Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_SIREFEF won't go away


  • This topic is locked This topic is locked
23 replies to this topic

#1 mediamom

mediamom

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 11 June 2012 - 11:33 AM

I'm working on a friend's computer who got another trojan! TrendMicro removes it in realtime and it replicates every 10 min. or so. It shows Troj_SIREFEF as a .QA, .EM, and .DD It also shows Troj_GEN.RC1C7F8.

Here is my hijack file:

Any help you can offer is greatly appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:45 PM, on 6/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [lpufsd] rundll32.exe "C:\Documents and Settings\WE\Application Data\lpufsd.dll",DTProResReinitLocalization
O4 - HKLM\..\Run: [msaser] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\WE\Application Data\msaser.dll",mpegInUpdateFiles
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313771123718
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

--
End of file - 9137 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 13 June 2012 - 01:03 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 13 June 2012 - 06:47 AM

Trendmicro blocked the defogger website saying that is has been confirmed to transmit malicious software or has been involved in online scams or fraud.... Is it safe to continue?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 13 June 2012 - 08:13 AM

yes it is safe


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 13 June 2012 - 12:42 PM

Thanks! Here is the security check post:

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Trend Micro Titanium Maximum Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
CCleaner
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader 7 Adobe Reader out of date!
Mozilla Firefox 6.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````


DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by WE at 13:39:22 on 2012-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.332 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
svchost.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mail.yahoo.com/
uSearch Bar =
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [lpufsd] rundll32.exe "c:\documents and settings\we\application data\lpufsd.dll",DTProResReinitLocalization
mRun: [msaser] "c:\windows\system32\rundll32.exe" "c:\documents and settings\we\application data\msaser.dll",mpegInUpdateFiles
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313771123718
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{23F0D695-5889-44D9-A475-E6C67B618A52} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\we\application data\mozilla\firefox\profiles\dooawzly.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/?a=1pcrjNOs89S
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1pcrjNOs89S&search=
FF - plugin: c:\documents and settings\we\application data\mozilla\firefox\profiles\dooawzly.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\we\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2012-2-29 188272]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2012-2-29 64080]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-14 257696]
.
=============== Created Last 30 ================
.
2012-06-10 22:17:24 -------- d-----w- c:\documents and settings\we\local settings\application data\{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26}
2012-06-10 22:17:21 341504 ----a-w- c:\documents and settings\we\application data\msaser.dll
2012-06-10 21:44:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-10 21:44:36 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 21:44:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-05 11:49:29 22032 ----a-w- c:\windows\DCEBoot.exe
2012-06-05 11:27:53 -------- d-----w- c:\documents and settings\we\local settings\application data\{6F185CE9-AF01-11E1-8270-B8AC6F996F26}
2012-06-05 11:27:42 270336 ----a-w- c:\documents and settings\we\application data\ugfap.dll
2012-06-05 11:27:21 102400 ----a-w- c:\windows\RegBootClean.exe
2012-06-05 11:26:59 128512 --sha-w- c:\documents and settings\we\application data\lpufsd.dll
2012-06-05 11:26:51 -------- d-----w- c:\documents and settings\all users\application data\F4D55EFF00000B9A000003A8D151FC4E
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-17 21:56:34 3764 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-05-17 21:56:17 88 --sh--r- c:\windows\system32\5F6DF9EEF5.sys
2012-05-14 13:30:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 13:30:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 13:40:18.88 ===============



ATTACH LOG

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/22/2007 8:16:07 PM
System Uptime: 6/11/2012 11:29:54 AM (50 hours ago)
.
Motherboard: Dell Inc. | | 0WG855
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 274.746 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.1.0
American Greetings CreataCard Select 6
AOLIcon
ArcSoft PhotoImpression 5
AT&T Self Support Tool
ATT-AACE
ATT-RC Self Support Tool
BroadJump Client Foundation
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Consumer Complete Care Services Agreement
Corel Snapfire Plus
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2.1
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
Games, Music, & Photos Launcher
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Matrix Storage Manager
Intel® PRO Network Connections
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
Java Auto Updater
Java™ 6 Update 26
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Modem Helper
Mozilla Firefox 6.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZeroInstallers
NVIDIA Drivers
Otto
Photo Notifier and Animation Creator
PMB
Qualxserve Service Agreement
QuickTime
RealPlayer Basic
Roxio DLA
Roxio Express Labeler
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Smilebox
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.8
Yahoo! Detect
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
6/6/2012 5:29:33 PM, error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.
6/6/2012 2:16:12 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/11/2012 10:54:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/11/2012 10:53:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tmtdi
6/11/2012 10:53:55 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 10:53:55 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 10:53:55 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 10:53:55 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 10:53:29 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/11/2012 10:52:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/11/2012 10:52:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2012 5:30:35 PM, error: Service Control Manager [7023] - The Error Reporting Service service terminated with the following error: The system cannot find the file specified.
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 13 June 2012 - 02:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 13 June 2012 - 08:40 PM

Whew. The website is back up! Here's the combofix log. Everything seems to be working great. No more popups from trendmicro. Internet is fast again. :)

