Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Possible infection - any help appreciated

  • 01-05-2011 9:01pm
    #1
    Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭


    Did and AVG Anti-Rootkit scan and this came up. Is my laptop infected?

    Scan "Anti-Rootkit scan" completed.
    Rootkits;"14";"0";"14"

    Scan started:;"01 May 2011, 02:19:28"
    Scan finished:;"01 May 2011, 02:21:35 (2 minute(s) 6 second(s))"
    Total object scanned:;"68686"
    User who launched the scan:;"SYSTEM"

    Rootkits
    ;"File";"Infection";"Result"
    ;"<unknown>";"IRP hook, ver\AFD DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\Tcpip DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\i8042prt DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\iaStor DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\Kbdclass DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\Mouclass DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\PartMgr DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, eSystem\FltMgr DriverStartIo -> 0x6C00690046005C";"Object is hidden"
    ;"<unknown>";"IRP hook, eSystem\Ntfs DriverStartIo -> 0x6C00690046005C";"Object is hidden"
    ;"<unknown>";"IRP hook, eSystem\sr DriverStartIo -> 0x6C00690046005C";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\Disk DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, eSystem\RAW DriverStartIo -> 0x6C00690046005C";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\PCI DriverStartIo -> 0x00440085";"Object is hidden"
    ;"<unknown>";"IRP hook, ver\ACPI DriverStartIo -> 0x00440085";"Object is hidden"


Comments

  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Just an update to this

    There are some processes etc. running in the background on my laptop that are suspicious and so I've disabled them.

    One was called HidFind.exe but there's also some Microsoft Remote Call things that activate on startup as well that I have not been able to disable.

    There was also something that claimed to be related to the TouchPad functionality but again I've disabled it and it's made no difference.

    Without wanting to sound paranoid, I'm very worried that there was all part of some kind of keylogging programme and that someone would be able to take control of my computer, so want to get this assessed and sorted as soon as possible.

    Any thoughts or advice would be most welcome!


  • Closed Accounts Posts: 46 obrien.cathal


    Hi,

    The presence of 'hooks' may indicate that you have a type of malware referred to as a rootkit. Rootkits are able to hide from the operating system by effectively cloaking themselves so if you are able to disable it from the task manager, chances are you have not gotten rid of everything. Have you run any other scans on this?

    Cathal


  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Hi Cathal

    Thanks for your response.

    I ran something called Security Task Manager and disabled the thing that looked like a keylogging programme.

    I have run MalwareBytes about 3 times and the first time it showed up something and I thought I'd deleted them.

    Have also run TCPView just now but I've got to a stage where I don't really know what I'm doing.

    Below is the first MalWareBytes log from the other day.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6480

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    01/05/2011 01:55:25
    mbam-log-2011-05-01 (01-55-25).txt

    Scan type: Quick scan
    Objects scanned: 160491
    Time elapsed: 10 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 22
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 8
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.


  • Closed Accounts Posts: 46 obrien.cathal


    Hi,

    I'm not familiar with the 'Security Task Manager' program but as Lightning has written, one should be careful not to disable routine processes. I use the Microsoft Sysinternals suite and the TCPView and Process Explorer software are particularly useful as they can perform signature verification on running processes. I would recommend these tools if you can spare the time to learn their ins and outs.

    If you want to run an offline scan, Kaspersky have a rescue disk which takes a few hours to run but is very thorough. You can get it here http://support.kaspersky.com/viruses/rescuedisk I'm pretty sure it also runs TDSS. Normally when I run this I would follow up with some manual examination of the registry and processes and connections to be on the safe side.

    Let us know how you get on.

