:\documents and settings\Toshiba Owner\Local Settings\Temporary Internet Files\11052012_TmPlugIn.log
c:\documents and settings\Toshiba Owner\Local Settings\Temporary Internet Files\13052012_TmPlugIn.log
c:\documents and settings\Toshiba Owner\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 09:33 . 2012-05-18 09:33 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4778BC3D-777D-45C9-BDB1-1E3321D1268C}\offreg.dll
2012-05-17 10:07 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4778BC3D-777D-45C9-BDB1-1E3321D1268C}\mpengine.dll
2012-05-15 10:50 . 2012-04-12 14:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-15 10:49 . 2012-05-15 10:49 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-14 10:52 . 2012-05-14 10:52 131344 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-05-12 06:25 . 2009-08-06 09:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-05-12 02:37 . 2012-05-12 02:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-05-12 01:47 . 2012-05-12 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-05-12 00:20 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 11:46 . 2012-05-11 11:46 -------- d-----w- c:\documents and settings\Toshiba Owner\Application Data\Malwarebytes
2012-05-11 11:46 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-11 11:46 . 2012-05-11 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-11 11:46 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 11:46 . 2012-05-11 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-08 11:36 . 2012-05-12 01:47 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 11:33 . 2012-05-09 09:24 -------- d-----w- c:\program files\TMRBLog
2012-05-08 09:23 . 2012-05-09 11:05 -------- d-----w- c:\documents and settings\Administrator
2012-04-27 12:58 . 2012-04-27 12:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 12:58 . 2012-04-27 12:58 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 12:58 . 2012-04-27 12:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 01:47 . 2011-05-21 21:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2008-04-13 14:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-13 15:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-20 10:44 . 2012-03-20 10:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-17 01:46 . 2009-04-16 07:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-17 01:46 . 2011-03-31 09:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2008-04-13 19:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-13 19:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-13 19:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-13 19:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-13 19:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-13 14:07 385024 ----a-w- c:\windows\system32\html.iec
2012-04-27 12:57 . 2011-06-23 08:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-24 7340032]
"nwiz"="nwiz.exe" [2006-07-24 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-07-24 49152]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2005-05-11 253952]
"000StTHK"="000StTHK.exe" [2001-06-22 24576]
"TFncKy"="TFncKy.exe" [BU]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TFNF5"="TFNF5.exe" [2006-04-10 622592]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"TPSMain"="TPSMain.exe" [2006-01-18 299008]
"TPSODDCtl"="TPSODDCtl.exe" [2006-01-18 102400]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 696320]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-09 16207360]
"SkyTel"="SkyTel.EXE" [2006-04-24 1448960]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\Toshiba Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Health.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PC Health.lnk
backup=c:\windows\pss\PC Health.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TAudEffect]
2005-10-05 02:33 344144 ----a-w- c:\program files\Toshiba\TAudEffect\TAudEff.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMERzCtl.EXE]
2006-01-24 00:26 69632 ----a-w- c:\program files\Toshiba\TME3\TMERzCtl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESBS.EXE]
2003-10-28 04:38 77824 ----a-w- c:\program files\Toshiba\TME3\TMESBS32.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMESRV.EXE]
2006-01-19 08:47 118784 ----a-w- c:\program files\Toshiba\TME3\TMESRV31.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Telstra\\unpw\\unpwclient.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [27/12/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [16/04/2009 4:38 PM 6144]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [16/04/2009 4:36 PM 5888]
R2 Tmesbs;Tmesbs32;c:\program files\Toshiba\TME3\TMESBS32.EXE [16/04/2009 4:57 PM 77824]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.EXE [16/04/2009 4:57 PM 118784]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [16/04/2009 2:01 PM 36352]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [18/02/2011 5:21 PM 17792]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [8/05/2012 9:36 PM 257696]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [27/04/2012 10:58 PM 129976]
S3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [16/04/2009 4:38 PM 595072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63829036
*Deregistered* - 63829036
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 01:47]
.
2012-05-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]
.
2012-05-18 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Toshiba Owner\Application Data\Mozilla\Firefox\Profiles\8k57b5gk.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 19:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-05-18 19:53:59
ComboFix-quarantined-files.txt 2012-05-18 09:53
.
Pre-Run: 64,530,710,528 bytes free
Post-Run: 64,674,783,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E1115BC83E69AEEA27E3677EC634400E