ComboFix 12-06-13.04 - WE 06/13/2012 17:35:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.498 [GMT -4:00]
Running from: c:\documents and settings\WE\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\WE\Application Data\lpufsd.dll
c:\documents and settings\WE\Application Data\msaser.dll
c:\documents and settings\WE\Application Data\PriceGong
c:\documents and settings\WE\Application Data\PriceGong\Data\1.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\1137.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\1566.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\2228.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\2782.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\2796.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\3911.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\4379.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\6613.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\6927.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\83.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\9004.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\9482.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\9566.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\9752.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\a.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\b.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\c.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\d.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\e.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\f.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\g.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\h.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\i.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\j.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\k.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\l.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\m.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\WE\Application Data\PriceGong\Data\n.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\o.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\p.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\q.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\r.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\s.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\t.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\u.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\v.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\w.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\x.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\y.txt
c:\documents and settings\WE\Application Data\PriceGong\Data\z.txt
c:\documents and settings\WE\Application Data\ugfap.dll
c:\documents and settings\WE\Recent\Thumbs.db
c:\documents and settings\WE\WINDOWS
c:\windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}\@
c:\windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}\n
c:\windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}\U\00000001.@
c:\windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}\U\80000000.@
c:\windows\Installer\{1b591461-f4d1-b1c4-ec23-b321ea9eb75d}\U\800000cb.@
c:\windows\system32\service
c:\windows\system32\service\01042010_TIS17_SfFniAU.log
c:\windows\system32\service\01042011_TIS17_SfFniAU.log
c:\windows\system32\service\02012011_TIS17_SfFniAU.log
c:\windows\system32\service\02042011_TIS17_SfFniAU.log
c:\windows\system32\service\02062011_TIS17_SfFniAU.log
c:\windows\system32\service\03012011_TIS17_SfFniAU.log
c:\windows\system32\service\03052010_TIS17_SfFniAU.log
c:\windows\system32\service\03052011_TIS17_SfFniAU.log
c:\windows\system32\service\03112010_TIS17_SfFniAU.log
c:\windows\system32\service\04102010_TIS17_SfFniAU.log
c:\windows\system32\service\04112010_TIS17_SfFniAU.log
c:\windows\system32\service\04122010_TIS17_SfFniAU.log
c:\windows\system32\service\05052010_TIS17_SfFniAU.log
c:\windows\system32\service\05082011_TIS17_SfFniAU.log
c:\windows\system32\service\06012011_TIS17_SfFniAU.log
c:\windows\system32\service\06022011_TIS17_SfFniAU.log
c:\windows\system32\service\06052010_TIS17_SfFniAU.log
c:\windows\system32\service\06052011_TIS17_SfFniAU.log
c:\windows\system32\service\06062011_TIS17_SfFniAU.log
c:\windows\system32\service\06112010_TIS17_SfFniAU.log
c:\windows\system32\service\07052010_TIS17_SfFniAU.log
c:\windows\system32\service\07082010_TIS17_SfFniAU.log
c:\windows\system32\service\08052011_TIS17_SfFniAU.log
c:\windows\system32\service\08082011_TIS17_SfFniAU.log
c:\windows\system32\service\08092010_TIS17_SfFniAU.log
c:\windows\system32\service\08112010_TIS17_SfFniAU.log
c:\windows\system32\service\09092010_TIS17_SfFniAU.log
c:\windows\system32\service\10092010_TIS17_SfFniAU.log
c:\windows\system32\service\11022011_TIS17_SfFniAU.log
c:\windows\system32\service\12122010_TIS17_SfFniAU.log
c:\windows\system32\service\13042010_TIS17_SfFniAU.log
c:\windows\system32\service\13072011_TIS17_SfFniAU.log
c:\windows\system32\service\14012011_TIS17_SfFniAU.log
c:\windows\system32\service\14082010_TIS17_SfFniAU.log
c:\windows\system32\service\14122010_TIS17_SfFniAU.log
c:\windows\system32\service\15012010_TIS17_SfFniAU.log
c:\windows\system32\service\15022010_TIS17_SfFniAU.log
c:\windows\system32\service\15032010_TIS17_SfFniAU.log
c:\windows\system32\service\15062010_TIS17_SfFniAU.log
c:\windows\system32\service\15102010_TIS17_SfFniAU.log
c:\windows\system32\service\16032010_TIS17_SfFniAU.log
c:\windows\system32\service\16032011_TIS17_SfFniAU.log
c:\windows\system32\service\16062011_TIS17_SfFniAU.log
c:\windows\system32\service\16072011_TIS17_SfFniAU.log
c:\windows\system32\service\17012010_TIS17_SfFniAU.log
c:\windows\system32\service\17062010_TIS17_SfFniAU.log
c:\windows\system32\service\17072010_TIS17_SfFniAU.log
c:\windows\system32\service\17122010_TIS17_SfFniAU.log
c:\windows\system32\service\18012011_TIS17_SfFniAU.log
c:\windows\system32\service\18062011_TIS17_SfFniAU.log
c:\windows\system32\service\18112010_TIS17_SfFniAU.log
c:\windows\system32\service\19012011_TIS17_SfFniAU.log
c:\windows\system32\service\19022011_TIS17_SfFniAU.log
c:\windows\system32\service\19042010_TIS17_SfFniAU.log
c:\windows\system32\service\19122010_TIS17_SfFniAU.log
c:\windows\system32\service\20012010_TIS17_SfFniAU.log
c:\windows\system32\service\20032010_TIS17_SfFniAU.log
c:\windows\system32\service\20072010_TIS17_SfFniAU.log
c:\windows\system32\service\20102010_TIS17_SfFniAU.log
c:\windows\system32\service\20112010_TIS17_SfFniAU.log
c:\windows\system32\service\21022010_TIS17_SfFniAU.log
c:\windows\system32\service\21042011_TIS17_SfFniAU.log
c:\windows\system32\service\21082010_TIS17_SfFniAU.log
c:\windows\system32\service\21102010_TIS17_SfFniAU.log
c:\windows\system32\service\22082010_TIS17_SfFniAU.log
c:\windows\system32\service\23032010_TIS17_SfFniAU.log
c:\windows\system32\service\23052011_TIS17_SfFniAU.log
c:\windows\system32\service\23072010_TIS17_SfFniAU.log
c:\windows\system32\service\24032010_TIS17_SfFniAU.log
c:\windows\system32\service\24042010_TIS17_SfFniAU.log
c:\windows\system32\service\25012010_TIS17_SfFniAU.log
c:\windows\system32\service\25012011_TIS17_SfFniAU.log
c:\windows\system32\service\26032010_TIS17_SfFniAU.log
c:\windows\system32\service\26042010_TIS17_SfFniAU.log
c:\windows\system32\service\26062011_TIS17_SfFniAU.log
c:\windows\system32\service\27032010_TIS17_SfFniAU.log
c:\windows\system32\service\27042011_TIS17_SfFniAU.log
c:\windows\system32\service\28012011_TIS17_SfFniAU.log
c:\windows\system32\service\28032010_TIS17_SfFniAU.log
c:\windows\system32\service\28032011_TIS17_SfFniAU.log
c:\windows\system32\service\28042011_TIS17_SfFniAU.log
c:\windows\system32\service\29012010_TIS17_SfFniAU.log
c:\windows\system32\service\29102010_TIS17_SfFniAU.log
c:\windows\system32\service\29112010_TIS17_SfFniAU.log
c:\windows\system32\service\31012010_TIS17_SfFniAU.log
c:\windows\system32\SET12C.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF2.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 06:03 . 2012-06-13 06:03 -------- d-----w- c:\windows\LastGood
2012-06-11 14:57 . 2012-06-11 14:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-10 22:17 . 2012-06-10 22:17 -------- d-----w- c:\documents and settings\WE\Local Settings\Application Data\{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26}
2012-06-10 21:44 . 2009-12-03 20:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-10 21:44 . 2012-06-10 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-10 21:44 . 2009-12-03 20:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 11:49 . 2012-06-10 22:36 22032 ----a-w- c:\windows\DCEBoot.exe
2012-06-05 11:27 . 2012-06-05 11:27 -------- d-----w- c:\documents and settings\WE\Local Settings\Application Data\{6F185CE9-AF01-11E1-8270-B8AC6F996F26}
2012-06-05 11:27 . 2012-06-08 09:58 102400 ----a-w- c:\windows\RegBootClean.exe
2012-06-05 11:26 . 2012-06-05 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55EFF00000B9A000003A8D151FC4E
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-14 13:30 . 2012-05-14 12:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 13:30 . 2012-05-14 12:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14 . 2005-08-16 10:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2005-08-16 10:18 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-19 20:38 . 2011-05-10 01:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-04 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-9-22 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-4 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 11:51 442455 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 20:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-01-04 13:56 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-07-06 23:30 313160 ----a-w- c:\documents and settings\WE\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [2/29/2012 2:38 PM 188272]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/29/2012 2:39 PM 64080]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/14/2012 8:32 AM 257696]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 13:30]
.
2012-06-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
FF - ProfilePath - c:\documents and settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/?a=1pcrjNOs89S
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1pcrjNOs89S&search=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
HKLM-Run-lpufsd - c:\documents and settings\WE\Application Data\lpufsd.dll
HKLM-Run-msaser - c:\documents and settings\WE\Application Data\msaser.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 17:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-13 17:46:39
ComboFix-quarantined-files.txt 2012-06-13 21:46
.
Pre-Run: 294,816,190,464 bytes free
Post-Run: 295,523,184,640 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - D029F12C02922091A727D5D4A94E507E

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 13 June 2012 - 08:46 PM

Greetings

Whew. The website is back up! It had me going for awhile also but then I decided to spend some time with my boys so it worked out great!!


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 13 June 2012 - 09:53 PM

Thanks! Glad you had some "boy time"!