    Cathal


  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Thanks Lightning and thanks Cathal

    Here's a log from Sophos AntiRootkit which I also ran...don't know if it's any use:

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\Program Files\InstallShield Installation Information\{56190F69-01D3-46CA-9861-43377C5E9B87}\ISSetup.dll
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\Documents and Settings\John Reynolds\Local Settings\Temporary Internet Files\Content.IE5\IGW2COAY\4&formcheck.js--1283787245&member.js--1303207212&tabswapper.js--1274715731&global.js--1286815860&product-search.js--1285849776&tynt-insight[1].js--1282570028
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\System Volume Information\_restore{D89666C6-5C9F-4BF8-8850-E526A546D0DE}\RP98\A0064148.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\System Volume Information\_restore{D89666C6-5C9F-4BF8-8850-E526A546D0DE}\RP115\A0078261.dll
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\uninst.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\System Volume Information\_restore{D89666C6-5C9F-4BF8-8850-E526A546D0DE}\RP130\A0085154.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\Program Files\Google\Picasa3\Uninstall.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\System Volume Information\_restore{D89666C6-5C9F-4BF8-8850-E526A546D0DE}\RP130\A0086521.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\System Volume Information\_restore{D89666C6-5C9F-4BF8-8850-E526A546D0DE}\RP152\A0104501.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)