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 18 May 2012 - 10:00 AM

Hello again,

Glad to hear some improvement! Are you still experiencing the redirects? Any other issues I should know about?

bloopie

#9 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 19 May 2012 - 07:02 AM

Hi bloopie,

Thank you for your help! :)
The browser re-directs I experienced seemed to be specific for antivirus, update download and trouble-shooting related pages (Microsoft and Trend Micro). I've been able to navigate around the Windows Download Centre without problems today, and installed Windows Defender antispyware. Once I'd done that and performed an initial scan, I got a message to the effect that Defender was unable to receive updated definitions. This in turn prompted Fixit to repair Windows Update components that had been damaged or disabled, with Package Version 4.0.2.20110411. Defender now appears to be running normally.

Regards, Damon

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 19 May 2012 - 09:52 AM

Hi again,

Thank you for your help! :)

My pleasure! :thumbup2:

Microsoft Security Essentials will by default, disable Windows Defender. I recommend you uninstall Windows Defender as it is not needed when running Microsoft Security Essentials as explained here, so as not to cause conflicts between the two programs. You may do this via the Add/Remove Programs list.

You already have an excellent anti-malware program installed on your computer "Malwarebytes Anti-malware".

You should keep it updated and run a scan once a month depending on your internet habbits.

I'd like you to update that now, run a full system scan and post the results here.

==========

ESET Online Scanner

Next, I'd like you to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Please be sure to post both the MBAM and ESET logs in your next reply!

If you have any problems with the above instructions, please don't hesitate to ask!

bloopie

Edited by bloopie, 19 May 2012 - 11:15 AM.


#11 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 20 May 2012 - 07:30 AM

Hi bloopie,

Here's the Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Toshiba Owner :: TOSHIBA [administrator]

20/05/2012 3:44:06 PM
mbam-log-2012-05-20 (15-44-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275808
Time elapsed: 1 hour(s), 24 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

The ESET online scanner detected no threats (0 infected files, 0 cleaned files), but did not produce a log.

Regards, Damon :)

#12 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 20 May 2012 - 07:34 AM

P.S. Thanks for the tip about MS Defender, I have uninstalled it. :)

#13 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 20 May 2012 - 10:09 AM

Hi Damon125,

Good job! :thumbsup:

Let's run a couple of updates you need on your machine now.

:step1:

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

==========

:step2:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Select your Platform.
  • Under Which should I choose?, check the box for Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u32-windows-i586.exe (or jre-6u32-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

==========

Please let me know if you had any trouble with the above steps. Is there any other problems going on with your machine now?

bloopie

#14 Damon125

Damon125
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 21 May 2012 - 05:42 AM

Thanks again bloopie,

Done and done. Actually, running Java 7.4 now. Thanks for the info about removing old versions of Java, I didn't realise the installation of a new version doesn't overwrite older versions.

The desktop is definitely loading faster now. Also, no more delay in raising Windows Task Manager with ctrl-alt-del. A week ago, I was getting no response to ctrl-alt-del at all!

Regards, Damon

#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:05:58 PM

Posted 21 May 2012 - 10:35 AM

Hello again,

Thanks again bloopie

You're most welcome! :)

Your machine appears to be clean! :thumbsup:

Let's do some housekeeping now:



The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just delete from the desktop.


:step1:
DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.

==========

:step2:
Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

==========

:step3:
You may also delete any leftover logs from your desktop as well as TDSSKiller.

==========

Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine :thumbup2:



The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. you can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:
  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:
If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.


Best of regards, and happy surfing!! :wink:

bloopie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users