TDSKILLER LOG:
22:19:10.0850 1664 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:19:11.0147 1664 ============================================================
22:19:11.0147 1664 Current date / time: 2012/06/13 22:19:11.0147
22:19:11.0147 1664 SystemInfo:
22:19:11.0147 1664
22:19:11.0147 1664 OS Version: 5.1.2600 ServicePack: 3.0
22:19:11.0147 1664 Product type: Workstation
22:19:11.0147 1664 ComputerName: RB
22:19:11.0147 1664 UserName: WE
22:19:11.0147 1664 Windows directory: C:\WINDOWS
22:19:11.0147 1664 System windows directory: C:\WINDOWS
22:19:11.0147 1664 Processor architecture: Intel x86
22:19:11.0147 1664 Number of processors: 2
22:19:11.0147 1664 Page size: 0x1000
22:19:11.0147 1664 Boot type: Normal boot
22:19:11.0147 1664 ============================================================
22:19:11.0632 1664 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:19:11.0663 1664 ============================================================
22:19:11.0663 1664 \Device\Harddisk0\DR0:
22:19:11.0663 1664 MBR partitions:
22:19:11.0663 1664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x24AC929C
22:19:11.0663 1664 ============================================================
22:19:11.0710 1664 C: <-> \Device\Harddisk0\DR0\Partition0
22:19:11.0710 1664 ============================================================
22:19:11.0710 1664 Initialize success
22:19:11.0710 1664 ============================================================
22:19:15.0553 3784 ============================================================
22:19:15.0553 3784 Scan started
22:19:15.0553 3784 Mode: Manual;
22:19:15.0553 3784 ============================================================
22:19:15.0960 3784 Abiosdsk - ok
22:19:15.0991 3784 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:19:15.0991 3784 abp480n5 - ok
22:19:16.0038 3784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:19:16.0053 3784 ACPI - ok
22:19:16.0085 3784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:19:16.0100 3784 ACPIEC - ok
22:19:16.0178 3784 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:19:16.0178 3784 AdobeFlashPlayerUpdateSvc - ok
22:19:16.0225 3784 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:19:16.0241 3784 adpu160m - ok
22:19:16.0272 3784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:19:16.0272 3784 aec - ok
22:19:16.0335 3784 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:19:16.0335 3784 AFD - ok
22:19:16.0382 3784 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:19:16.0382 3784 agp440 - ok
22:19:16.0397 3784 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:19:16.0397 3784 agpCPQ - ok
22:19:16.0397 3784 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:19:16.0397 3784 Aha154x - ok
22:19:16.0413 3784 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:19:16.0413 3784 aic78u2 - ok
22:19:16.0428 3784 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:19:16.0428 3784 aic78xx - ok
22:19:16.0460 3784 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:19:16.0460 3784 Alerter - ok
22:19:16.0475 3784 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:19:16.0475 3784 ALG - ok
22:19:16.0507 3784 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:19:16.0507 3784 AliIde - ok
22:19:16.0507 3784 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:19:16.0522 3784 alim1541 - ok
22:19:16.0522 3784 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:19:16.0538 3784 amdagp - ok
22:19:16.0538 3784 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:19:16.0553 3784 amsint - ok
22:19:16.0725 3784 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:19:16.0725 3784 Amsp - ok
22:19:16.0788 3784 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:19:16.0788 3784 AppMgmt - ok
22:19:16.0803 3784 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:19:16.0803 3784 asc - ok
22:19:16.0819 3784 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:19:16.0819 3784 asc3350p - ok
22:19:16.0819 3784 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:19:16.0819 3784 asc3550 - ok
22:19:16.0850 3784 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:19:16.0913 3784 ASCTRM - ok
22:19:17.0038 3784 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:19:17.0069 3784 aspnet_state - ok
22:19:17.0116 3784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:19:17.0116 3784 AsyncMac - ok
22:19:17.0147 3784 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:19:17.0147 3784 atapi - ok
22:19:17.0147 3784 Atdisk - ok
22:19:17.0163 3784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:19:17.0163 3784 Atmarpc - ok
22:19:17.0210 3784 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:19:17.0225 3784 AudioSrv - ok
22:19:17.0225 3784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:19:17.0225 3784 audstub - ok
22:19:17.0272 3784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:19:17.0272 3784 Beep - ok
22:19:17.0335 3784 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:19:17.0350 3784 BITS - ok
22:19:17.0382 3784 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:19:17.0382 3784 BridgeMP - ok
22:19:17.0428 3784 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:19:17.0428 3784 Browser - ok
22:19:17.0428 3784 bvrp_pci - ok
22:19:17.0585 3784 catchme - ok
22:19:17.0600 3784 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:19:17.0600 3784 cbidf - ok
22:19:17.0616 3784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:19:17.0616 3784 cbidf2k - ok
22:19:17.0616 3784 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:19:17.0632 3784 cd20xrnt - ok
22:19:17.0647 3784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:19:17.0647 3784 Cdaudio - ok
22:19:17.0663 3784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:19:17.0663 3784 Cdfs - ok
22:19:17.0678 3784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:19:17.0678 3784 Cdrom - ok
22:19:17.0678 3784 Changer - ok
22:19:17.0725 3784 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:19:17.0725 3784 CiSvc - ok
22:19:17.0741 3784 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:19:17.0757 3784 ClipSrv - ok
22:19:17.0788 3784 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:19:17.0788 3784 clr_optimization_v2.0.50727_32 - ok
22:19:17.0819 3784 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:19:17.0819 3784 CmdIde - ok
22:19:17.0819 3784 COMSysApp - ok
22:19:17.0850 3784 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:19:17.0850 3784 Cpqarray - ok
22:19:17.0866 3784 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:19:17.0866 3784 CryptSvc - ok
22:19:17.0897 3784 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:19:17.0897 3784 dac2w2k - ok
22:19:17.0897 3784 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:19:17.0913 3784 dac960nt - ok
22:19:17.0960 3784 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:19:17.0960 3784 DcomLaunch - ok
22:19:18.0022 3784 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:19:18.0022 3784 Dhcp - ok
22:19:18.0053 3784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:19:18.0053 3784 Disk - ok
22:19:18.0085 3784 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:19:18.0163 3784 DLABOIOM - ok
22:19:18.0163 3784 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:19:18.0163 3784 DLACDBHM - ok
22:19:18.0194 3784 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:19:18.0257 3784 DLADResN - ok
22:19:18.0257 3784 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:19:18.0350 3784 DLAIFS_M - ok
22:19:18.0382 3784 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:19:18.0428 3784 DLAOPIOM - ok
22:19:18.0428 3784 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:19:18.0475 3784 DLAPoolM - ok
22:19:18.0491 3784 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:19:18.0491 3784 DLARTL_N - ok
22:19:18.0522 3784 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:19:18.0569 3784 DLAUDFAM - ok
22:19:18.0600 3784 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:19:18.0678 3784 DLAUDF_M - ok
22:19:18.0678 3784 dmadmin - ok
22:19:18.0725 3784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:19:18.0757 3784 dmboot - ok
22:19:18.0772 3784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:19:18.0772 3784 dmio - ok
22:19:18.0803 3784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:19:18.0803 3784 dmload - ok
22:19:18.0835 3784 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:19:18.0835 3784 dmserver - ok
22:19:18.0850 3784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:19:18.0850 3784 DMusic - ok
22:19:18.0897 3784 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:19:18.0897 3784 Dnscache - ok
22:19:18.0944 3784 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:19:18.0944 3784 Dot3svc - ok
22:19:18.0960 3784 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:19:18.0960 3784 dpti2o - ok
22:19:18.0960 3784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:19:18.0960 3784 drmkaud - ok
22:19:18.0991 3784 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:19:18.0991 3784 DRVMCDB - ok
22:19:18.0991 3784 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:19:18.0991 3784 DRVNDDM - ok
22:19:19.0132 3784 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
22:19:19.0163 3784 DSproct - ok
22:19:19.0178 3784 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:19:19.0178 3784 E100B - ok
22:19:19.0210 3784 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:19:19.0210 3784 e1express - ok
22:19:19.0272 3784 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:19:19.0272 3784 EapHost - ok
22:19:19.0382 3784 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
22:19:19.0382 3784 ehRecvr - ok
22:19:19.0444 3784 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:19:19.0444 3784 ehSched - ok
22:19:19.0491 3784 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
22:19:19.0491 3784 ELacpi - ok
22:19:19.0538 3784 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
22:19:19.0553 3784 ELhid - ok
22:19:19.0569 3784 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
22:19:19.0600 3784 ELkbd - ok
22:19:19.0600 3784 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
22:19:19.0632 3784 ELmon - ok
22:19:19.0632 3784 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
22:19:19.0678 3784 ELmou - ok
22:19:19.0772 3784 ELService (47fcf6628e1a221c41f3f0130fbf258e) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
22:19:19.0850 3784 ELService - ok
22:19:19.0882 3784 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:19:19.0882 3784 ERSvc - ok
22:19:19.0928 3784 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:19:19.0928 3784 Eventlog - ok
22:19:19.0991 3784 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:19:19.0991 3784 EventSystem - ok
22:19:20.0038 3784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:19:20.0053 3784 Fastfat - ok
22:19:20.0100 3784 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:19:20.0100 3784 FastUserSwitchingCompatibility - ok
22:19:20.0147 3784 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:19:20.0147 3784 Fax - ok
22:19:20.0163 3784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:19:20.0163 3784 Fdc - ok