    Area: Local hard drives
    Description: Unknown hidden file
    Location: C:\System Volume Information\_restore{D89666C6-5C9F-4BF8-8850-E526A546D0DE}\RP130\A0086342.exe
    Removable: Yes (but clean up not recommended for this file)
    Notes: (no more detail available)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Log from TDSSkiller
    2011/05/04 05:26:41.0000 5984 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
    2011/05/04 05:26:41.0031 5984 ================================================================================
    2011/05/04 05:26:41.0031 5984 SystemInfo:
    2011/05/04 05:26:41.0031 5984
    2011/05/04 05:26:41.0031 5984 OS Version: 5.1.2600 ServicePack: 3.0
    2011/05/04 05:26:41.0031 5984 Product type: Workstation
    2011/05/04 05:26:41.0031 5984 ComputerName: JOHNREYNOLDSM11
    2011/05/04 05:26:41.0031 5984 UserName: John Reynolds
    2011/05/04 05:26:41.0031 5984 Windows directory: C:\WINDOWS
    2011/05/04 05:26:41.0031 5984 System windows directory: C:\WINDOWS
    2011/05/04 05:26:41.0031 5984 Processor architecture: Intel x86
    2011/05/04 05:26:41.0031 5984 Number of processors: 4
    2011/05/04 05:26:41.0031 5984 Page size: 0x1000
    2011/05/04 05:26:41.0031 5984 Boot type: Normal boot
    2011/05/04 05:26:41.0031 5984 ================================================================================
    2011/05/04 05:26:41.0250 5984 Initialize success
    2011/05/04 05:26:50.0875 4484 ================================================================================
    2011/05/04 05:26:50.0875 4484 Scan started
    2011/05/04 05:26:50.0875 4484 Mode: Manual;
    2011/05/04 05:26:50.0875 4484 ================================================================================
    2011/05/04 05:26:51.0640 4484 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/05/04 05:26:51.0703 4484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/05/04 05:26:51.0796 4484 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/05/04 05:26:51.0875 4484 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
    2011/05/04 05:26:52.0171 4484 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/05/04 05:26:52.0468 4484 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/05/04 05:26:52.0500 4484 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/05/04 05:26:52.0531 4484 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/05/04 05:26:52.0609 4484 ATSwpWDF (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
    2011/05/04 05:26:52.0796 4484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/05/04 05:26:52.0875 4484 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2011/05/04 05:26:52.0906 4484 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2011/05/04 05:26:52.0937 4484 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2011/05/04 05:26:53.0093 4484 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2011/05/04 05:26:53.0140 4484 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2011/05/04 05:26:53.0156 4484 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2011/05/04 05:26:53.0187 4484 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2011/05/04 05:26:53.0234 4484 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2011/05/04 05:26:53.0296 4484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/05/04 05:26:53.0453 4484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/05/04 05:26:53.0500 4484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/05/04 05:26:53.0531 4484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/05/04 05:26:53.0578 4484 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/05/04 05:26:53.0593 4484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/05/04 05:26:53.0703 4484 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/05/04 05:26:53.0875 4484 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/05/04 05:26:53.0968 4484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/05/04 05:26:54.0031 4484 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/05/04 05:26:54.0218 4484 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/05/04 05:26:54.0234 4484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/05/04 05:26:54.0296 4484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/05/04 05:26:54.0343 4484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/05/04 05:26:54.0406 4484 e1kexpress (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
    2011/05/04 05:26:54.0609 4484 ewusbnet (4fd02e31eac2cbc81eb08a1ce81e73a2) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
    2011/05/04 05:26:54.0671 4484 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
    2011/05/04 05:26:54.0750 4484 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/05/04 05:26:54.0796 4484 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/05/04 05:26:54.0968 4484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/05/04 05:26:54.0984 4484 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/05/04 05:26:55.0031 4484 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/05/04 05:26:55.0046 4484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/05/04 05:26:55.0078 4484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/05/04 05:26:55.0109 4484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/05/04 05:26:55.0140 4484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/05/04 05:26:55.0187 4484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/05/04 05:26:55.0328 4484 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
    2011/05/04 05:26:55.0390 4484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/05/04 05:26:55.0468 4484 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/05/04 05:26:55.0656 4484 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
    2011/05/04 05:26:55.0718 4484 hwdatacard (3e3bfe85b9fe3720bf4c108f57c945fb) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    2011/05/04 05:26:55.0843 4484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/05/04 05:26:55.0953 4484 ialm (11b0125223dea8170e35a1914e8ebc03) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/05/04 05:26:56.0218 4484 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
    2011/05/04 05:26:56.0281 4484 IFXTPM (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    2011/05/04 05:26:56.0328 4484 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/05/04 05:26:56.0562 4484 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
    2011/05/04 05:26:56.0796 4484 IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/05/04 05:26:57.0031 4484 IntcDAud (a58a567b601866bee62d8dda78e6e101) C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
    2011/05/04 05:26:57.0109 4484 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/05/04 05:26:57.0156 4484 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/05/04 05:26:57.0312 4484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/05/04 05:26:57.0328 4484 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/05/04 05:26:57.0359 4484 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/05/04 05:26:57.0406 4484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/05/04 05:26:57.0421 4484 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/05/04 05:26:57.0453 4484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/05/04 05:26:57.0500 4484 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/05/04 05:26:57.0578 4484 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/05/04 05:26:57.0609 4484 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/05/04 05:26:57.0703 4484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/05/04 05:26:57.0859 4484 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/05/04 05:26:57.0921 4484 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/05/04 05:26:58.0156 4484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/05/04 05:26:58.0218 4484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/05/04 05:26:58.0250 4484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/05/04 05:26:58.0281 4484 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/05/04 05:26:58.0359 4484 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/05/04 05:26:58.0546 4484 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/05/04 05:26:58.0593 4484 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/05/04 05:26:58.0625 4484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/05/04 05:26:58.0640 4484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/05/04 05:26:58.0687 4484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/05/04 05:26:58.0843 4484 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/05/04 05:26:58.0906 4484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/05/04 05:26:58.0953 4484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/05/04 05:26:59.0000 4484 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/05/04 05:26:59.0156 4484 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/05/04 05:26:59.0218 4484 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/05/04 05:26:59.0250 4484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/05/04 05:26:59.0281 4484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/05/04 05:26:59.0343 4484 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/05/04 05:26:59.0515 4484 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/05/04 05:26:59.0546 4484 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/05/04 05:26:59.0625 4484 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    2011/05/04 05:26:59.0796 4484 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    2011/05/04 05:27:00.0125 4484 nmwcd (65ac8baa2f916ee9203ee48d7fcee605) C:\WINDOWS\system32\drivers\ccdcmb.sys