22:19:20.0194 3784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:19:20.0194 3784 Fips - ok
22:19:20.0225 3784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:19:20.0225 3784 Flpydisk - ok
22:19:20.0257 3784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:19:20.0257 3784 FltMgr - ok
22:19:20.0366 3784 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:19:20.0366 3784 FontCache3.0.0.0 - ok
22:19:20.0382 3784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:19:20.0382 3784 Fs_Rec - ok
22:19:20.0413 3784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:19:20.0428 3784 Ftdisk - ok
22:19:20.0522 3784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:19:20.0522 3784 Gpc - ok
22:19:20.0538 3784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:19:20.0553 3784 HDAudBus - ok
22:19:20.0632 3784 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:19:20.0632 3784 helpsvc - ok
22:19:20.0694 3784 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:19:20.0694 3784 HidServ - ok
22:19:20.0694 3784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:19:20.0694 3784 HidUsb - ok
22:19:20.0741 3784 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:19:20.0741 3784 hkmsvc - ok
22:19:20.0741 3784 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:19:20.0757 3784 hpn - ok
22:19:20.0757 3784 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:19:20.0772 3784 HSFHWBS2 - ok
22:19:20.0835 3784 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:19:20.0866 3784 HSF_DP - ok
22:19:20.0913 3784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:19:20.0913 3784 HTTP - ok
22:19:20.0944 3784 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:19:20.0944 3784 HTTPFilter - ok
22:19:20.0960 3784 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:19:20.0960 3784 i2omgmt - ok
22:19:20.0991 3784 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:19:20.0991 3784 i2omp - ok
22:19:20.0991 3784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:19:20.0991 3784 i8042prt - ok
22:19:21.0100 3784 IAANTMON (b122be74e283a2bc7febc180bfd2efd5) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:19:21.0178 3784 IAANTMON - ok
22:19:21.0225 3784 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
22:19:21.0225 3784 iaStor - ok
22:19:21.0382 3784 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:19:21.0413 3784 idsvc - ok
22:19:21.0444 3784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:19:21.0444 3784 Imapi - ok
22:19:21.0475 3784 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:19:21.0491 3784 ImapiService - ok
22:19:21.0507 3784 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:19:21.0522 3784 ini910u - ok
22:19:21.0553 3784 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:19:21.0553 3784 IntelIde - ok
22:19:21.0585 3784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:19:21.0585 3784 intelppm - ok
22:19:21.0616 3784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:19:21.0616 3784 Ip6Fw - ok
22:19:21.0632 3784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:19:21.0647 3784 IpFilterDriver - ok
22:19:21.0647 3784 iphlpsvc - ok
22:19:21.0647 3784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:19:21.0663 3784 IpInIp - ok
22:19:21.0694 3784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:19:21.0694 3784 IpNat - ok
22:19:21.0710 3784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:19:21.0710 3784 IPSec - ok
22:19:21.0741 3784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:19:21.0741 3784 IRENUM - ok
22:19:21.0757 3784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:19:21.0757 3784 isapnp - ok
22:19:21.0944 3784 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
22:19:21.0944 3784 JavaQuickStarterService - ok
22:19:21.0960 3784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:19:21.0960 3784 Kbdclass - ok
22:19:21.0960 3784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:19:21.0960 3784 kbdhid - ok
22:19:22.0022 3784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:19:22.0022 3784 kmixer - ok
22:19:22.0069 3784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:19:22.0069 3784 KSecDD - ok
22:19:22.0132 3784 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:19:22.0132 3784 lanmanserver - ok
22:19:22.0178 3784 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:19:22.0178 3784 lanmanworkstation - ok
22:19:22.0178 3784 lbrtfdc - ok
22:19:22.0194 3784 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:19:22.0194 3784 LmHosts - ok
22:19:22.0303 3784 McciCMService (67b6f4e0db57dd2020a2415294ba4ed8) C:\Program Files\Common Files\Motive\McciCMService.exe
22:19:22.0413 3784 McciCMService - ok
22:19:22.0475 3784 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:19:22.0491 3784 McrdSvc - ok
22:19:22.0553 3784 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:19:22.0569 3784 MDM - ok
22:19:22.0600 3784 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:19:22.0600 3784 mdmxsdk - ok
22:19:22.0632 3784 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
22:19:22.0663 3784 MHN - ok
22:19:22.0678 3784 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:19:22.0725 3784 MHNDRV - ok
22:19:22.0757 3784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:19:22.0757 3784 mnmdd - ok
22:19:22.0788 3784 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:19:22.0803 3784 mnmsrvc - ok
22:19:22.0835 3784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:19:22.0835 3784 Modem - ok
22:19:22.0850 3784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:19:22.0850 3784 MODEMCSA - ok
22:19:22.0850 3784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:19:22.0850 3784 Mouclass - ok
22:19:22.0913 3784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:19:22.0913 3784 mouhid - ok
22:19:22.0913 3784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:19:22.0928 3784 MountMgr - ok
22:19:22.0944 3784 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:19:22.0944 3784 mraid35x - ok
22:19:22.0975 3784 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
22:19:23.0022 3784 MREMPR5 - ok
22:19:23.0038 3784 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
22:19:23.0116 3784 MRENDIS5 - ok
22:19:23.0116 3784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:19:23.0132 3784 MRxDAV - ok
22:19:23.0178 3784 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:19:23.0194 3784 MRxSmb - ok
22:19:23.0241 3784 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:19:23.0241 3784 MSDTC - ok
22:19:23.0257 3784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:19:23.0257 3784 Msfs - ok
22:19:23.0257 3784 MSIServer - ok
22:19:23.0272 3784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:19:23.0288 3784 MSKSSRV - ok
22:19:23.0303 3784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:19:23.0303 3784 MSPCLOCK - ok
22:19:23.0319 3784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:19:23.0319 3784 MSPQM - ok
22:19:23.0366 3784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:19:23.0366 3784 mssmbios - ok
22:19:23.0397 3784 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:19:23.0397 3784 Mup - ok
22:19:23.0413 3784 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
22:19:23.0475 3784 NAL - ok
22:19:23.0538 3784 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:19:23.0569 3784 napagent - ok
22:19:23.0585 3784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:19:23.0585 3784 NDIS - ok
22:19:23.0647 3784 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:19:23.0647 3784 NdisTapi - ok
22:19:23.0694 3784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:19:23.0694 3784 Ndisuio - ok
22:19:23.0694 3784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:19:23.0710 3784 NdisWan - ok
22:19:23.0725 3784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:19:23.0725 3784 NDProxy - ok
22:19:23.0741 3784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:19:23.0741 3784 NetBIOS - ok
22:19:23.0772 3784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:19:23.0772 3784 NetBT - ok
22:19:23.0819 3784 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:19:23.0819 3784 NetDDE - ok
22:19:23.0819 3784 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:19:23.0819 3784 NetDDEdsdm - ok
22:19:23.0866 3784 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:23.0866 3784 Netlogon - ok
22:19:23.0928 3784 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:19:23.0928 3784 Netman - ok
22:19:24.0069 3784 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:19:24.0069 3784 NetTcpPortSharing - ok
22:19:24.0116 3784 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:19:24.0116 3784 Nla - ok
22:19:24.0163 3784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:19:24.0163 3784 Npfs - ok
22:19:24.0194 3784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:19:24.0194 3784 Ntfs - ok
22:19:24.0210 3784 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:24.0210 3784 NtLmSsp - ok
22:19:24.0257 3784 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:19:24.0272 3784 NtmsSvc - ok
22:19:24.0303 3784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:19:24.0303 3784 Null - ok
22:19:24.0569 3784 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:19:24.0741 3784 nv - ok
22:19:25.0007 3784 NVSvc (2f7cd9d1bb1948da19cf51e76550fd68) C:\WINDOWS\system32\nvsvc32.exe
22:19:25.0007 3784 NVSvc - ok
22:19:25.0038 3784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:19:25.0038 3784 NwlnkFlt - ok
22:19:25.0038 3784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:19:25.0053 3784 NwlnkFwd - ok
22:19:25.0116 3784 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:19:25.0116 3784 ose - ok
22:19:25.0163 3784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:19:25.0163 3784 Parport - ok
22:19:25.0163 3784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:19:25.0163 3784 PartMgr - ok
22:19:25.0178 3784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:19:25.0194 3784 ParVdm - ok
22:19:25.0210 3784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:19:25.0210 3784 PCI - ok
22:19:25.0210 3784 PCIDump - ok
22:19:25.0241 3784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:19:25.0257 3784 PCIIde - ok
22:19:25.0288 3784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:19:25.0288 3784 Pcmcia - ok
22:19:25.0288 3784 PDCOMP - ok
22:19:25.0288 3784 PDFRAME - ok
22:19:25.0303 3784 PDRELI - ok
22:19:25.0303 3784 PDRFRAME - ok
22:19:25.0319 3784 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:19:25.0319 3784 perc2 - ok
22:19:25.0335 3784 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:19:25.0335 3784 perc2hib - ok
22:19:25.0397 3784 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
22:19:25.0538 3784 pfc - ok
22:19:25.0757 3784 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:19:25.0757 3784 PlugPlay - ok
22:19:25.0913 3784 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
22:19:25.0944 3784 PMBDeviceInfoProvider - ok
22:19:25.0991 3784 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:25.0991 3784 PolicyAgent - ok
22:19:26.0038 3784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:19:26.0038 3784 PptpMiniport - ok
22:19:26.0038 3784 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:26.0038 3784 ProtectedStorage - ok
22:19:26.0053 3784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:19:26.0053 3784 PSched - ok
22:19:26.0100 3784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:19:26.0100 3784 Ptilink - ok
22:19:26.0132 3784 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:19:26.0132 3784 PxHelp20 - ok
22:19:26.0163 3784 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:19:26.0163 3784 ql1080 - ok
22:19:26.0163 3784 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:19:26.0163 3784 Ql10wnt - ok
22:19:26.0178 3784 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:19:26.0178 3784 ql12160 - ok
22:19:26.0194 3784 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:19:26.0194 3784 ql1240 - ok
22:19:26.0225 3784 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:19:26.0225 3784 ql1280 - ok
22:19:26.0257 3784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:19:26.0257 3784 RasAcd - ok
22:19:26.0397 3784 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:19:26.0444 3784 RasAuto - ok
22:19:26.0522 3784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:19:26.0522 3784 Rasl2tp - ok
22:19:26.0835 3784 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:19:26.0866 3784 RasMan - ok
22:19:26.0882 3784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:19:26.0882 3784 RasPppoe - ok
22:19:26.0897 3784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:19:26.0897 3784 Raspti - ok
22:19:26.0913 3784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:19:26.0913 3784 Rdbss - ok
22:19:26.0913 3784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:19:26.0913 3784 RDPCDD - ok
22:19:26.0960 3784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:19:26.0960 3784 rdpdr - ok
22:19:26.0991 3784 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:19:26.0991 3784 RDPWD - ok
22:19:27.0007 3784 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:19:27.0022 3784 RDSessMgr - ok
22:19:27.0053 3784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:19:27.0053 3784 redbook - ok
22:19:27.0085 3784 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:19:27.0085 3784 RemoteAccess - ok
22:19:27.0132 3784 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:19:27.0132 3784 RemoteRegistry - ok
22:19:27.0163 3784 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:19:27.0163 3784 RpcLocator - ok
22:19:27.0225 3784 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:19:27.0225 3784 RpcSs - ok
22:19:27.0257 3784 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:19:27.0257 3784 RSVP - ok
22:19:27.0319 3784 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:27.0319 3784 SamSs - ok
22:19:27.0507 3784 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:19:27.0538 3784 SCardSvr - ok
22:19:27.0913 3784 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:19:27.0913 3784 Schedule - ok
22:19:27.0960 3784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:19:27.0975 3784 Secdrv - ok
22:19:28.0007 3784 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:19:28.0007 3784 seclogon - ok
22:19:28.0053 3784 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:19:28.0069 3784 SENS - ok
22:19:28.0116 3784 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:19:28.0116 3784 serenum - ok
22:19:28.0147 3784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:19:28.0147 3784 Serial - ok
22:19:28.0147 3784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:19:28.0163 3784 Sfloppy - ok
22:19:28.0210 3784 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:19:28.0225 3784 SharedAccess - ok
22:19:28.0288 3784 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:19:28.0288 3784 ShellHWDetection - ok
22:19:28.0288 3784 Simbad - ok
22:19:28.0397 3784 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:19:28.0428 3784 sisagp - ok
22:19:28.0507 3784 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:19:28.0522 3784 Sparrow - ok
22:19:28.0569 3784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:19:28.0600 3784 splitter - ok
22:19:28.0725 3784 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:19:28.0725 3784 Spooler - ok
22:19:28.0897 3784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:19:28.0960 3784 sr - ok
22:19:29.0085 3784 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:19:29.0085 3784 srservice - ok
22:19:29.0147 3784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:19:29.0163 3784 Srv - ok
22:19:29.0194 3784 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:19:29.0194 3784 SSDPSRV - ok
22:19:29.0272 3784 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
22:19:29.0366 3784 STHDA - ok
22:19:29.0850 3784 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:19:29.0850 3784 stisvc - ok
22:19:29.0944 3784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:19:29.0944 3784 swenum - ok
22:19:29.0960 3784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:19:29.0960 3784 swmidi - ok
22:19:29.0960 3784 SwPrv - ok
22:19:30.0022 3784 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:19:30.0022 3784 symc810 - ok
22:19:30.0038 3784 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:19:30.0038 3784 symc8xx - ok
22:19:30.0038 3784 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:19:30.0053 3784 sym_hi - ok
22:19:30.0053 3784 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:19:30.0053 3784 sym_u3 - ok
22:19:30.0100 3784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:19:30.0116 3784 sysaudio - ok
22:19:30.0147 3784 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:19:30.0147 3784 SysmonLog - ok
22:19:30.0194 3784 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:19:30.0210 3784 TapiSrv - ok
22:19:30.0272 3784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:19:30.0288 3784 Tcpip - ok
22:19:30.0319 3784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:19:30.0319 3784 TDPIPE - ok
22:19:30.0397 3784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:19:30.0444 3784 TDTCP - ok
22:19:30.0444 3784 tdx - ok
22:19:30.0553 3784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:19:30.0616 3784 TermDD - ok
22:19:30.0757 3784 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:19:30.0757 3784 TermService - ok
22:19:30.0803 3784 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:19:30.0803 3784 Themes - ok
22:19:30.0850 3784 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:19:30.0850 3784 TlntSvr - ok
22:19:30.0897 3784 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
22:19:30.0960 3784 tmactmon - ok
22:19:30.0991 3784 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
22:19:31.0038 3784 tmcomm - ok
22:19:31.0069 3784 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
22:19:31.0116 3784 tmevtmgr - ok
22:19:31.0147 3784 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
22:19:31.0147 3784 tmtdi - ok
22:19:31.0178 3784 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:19:31.0194 3784 TosIde - ok
22:19:31.0225 3784 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:19:31.0225 3784 TrkWks - ok
22:19:31.0272 3784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:19:31.0272 3784 Udfs - ok
22:19:31.0288 3784 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:19:31.0288 3784 ultra - ok
22:19:31.0741 3784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:19:31.0757 3784 Update - ok
22:19:31.0803 3784 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:19:31.0819 3784 upnphost - ok
22:19:31.0850 3784 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:19:31.0850 3784 UPS - ok
22:19:31.0882 3784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:19:31.0882 3784 usbccgp - ok
22:19:31.0897 3784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:19:31.0897 3784 usbehci - ok
22:19:31.0944 3784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:19:31.0960 3784 usbhub - ok
22:19:31.0991 3784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:19:32.0007 3784 usbprint - ok
22:19:32.0007 3784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:19:32.0022 3784 usbscan - ok
22:19:32.0022 3784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:19:32.0022 3784 USBSTOR - ok
22:19:32.0038 3784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:19:32.0053 3784 usbuhci - ok
22:19:32.0116 3784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:19:32.0116 3784 VgaSave - ok
22:19:32.0147 3784 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:19:32.0147 3784 viaagp - ok
22:19:32.0163 3784 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:19:32.0163 3784 ViaIde - ok
22:19:32.0194 3784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:19:32.0194 3784 VolSnap - ok
22:19:32.0241 3784 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:19:32.0257 3784 VSS - ok
22:19:32.0288 3784 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:19:32.0288 3784 w32time - ok
22:19:32.0382 3784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:19:32.0382 3784 Wanarp - ok
22:19:32.0382 3784 wanatw - ok
22:19:32.0397 3784 WDICA - ok
22:19:32.0444 3784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:19:32.0444 3784 wdmaud - ok
22:19:32.0491 3784 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:19:32.0507 3784 WebClient - ok
22:19:32.0569 3784 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:19:32.0600 3784 winachsf - ok
22:19:32.0647 3784 WinDefend - ok
22:19:32.0663 3784 WinHttpAutoProxySvc - ok
22:19:32.0757 3784 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:19:32.0757 3784 winmgmt - ok
22:19:32.0803 3784 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:19:32.0803 3784 WmdmPmSN - ok
22:19:32.0866 3784 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:19:32.0897 3784 Wmi - ok
22:19:32.0960 3784 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:19:32.0960 3784 WmiApSrv - ok
22:19:33.0069 3784 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:19:33.0116 3784 WMPNetworkSvc - ok
22:19:33.0194 3784 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:19:33.0194 3784 WpdUsb - ok
22:19:33.0210 3784 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:19:33.0210 3784 WS2IFSL - ok
22:19:33.0257 3784 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:19:33.0257 3784 wscsvc - ok
22:19:33.0257 3784 WSearch - ok
22:19:33.0303 3784 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:19:33.0319 3784 wuauserv - ok
22:19:33.0428 3784 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:19:33.0444 3784 WudfPf - ok
22:19:33.0491 3784 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:19:33.0491 3784 WudfRd - ok
22:19:33.0522 3784 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:19:33.0522 3784 WudfSvc - ok
22:19:33.0585 3784 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:19:33.0600 3784 WZCSVC - ok
22:19:33.0647 3784 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:19:33.0647 3784 xmlprov - ok
22:19:33.0663 3784 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
22:19:33.0960 3784 \Device\Harddisk0\DR0 - ok
22:19:33.0975 3784 Boot (0x1200) (b34ab18d1dbba97d4b861019f1ddf751) \Device\Harddisk0\DR0\Partition0
22:19:33.0975 3784 \Device\Harddisk0\DR0\Partition0 - ok
22:19:33.0975 3784 ============================================================