    2011/05/04 05:27:00.0140 4484 nmwcdc (29af182734a247240d89a0fe63dbef03) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2011/05/04 05:27:00.0187 4484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/05/04 05:27:00.0218 4484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/05/04 05:27:00.0359 4484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/05/04 05:27:00.0390 4484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/05/04 05:27:00.0421 4484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/05/04 05:27:00.0468 4484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/05/04 05:27:00.0562 4484 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/05/04 05:27:00.0625 4484 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/05/04 05:27:00.0671 4484 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2011/05/04 05:27:00.0687 4484 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/05/04 05:27:00.0734 4484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/05/04 05:27:00.0843 4484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/05/04 05:27:01.0046 4484 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
    2011/05/04 05:27:01.0140 4484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/05/04 05:27:01.0234 4484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/05/04 05:27:01.0265 4484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/05/04 05:27:01.0375 4484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/05/04 05:27:01.0406 4484 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/05/04 05:27:01.0484 4484 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/05/04 05:27:01.0515 4484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/05/04 05:27:01.0546 4484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/05/04 05:27:01.0578 4484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/05/04 05:27:01.0625 4484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/05/04 05:27:01.0656 4484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/05/04 05:27:01.0750 4484 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/05/04 05:27:01.0828 4484 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
    2011/05/04 05:27:01.0859 4484 risdpcie (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
    2011/05/04 05:27:01.0875 4484 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
    2011/05/04 05:27:01.0953 4484 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/05/04 05:27:02.0031 4484 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/05/04 05:27:02.0062 4484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/05/04 05:27:02.0109 4484 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/05/04 05:27:02.0187 4484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/05/04 05:27:02.0265 4484 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/05/04 05:27:02.0328 4484 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/05/04 05:27:02.0406 4484 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/05/04 05:27:02.0468 4484 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/05/04 05:27:02.0500 4484 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/05/04 05:27:02.0531 4484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/05/04 05:27:02.0640 4484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/05/04 05:27:02.0750 4484 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/05/04 05:27:02.0796 4484 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
    2011/05/04 05:27:02.0859 4484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/05/04 05:27:03.0015 4484 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
    2011/05/04 05:27:03.0031 4484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/05/04 05:27:03.0078 4484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/05/04 05:27:03.0109 4484 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
    2011/05/04 05:27:03.0156 4484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/05/04 05:27:03.0296 4484 Thpdrv (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
    2011/05/04 05:27:03.0312 4484 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
    2011/05/04 05:27:03.0343 4484 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
    2011/05/04 05:27:03.0406 4484 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    2011/05/04 05:27:03.0437 4484 tosrfbd (51d7f024a66814f8bee33e4be394a03e) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
    2011/05/04 05:27:03.0468 4484 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    2011/05/04 05:27:03.0625 4484 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    2011/05/04 05:27:03.0640 4484 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    2011/05/04 05:27:03.0656 4484 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    2011/05/04 05:27:03.0687 4484 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    2011/05/04 05:27:03.0703 4484 TosRfSnd (6db1660c5f66e6121a454e869290614a) C:\WINDOWS\system32\drivers\tosrfsnd.sys
    2011/05/04 05:27:03.0859 4484 Tosrfusb (cab2ab2916dcb86df6ae034f319c0238) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
    2011/05/04 05:27:03.0906 4484 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
    2011/05/04 05:27:03.0984 4484 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
    2011/05/04 05:27:04.0031 4484 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    2011/05/04 05:27:04.0109 4484 TVALZFL (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
    2011/05/04 05:27:04.0140 4484 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/05/04 05:27:04.0203 4484 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/05/04 05:27:04.0296 4484 upperdev (2522747ba661514e3770e508cce45b64) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    2011/05/04 05:27:04.0359 4484 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/05/04 05:27:04.0406 4484 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/05/04 05:27:04.0484 4484 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/05/04 05:27:04.0546 4484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/05/04 05:27:04.0578 4484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/05/04 05:27:04.0671 4484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/05/04 05:27:04.0718 4484 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
    2011/05/04 05:27:04.0734 4484 UsbserFilt (8aa5f86a6c3b3234beed9556d145bfac) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    2011/05/04 05:27:04.0781 4484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/05/04 05:27:04.0875 4484 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/05/04 05:27:04.0937 4484 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/05/04 05:27:04.0984 4484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/05/04 05:27:05.0093 4484 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/05/04 05:27:05.0140 4484 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/05/04 05:27:05.0265 4484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/05/04 05:27:05.0328 4484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/05/04 05:27:05.0562 4484 ================================================================================
    2011/05/04 05:27:05.0562 4484 Scan finished
    2011/05/04 05:27:05.0562 4484 ================================================================================


  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    Log from OSAM

    Report of OSAM: Autorun Manager v5.0.11926.0
    http://www.online-solutions.ru/en/
    Saved at 05:32:38 on 04.05.2011

    OS: Windows XP Professional Service Pack 3 (Build 2600)
    Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

    Scanner Settings
    [x] Rootkits detection (hidden registry)
    [x] Rootkits detection (hidden files)
    [x] Retrieve files information
    [x] Check Microsoft signatures

    Filters
    [ ] Trusted entries
    [ ] Empty entries
    [x] Hidden registry entries (rootkit activity)
    [x] Exclusively opened files
    [x] Not found files
    [x] Files without detailed information
    [x] Existing files
    [ ] Non-startable services
    [ ] Non-startable drivers
    [x] Active entries
    [x] Disabled entries


    [Boot Execute]
    ( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )
    "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    "BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

    [Common]
    ( %SystemRoot%\Tasks )
    "RealUpgradeLogonTaskS-1-5-21-540314570-2194171126-2655910169-1005.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe
    "RealUpgradeScheduledTaskS-1-5-21-540314570-2194171126-2655910169-1005.job" - "RealNetworks, Inc." - C:\Program Files\Real\RealUpgrade\realupgrade.exe

    [Control Panel Objects]
    ( %SystemRoot%\system32 )
    "Hwsetup.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\Hwsetup.cpl
    "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
    "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
    "Tmeprop.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\Tmeprop.cpl
    "TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl
    "TUSBSleepCharge.cpl" - "TOSHIBA" - C:\WINDOWS\system32\TUSBSleepCharge.cpl
    ( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )
    "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
    "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
    "TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl
    "ToshSrv" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl

    [Drivers]
    ( HKLM\SYSTEM\CurrentControlSet\Services )
    "Alps Pointing-device Filter Driver" (ApfiltrService) - ? - C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (File not found)
    "Anchorfree HSS Adapter" (taphss) - "AnchorFree Inc" - C:\WINDOWS\System32\DRIVERS\taphss.sys
    "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
    "AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
    "AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
    "AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
    "AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
    "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
    "Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\WINDOWS\System32\DRIVERS\ewusbdev.sys (File not found)
    "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
    "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
    "MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\E.tmp (File not found)
    "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
    "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
    "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
    "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
    "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
    "TMEI3E" (TMEI3E) - "Toshiba Corporation" - C:\WINDOWS\System32\Drivers\TMEI3E.SYS
    "TOSHIBA Network Device Usermode I/O Protocol" (Netdevio) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\netdevio.sys
    "vuuhla" (vuuhla) - ? - C:\WINDOWS\System32\drivers\ftgnstlx.sys (File not found)
    "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)

    [Explorer]
    ( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )
    {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
    ( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )
    {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
    ( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )
    {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    ( HKLM\Software\Classes\Protocols\Filter )
    {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
    {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
    {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
    {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    ( HKLM\Software\Classes\Protocols\Handler )
    {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
    {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgpp.dll
    ( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )
    {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
    ( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )
    {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found)
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgse.dll
    {42071714-76d4-11d1-8b24-00a0c9068ff3} "Display Panning CPL Extension" - ? - deskpan.dll (File not found)
    {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Encryption Context Menu" - ? - (File not found | COM-object registry key not found)
    {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
    {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
    {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
    {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
    {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
    {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll
    {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
    {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
    {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shell extensions for file compression" - ? - (File not found | COM-object registry key not found)
    {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
    {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
    {C4213067-97B3-4929-9B98-B5600FBBBA13} "TouchShellExt Class" - "TOSHIBA Corporation" - C:\PROGRA~1\TOSHIBA\TouchED\TouchED.dll
    {D7B901C9-669E-4D2D-9946-CB8701E102FF} "TrueSuiteCMenu" - "AuthenTec, Inc." - C:\Program Files\TrueSuite\TrueSuite.CMShelExt.dll
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
    {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Windows Desktop Search\msnlExt.dll
    {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)