22:19:33.0975 3784 Scan finished
22:19:33.0975 3784 ============================================================
22:19:33.0975 3096 Detected object count: 0
22:19:33.0975 3096 Actual detected object count: 0
22:19:35.0506 5440 ============================================================
22:19:35.0506 5440 Scan started
22:19:35.0506 5440 Mode: Manual;
22:19:35.0506 5440 ============================================================
22:19:35.0850 5440 Abiosdsk - ok
22:19:35.0881 5440 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:19:35.0881 5440 abp480n5 - ok
22:19:35.0928 5440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:19:35.0928 5440 ACPI - ok
22:19:35.0960 5440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:19:35.0960 5440 ACPIEC - ok
22:19:36.0038 5440 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:19:36.0053 5440 AdobeFlashPlayerUpdateSvc - ok
22:19:36.0085 5440 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:19:36.0085 5440 adpu160m - ok
22:19:36.0131 5440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:19:36.0131 5440 aec - ok
22:19:36.0178 5440 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:19:36.0178 5440 AFD - ok
22:19:36.0225 5440 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:19:36.0225 5440 agp440 - ok
22:19:36.0225 5440 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:19:36.0225 5440 agpCPQ - ok
22:19:36.0241 5440 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:19:36.0241 5440 Aha154x - ok
22:19:36.0256 5440 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:19:36.0256 5440 aic78u2 - ok
22:19:36.0256 5440 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:19:36.0256 5440 aic78xx - ok
22:19:36.0303 5440 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:19:36.0303 5440 Alerter - ok
22:19:36.0303 5440 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:19:36.0303 5440 ALG - ok
22:19:36.0335 5440 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:19:36.0335 5440 AliIde - ok
22:19:36.0350 5440 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:19:36.0350 5440 alim1541 - ok
22:19:36.0366 5440 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:19:36.0366 5440 amdagp - ok
22:19:36.0381 5440 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:19:36.0381 5440 amsint - ok
22:19:36.0553 5440 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
22:19:36.0553 5440 Amsp - ok
22:19:36.0600 5440 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:19:36.0600 5440 AppMgmt - ok
22:19:36.0616 5440 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:19:36.0616 5440 asc - ok
22:19:36.0631 5440 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:19:36.0631 5440 asc3350p - ok
22:19:36.0631 5440 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:19:36.0631 5440 asc3550 - ok
22:19:36.0663 5440 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
22:19:36.0663 5440 ASCTRM - ok
22:19:36.0803 5440 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:19:36.0803 5440 aspnet_state - ok
22:19:36.0850 5440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:19:36.0850 5440 AsyncMac - ok
22:19:36.0881 5440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:19:36.0881 5440 atapi - ok
22:19:36.0881 5440 Atdisk - ok
22:19:36.0897 5440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:19:36.0897 5440 Atmarpc - ok
22:19:36.0944 5440 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:19:36.0944 5440 AudioSrv - ok
22:19:36.0991 5440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:19:36.0991 5440 audstub - ok
22:19:37.0038 5440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:19:37.0038 5440 Beep - ok
22:19:37.0116 5440 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:19:37.0116 5440 BITS - ok
22:19:37.0163 5440 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
22:19:37.0163 5440 BridgeMP - ok
22:19:37.0194 5440 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:19:37.0194 5440 Browser - ok
22:19:37.0194 5440 bvrp_pci - ok
22:19:37.0381 5440 catchme - ok
22:19:37.0397 5440 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:19:37.0397 5440 cbidf - ok
22:19:37.0413 5440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:19:37.0413 5440 cbidf2k - ok
22:19:37.0413 5440 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:19:37.0413 5440 cd20xrnt - ok
22:19:37.0444 5440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:19:37.0444 5440 Cdaudio - ok
22:19:37.0460 5440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:19:37.0460 5440 Cdfs - ok
22:19:37.0475 5440 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:19:37.0475 5440 Cdrom - ok
22:19:37.0475 5440 Changer - ok
22:19:37.0522 5440 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:19:37.0522 5440 CiSvc - ok
22:19:37.0553 5440 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:19:37.0553 5440 ClipSrv - ok
22:19:37.0585 5440 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:19:37.0600 5440 clr_optimization_v2.0.50727_32 - ok
22:19:37.0616 5440 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:19:37.0616 5440 CmdIde - ok
22:19:37.0616 5440 COMSysApp - ok
22:19:37.0647 5440 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:19:37.0647 5440 Cpqarray - ok
22:19:37.0694 5440 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:19:37.0694 5440 CryptSvc - ok
22:19:37.0725 5440 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:19:37.0725 5440 dac2w2k - ok
22:19:37.0741 5440 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:19:37.0741 5440 dac960nt - ok
22:19:37.0788 5440 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:19:37.0803 5440 DcomLaunch - ok
22:19:37.0850 5440 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:19:37.0850 5440 Dhcp - ok
22:19:37.0850 5440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:19:37.0850 5440 Disk - ok
22:19:37.0944 5440 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:19:37.0944 5440 DLABOIOM - ok
22:19:37.0975 5440 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:19:37.0975 5440 DLACDBHM - ok
22:19:37.0991 5440 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:19:37.0991 5440 DLADResN - ok
22:19:37.0991 5440 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:19:38.0006 5440 DLAIFS_M - ok
22:19:38.0053 5440 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:19:38.0053 5440 DLAOPIOM - ok
22:19:38.0053 5440 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:19:38.0053 5440 DLAPoolM - ok
22:19:38.0053 5440 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:19:38.0069 5440 DLARTL_N - ok
22:19:38.0069 5440 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:19:38.0069 5440 DLAUDFAM - ok
22:19:38.0069 5440 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:19:38.0085 5440 DLAUDF_M - ok
22:19:38.0085 5440 dmadmin - ok
22:19:38.0147 5440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:19:38.0147 5440 dmboot - ok
22:19:38.0163 5440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:19:38.0163 5440 dmio - ok
22:19:38.0178 5440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:19:38.0178 5440 dmload - ok
22:19:38.0194 5440 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:19:38.0194 5440 dmserver - ok
22:19:38.0225 5440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:19:38.0225 5440 DMusic - ok
22:19:38.0272 5440 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:19:38.0272 5440 Dnscache - ok
22:19:38.0303 5440 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:19:38.0319 5440 Dot3svc - ok
22:19:38.0319 5440 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:19:38.0319 5440 dpti2o - ok
22:19:38.0319 5440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:19:38.0319 5440 drmkaud - ok
22:19:38.0366 5440 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:19:38.0366 5440 DRVMCDB - ok
22:19:38.0366 5440 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:19:38.0366 5440 DRVNDDM - ok
22:19:38.0491 5440 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
22:19:38.0491 5440 DSproct - ok
22:19:38.0522 5440 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:19:38.0522 5440 E100B - ok
22:19:38.0553 5440 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:19:38.0569 5440 e1express - ok
22:19:38.0616 5440 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:19:38.0616 5440 EapHost - ok
22:19:38.0725 5440 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
22:19:38.0725 5440 ehRecvr - ok
22:19:38.0788 5440 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
22:19:38.0788 5440 ehSched - ok
22:19:38.0819 5440 ELacpi (0923aec043f5d355b4ef0c2b29a362de) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
22:19:38.0819 5440 ELacpi - ok
22:19:38.0866 5440 ELhid (cbd71e7772f92bfb85ccc302b2deefba) C:\WINDOWS\System32\Drivers\Elhid.sys
22:19:38.0866 5440 ELhid - ok
22:19:38.0897 5440 ELkbd (ac75b576c45d144e146fd1f0576a1f53) C:\WINDOWS\System32\Drivers\Elkbd.sys
22:19:38.0897 5440 ELkbd - ok
22:19:38.0897 5440 ELmon (483cce5e40137d4e437f4def55c80007) C:\WINDOWS\System32\Drivers\Elmon.sys
22:19:38.0897 5440 ELmon - ok
22:19:38.0897 5440 ELmou (8e88cafeac0812bf2d15beeedfcce8bd) C:\WINDOWS\System32\Drivers\Elmou.sys
22:19:38.0897 5440 ELmou - ok
22:19:39.0006 5440 ELService (47fcf6628e1a221c41f3f0130fbf258e) C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
22:19:39.0006 5440 ELService - ok
22:19:39.0053 5440 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:19:39.0053 5440 ERSvc - ok
22:19:39.0100 5440 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:19:39.0100 5440 Eventlog - ok
22:19:39.0163 5440 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:19:39.0163 5440 EventSystem - ok
22:19:39.0194 5440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:19:39.0194 5440 Fastfat - ok
22:19:39.0241 5440 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:19:39.0241 5440 FastUserSwitchingCompatibility - ok
22:19:39.0272 5440 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
22:19:39.0272 5440 Fax - ok
22:19:39.0288 5440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:19:39.0288 5440 Fdc - ok
22:19:39.0319 5440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:19:39.0319 5440 Fips - ok
22:19:39.0350 5440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:19:39.0366 5440 Flpydisk - ok
22:19:39.0366 5440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:19:39.0366 5440 FltMgr - ok
22:19:39.0460 5440 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:19:39.0460 5440 FontCache3.0.0.0 - ok
22:19:39.0491 5440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:19:39.0506 5440 Fs_Rec - ok
22:19:39.0553 5440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:19:39.0553 5440 Ftdisk - ok
22:19:39.0600 5440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:19:39.0616 5440 Gpc - ok
22:19:39.0616 5440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:19:39.0631 5440 HDAudBus - ok
22:19:39.0694 5440 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:19:39.0694 5440 helpsvc - ok
22:19:39.0725 5440 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
22:19:39.0725 5440 HidServ - ok
22:19:39.0725 5440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:19:39.0741 5440 HidUsb - ok