    [Internet Explorer]
    ( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )
    ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
    <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
    ( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )
    {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    {C345E174-3E87-4F41-A01C-B066A90A49B4} "WRC Class" - ? - C:\WINDOWS\Downloaded Program Files\wrc32.ocx (File not found) / http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    ( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )
    {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    ( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgssie.dll
    {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} "TrueSuite Website Log On" - "AuthenTec Inc." - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll

    [Logon]
    ( %AllUsersProfile%\Start Menu\Programs\Startup )
    "desktop.ini" - ? - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    ( %UserProfile%\Start Menu\Programs\Startup )
    "desktop.ini" - ? - C:\Documents and Settings\John Reynolds\Start Menu\Programs\Startup\desktop.ini
    ( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )
    "000StTHK" - ? - 000StTHK.exe (File found, but it contains no detailed information)
    "00THotkey" - "TOSHIBA Corporation" - C:\WINDOWS\system32\00THotkey.exe
    "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    "AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgtray.exe
    "ClientAppLogon" - "AuthenTec, Inc." - C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
    "DDWMon" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
    "ITSecMng" - "TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
    "NDSTray.exe" - ? - NDSTray.exe (File not found)
    "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime
    "SmoothView" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    "SystemTray" - "AuthenTec, Inc" - C:\Program Files\TrueSuite\TrueSuite.SysTray.exe
    "TFncKy" - ? - TFncKy.exe (File not found)
    "TFNF5" - "TOSHIBA Corp." - TFNF5.exe
    "ThpSrv" - "TOSHIBA Corporation" - C:\WINDOWS\system32\thpsrv /logon
    "TMERzCtl.EXE" - "TOSHIBA" - C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    "TMESRV.EXE" - "TOSHIBA" - C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    "TNRotate" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe
    "TosHKCW.exe" - "TOSHIBA CORPORATION" - "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    "TosSENotify" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    "TosWaitSrv" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
    "TouchED" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    "TPSMain" - "TOSHIBA Corporation" - TPSMain.exe
    "TPSODDCtl" - "TOSHIBA Corporation" - TPSODDCtl.exe
    "TUSBSleepChargeSrv" - "TOSHIBA" - %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
    "TWebCamera" - "TOSHIBA CORPORATION." - "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

    [Print Monitors]
    ( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )
    "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll
    "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll

    [Services]
    ( HKLM\SYSTEM\CurrentControlSet\Services )
    ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    "AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Program Files\Fingerprint Sensor\atservice.exe
    "AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    "AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    "DCService.exe" (DCService.exe) - ? - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
    "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    "iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
    "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
    "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    "Tmesrv3" (Tmesrv) - "TOSHIBA" - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    "TOSHIBA HDD Protection" (Thpsrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\ThpSrv.exe
    "TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\TODDSrv.exe
    "TPCH Service" (TPCHSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    "TrueSuiteService" (FPLService) - "AuthenTec, Inc" - C:\Program Files\TrueSuite\TrueSuite.Service.exe
    "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

    [Winlogon]
    ( HKCU\Control Panel\IOProcs )
    "MVB" - ? - mvfs32.dll (File not found)
    ( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )
    "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

    ===[ Logfile end ]=========================================[ Logfile end ]===

    If You have questions or want to get some help, You can visit http://forum.online-solutions.ru


  • Registered Users, Registered Users 2 Posts: 668 ✭✭✭belmulletman


    Hey...

    I just had AVG report back 18 of these similar files (I googled one an this thread showed up).

    Any Idea what the story is?
    I've done nothing unusual, nor installed anything new in MONTHS!


  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    LIGHTNING wrote: »
    Ill look at the OSAM log later, but sophos and tdsskiller are clean. Flush out your system restore points btw. Your MBAM scan was clean apart from an add supported tool bar.

    Thanks for that Lightning, it puts my mind at ease

    I think the Toolbar was just a Skype one so I've removed it in the conventional way.


  • Registered Users, Registered Users 2 Posts: 1,189 ✭✭✭Gekko


    it won't let me upload a .htm or .html file...


  • Advertisement
Advertisement