22:19:39.0772 5440 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:19:39.0772 5440 hkmsvc - ok
22:19:39.0788 5440 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:19:39.0788 5440 hpn - ok
22:19:39.0803 5440 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
22:19:39.0819 5440 HSFHWBS2 - ok
22:19:39.0897 5440 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:19:39.0897 5440 HSF_DP - ok
22:19:39.0960 5440 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:19:39.0960 5440 HTTP - ok
22:19:40.0022 5440 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:19:40.0022 5440 HTTPFilter - ok
22:19:40.0038 5440 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:19:40.0038 5440 i2omgmt - ok
22:19:40.0069 5440 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:19:40.0069 5440 i2omp - ok
22:19:40.0069 5440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:19:40.0069 5440 i8042prt - ok
22:19:40.0178 5440 IAANTMON (b122be74e283a2bc7febc180bfd2efd5) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:19:40.0178 5440 IAANTMON - ok
22:19:40.0210 5440 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
22:19:40.0210 5440 iaStor - ok
22:19:40.0303 5440 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:19:40.0303 5440 idsvc - ok
22:19:40.0350 5440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:19:40.0350 5440 Imapi - ok
22:19:40.0397 5440 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:19:40.0397 5440 ImapiService - ok
22:19:40.0428 5440 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:19:40.0428 5440 ini910u - ok
22:19:40.0444 5440 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:19:40.0444 5440 IntelIde - ok
22:19:40.0475 5440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:19:40.0491 5440 intelppm - ok
22:19:40.0522 5440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:19:40.0522 5440 Ip6Fw - ok
22:19:40.0522 5440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:19:40.0522 5440 IpFilterDriver - ok
22:19:40.0538 5440 iphlpsvc - ok
22:19:40.0538 5440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:19:40.0538 5440 IpInIp - ok
22:19:40.0585 5440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:19:40.0585 5440 IpNat - ok
22:19:40.0600 5440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:19:40.0600 5440 IPSec - ok
22:19:40.0631 5440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:19:40.0631 5440 IRENUM - ok
22:19:40.0663 5440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:19:40.0663 5440 isapnp - ok
22:19:40.0772 5440 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
22:19:40.0772 5440 JavaQuickStarterService - ok
22:19:40.0788 5440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:19:40.0788 5440 Kbdclass - ok
22:19:40.0788 5440 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:19:40.0788 5440 kbdhid - ok
22:19:40.0850 5440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:19:40.0850 5440 kmixer - ok
22:19:40.0881 5440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:19:40.0881 5440 KSecDD - ok
22:19:40.0928 5440 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:19:40.0928 5440 lanmanserver - ok
22:19:40.0975 5440 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:19:40.0975 5440 lanmanworkstation - ok
22:19:40.0975 5440 lbrtfdc - ok
22:19:41.0038 5440 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:19:41.0038 5440 LmHosts - ok
22:19:41.0131 5440 McciCMService (67b6f4e0db57dd2020a2415294ba4ed8) C:\Program Files\Common Files\Motive\McciCMService.exe
22:19:41.0147 5440 McciCMService - ok
22:19:41.0241 5440 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
22:19:41.0241 5440 McrdSvc - ok
22:19:41.0303 5440 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:19:41.0303 5440 MDM - ok
22:19:41.0335 5440 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:19:41.0335 5440 mdmxsdk - ok
22:19:41.0366 5440 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
22:19:41.0366 5440 MHN - ok
22:19:41.0381 5440 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:19:41.0381 5440 MHNDRV - ok
22:19:41.0397 5440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:19:41.0397 5440 mnmdd - ok
22:19:41.0428 5440 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:19:41.0428 5440 mnmsrvc - ok
22:19:41.0475 5440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:19:41.0475 5440 Modem - ok
22:19:41.0475 5440 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:19:41.0475 5440 MODEMCSA - ok
22:19:41.0475 5440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:19:41.0475 5440 Mouclass - ok
22:19:41.0553 5440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:19:41.0553 5440 mouhid - ok
22:19:41.0553 5440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:19:41.0553 5440 MountMgr - ok
22:19:41.0585 5440 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:19:41.0585 5440 mraid35x - ok
22:19:41.0600 5440 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
22:19:41.0616 5440 MREMPR5 - ok
22:19:41.0616 5440 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
22:19:41.0616 5440 MRENDIS5 - ok
22:19:41.0663 5440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:19:41.0663 5440 MRxDAV - ok
22:19:41.0725 5440 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:19:41.0725 5440 MRxSmb - ok
22:19:41.0756 5440 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:19:41.0772 5440 MSDTC - ok
22:19:41.0788 5440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:19:41.0788 5440 Msfs - ok
22:19:41.0788 5440 MSIServer - ok
22:19:41.0803 5440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:19:41.0803 5440 MSKSSRV - ok
22:19:41.0835 5440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:19:41.0835 5440 MSPCLOCK - ok
22:19:41.0850 5440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:19:41.0850 5440 MSPQM - ok
22:19:41.0897 5440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:19:41.0897 5440 mssmbios - ok
22:19:41.0928 5440 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:19:41.0928 5440 Mup - ok
22:19:41.0944 5440 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
22:19:41.0944 5440 NAL - ok
22:19:42.0006 5440 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:19:42.0006 5440 napagent - ok
22:19:42.0006 5440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:19:42.0022 5440 NDIS - ok
22:19:42.0053 5440 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:19:42.0053 5440 NdisTapi - ok
22:19:42.0085 5440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:19:42.0085 5440 Ndisuio - ok
22:19:42.0085 5440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:19:42.0085 5440 NdisWan - ok
22:19:42.0131 5440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:19:42.0131 5440 NDProxy - ok
22:19:42.0131 5440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:19:42.0131 5440 NetBIOS - ok
22:19:42.0163 5440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:19:42.0163 5440 NetBT - ok
22:19:42.0210 5440 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:19:42.0210 5440 NetDDE - ok
22:19:42.0210 5440 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:19:42.0210 5440 NetDDEdsdm - ok
22:19:42.0241 5440 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:42.0241 5440 Netlogon - ok
22:19:42.0303 5440 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:19:42.0303 5440 Netman - ok
22:19:42.0444 5440 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:19:42.0460 5440 NetTcpPortSharing - ok
22:19:42.0506 5440 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:19:42.0506 5440 Nla - ok
22:19:42.0506 5440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:19:42.0506 5440 Npfs - ok
22:19:42.0553 5440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:19:42.0553 5440 Ntfs - ok
22:19:42.0585 5440 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:42.0585 5440 NtLmSsp - ok
22:19:42.0631 5440 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:19:42.0631 5440 NtmsSvc - ok
22:19:42.0678 5440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:19:42.0678 5440 Null - ok
22:19:42.0928 5440 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:19:42.0944 5440 nv - ok
22:19:43.0069 5440 NVSvc (2f7cd9d1bb1948da19cf51e76550fd68) C:\WINDOWS\system32\nvsvc32.exe
22:19:43.0069 5440 NVSvc - ok
22:19:43.0100 5440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:19:43.0100 5440 NwlnkFlt - ok
22:19:43.0116 5440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:19:43.0116 5440 NwlnkFwd - ok
22:19:43.0194 5440 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:19:43.0194 5440 ose - ok
22:19:43.0225 5440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:19:43.0241 5440 Parport - ok
22:19:43.0241 5440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:19:43.0241 5440 PartMgr - ok
22:19:43.0256 5440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:19:43.0256 5440 ParVdm - ok
22:19:43.0256 5440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:19:43.0256 5440 PCI - ok
22:19:43.0256 5440 PCIDump - ok
22:19:43.0288 5440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:19:43.0288 5440 PCIIde - ok
22:19:43.0335 5440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:19:43.0335 5440 Pcmcia - ok
22:19:43.0335 5440 PDCOMP - ok
22:19:43.0335 5440 PDFRAME - ok
22:19:43.0335 5440 PDRELI - ok
22:19:43.0350 5440 PDRFRAME - ok
22:19:43.0381 5440 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:19:43.0381 5440 perc2 - ok
22:19:43.0397 5440 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:19:43.0397 5440 perc2hib - ok
22:19:43.0444 5440 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
22:19:43.0444 5440 pfc - ok
22:19:43.0491 5440 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:19:43.0491 5440 PlugPlay - ok
22:19:43.0616 5440 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
22:19:43.0616 5440 PMBDeviceInfoProvider - ok
22:19:43.0647 5440 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:43.0647 5440 PolicyAgent - ok
22:19:43.0678 5440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:19:43.0678 5440 PptpMiniport - ok
22:19:43.0678 5440 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:43.0678 5440 ProtectedStorage - ok
22:19:43.0694 5440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:19:43.0694 5440 PSched - ok
22:19:43.0772 5440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:19:43.0772 5440 Ptilink - ok
22:19:43.0803 5440 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:19:43.0803 5440 PxHelp20 - ok
22:19:43.0835 5440 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:19:43.0835 5440 ql1080 - ok
22:19:43.0835 5440 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:19:43.0835 5440 Ql10wnt - ok
22:19:43.0850 5440 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:19:43.0850 5440 ql12160 - ok
22:19:43.0866 5440 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:19:43.0866 5440 ql1240 - ok
22:19:43.0881 5440 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:19:43.0881 5440 ql1280 - ok
22:19:43.0913 5440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:19:43.0913 5440 RasAcd - ok
22:19:43.0944 5440 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:19:43.0944 5440 RasAuto - ok
22:19:43.0975 5440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:19:43.0975 5440 Rasl2tp - ok
22:19:44.0038 5440 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:19:44.0038 5440 RasMan - ok
22:19:44.0053 5440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:19:44.0053 5440 RasPppoe - ok
22:19:44.0053 5440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:19:44.0053 5440 Raspti - ok
22:19:44.0116 5440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:19:44.0116 5440 Rdbss - ok
22:19:44.0116 5440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:19:44.0131 5440 RDPCDD - ok
22:19:44.0131 5440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:19:44.0131 5440 rdpdr - ok
22:19:44.0178 5440 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:19:44.0178 5440 RDPWD - ok
22:19:44.0210 5440 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:19:44.0210 5440 RDSessMgr - ok
22:19:44.0210 5440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:19:44.0225 5440 redbook - ok
22:19:44.0241 5440 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:19:44.0241 5440 RemoteAccess - ok
22:19:44.0288 5440 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:19:44.0288 5440 RemoteRegistry - ok
22:19:44.0319 5440 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:19:44.0335 5440 RpcLocator - ok
22:19:44.0381 5440 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:19:44.0381 5440 RpcSs - ok
22:19:44.0428 5440 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:19:44.0428 5440 RSVP - ok
22:19:44.0460 5440 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:19:44.0475 5440 SamSs - ok
22:19:44.0491 5440 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:19:44.0491 5440 SCardSvr - ok
22:19:44.0538 5440 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:19:44.0538 5440 Schedule - ok
22:19:44.0585 5440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:19:44.0585 5440 Secdrv - ok
22:19:44.0600 5440 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:19:44.0600 5440 seclogon - ok
22:19:44.0631 5440 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:19:44.0631 5440 SENS - ok
22:19:44.0663 5440 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:19:44.0663 5440 serenum - ok
22:19:44.0694 5440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:19:44.0694 5440 Serial - ok
22:19:44.0710 5440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:19:44.0710 5440 Sfloppy - ok
22:19:44.0756 5440 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:19:44.0772 5440 SharedAccess - ok
22:19:44.0835 5440 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:19:44.0835 5440 ShellHWDetection - ok
22:19:44.0835 5440 Simbad - ok
22:19:44.0881 5440 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:19:44.0881 5440 sisagp - ok
22:19:44.0897 5440 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:19:44.0897 5440 Sparrow - ok
22:19:44.0928 5440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:19:44.0928 5440 splitter - ok
22:19:44.0960 5440 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:19:44.0960 5440 Spooler - ok
22:19:44.0991 5440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:19:44.0991 5440 sr - ok
22:19:45.0006 5440 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:19:45.0006 5440 srservice - ok
22:19:45.0069 5440 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:19:45.0069 5440 Srv - ok
22:19:45.0100 5440 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:19:45.0100 5440 SSDPSRV - ok
22:19:45.0178 5440 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
22:19:45.0194 5440 STHDA - ok
22:19:45.0241 5440 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:19:45.0256 5440 stisvc - ok
22:19:45.0350 5440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:19:45.0350 5440 swenum - ok
22:19:45.0413 5440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:19:45.0413 5440 swmidi - ok
22:19:45.0413 5440 SwPrv - ok
22:19:45.0491 5440 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:19:45.0491 5440 symc810 - ok
22:19:45.0569 5440 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:19:45.0569 5440 symc8xx - ok
22:19:45.0585 5440 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:19:45.0585 5440 sym_hi - ok
22:19:45.0585 5440 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:19:45.0600 5440 sym_u3 - ok
22:19:45.0631 5440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:19:45.0647 5440 sysaudio - ok
22:19:45.0678 5440 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:19:45.0678 5440 SysmonLog - ok
22:19:45.0725 5440 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:19:45.0741 5440 TapiSrv - ok
22:19:45.0803 5440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:19:45.0803 5440 Tcpip - ok
22:19:45.0835 5440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:19:45.0835 5440 TDPIPE - ok
22:19:45.0850 5440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:19:45.0850 5440 TDTCP - ok
22:19:45.0850 5440 tdx - ok
22:19:45.0881 5440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:19:45.0881 5440 TermDD - ok
22:19:45.0928 5440 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:19:45.0928 5440 TermService - ok
22:19:45.0991 5440 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:19:45.0991 5440 Themes - ok
22:19:46.0038 5440 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:19:46.0038 5440 TlntSvr - ok
22:19:46.0069 5440 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
22:19:46.0069 5440 tmactmon - ok
22:19:46.0131 5440 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
22:19:46.0131 5440 tmcomm - ok
22:19:46.0131 5440 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
22:19:46.0131 5440 tmevtmgr - ok
22:19:46.0210 5440 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
22:19:46.0210 5440 tmtdi - ok
22:19:46.0241 5440 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:19:46.0241 5440 TosIde - ok
22:19:46.0288 5440 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:19:46.0288 5440 TrkWks - ok
22:19:46.0381 5440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:19:46.0381 5440 Udfs - ok
22:19:46.0460 5440 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:19:46.0460 5440 ultra - ok
22:19:46.0538 5440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:19:46.0538 5440 Update - ok
22:19:46.0600 5440 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:19:46.0600 5440 upnphost - ok
22:19:46.0631 5440 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:19:46.0631 5440 UPS - ok
22:19:46.0678 5440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:19:46.0678 5440 usbccgp - ok
22:19:46.0694 5440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:19:46.0694 5440 usbehci - ok
22:19:46.0741 5440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:19:46.0741 5440 usbhub - ok
22:19:46.0788 5440 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:19:46.0788 5440 usbprint - ok
22:19:46.0803 5440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:19:46.0803 5440 usbscan - ok
22:19:46.0819 5440 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:19:46.0819 5440 USBSTOR - ok
22:19:46.0835 5440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:19:46.0835 5440 usbuhci - ok
22:19:46.0881 5440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:19:46.0881 5440 VgaSave - ok
22:19:46.0913 5440 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:19:46.0913 5440 viaagp - ok
22:19:46.0928 5440 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:19:46.0928 5440 ViaIde - ok
22:19:46.0960 5440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:19:46.0960 5440 VolSnap - ok
22:19:47.0006 5440 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:19:47.0006 5440 VSS - ok
22:19:47.0053 5440 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:19:47.0053 5440 w32time - ok
22:19:47.0100 5440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:19:47.0100 5440 Wanarp - ok
22:19:47.0100 5440 wanatw - ok
22:19:47.0116 5440 WDICA - ok
22:19:47.0116 5440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:19:47.0116 5440 wdmaud - ok
22:19:47.0163 5440 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:19:47.0178 5440 WebClient - ok
22:19:47.0241 5440 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:19:47.0241 5440 winachsf - ok
22:19:47.0319 5440 WinDefend - ok
22:19:47.0319 5440 WinHttpAutoProxySvc - ok
22:19:47.0522 5440 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:19:47.0522 5440 winmgmt - ok
22:19:47.0569 5440 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:19:47.0569 5440 WmdmPmSN - ok
22:19:47.0631 5440 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:19:47.0631 5440 Wmi - ok
22:19:47.0694 5440 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:19:47.0694 5440 WmiApSrv - ok
22:19:47.0803 5440 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:19:47.0819 5440 WMPNetworkSvc - ok
22:19:47.0881 5440 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
22:19:47.0881 5440 WpdUsb - ok
22:19:47.0897 5440 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:19:47.0897 5440 WS2IFSL - ok
22:19:47.0928 5440 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:19:47.0928 5440 wscsvc - ok
22:19:47.0928 5440 WSearch - ok
22:19:47.0944 5440 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:19:47.0944 5440 wuauserv - ok
22:19:47.0975 5440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:19:47.0975 5440 WudfPf - ok
22:19:47.0991 5440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:19:47.0991 5440 WudfRd - ok
22:19:48.0022 5440 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:19:48.0022 5440 WudfSvc - ok
22:19:48.0085 5440 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:19:48.0085 5440 WZCSVC - ok
22:19:48.0131 5440 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:19:48.0131 5440 xmlprov - ok
22:19:48.0147 5440 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
22:19:48.0444 5440 \Device\Harddisk0\DR0 - ok
22:19:48.0444 5440 Boot (0x1200) (b34ab18d1dbba97d4b861019f1ddf751) \Device\Harddisk0\DR0\Partition0
22:19:48.0460 5440 \Device\Harddisk0\DR0\Partition0 - ok
22:19:48.0460 5440 ============================================================
22:19:48.0460 5440 Scan finished
22:19:48.0460 5440 ============================================================
22:19:48.0460 6068 Detected object count: 0
22:19:48.0460 6068 Actual detected object count: 0


ASWMBR LOG
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 22:22:11
-----------------------------
22:22:11.927 OS Version: Windows 5.1.2600 Service Pack 3
22:22:11.927 Number of processors: 2 586 0xF06
22:22:11.927 ComputerName: RB UserName: WE
22:22:12.599 Initialize success
22:24:31.583 AVAST engine defs: 12061301
22:26:24.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:26:24.691 Disk 0 Vendor: WDC_WD32 21.0 Size: 305245MB BusType: 3
22:26:24.691 Disk 0 MBR read successfully
22:26:24.691 Disk 0 MBR scan
22:26:24.832 Disk 0 unknown MBR code
22:26:24.832 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
22:26:24.879 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300434 MB offset 112455
22:26:24.941 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 615401955
22:26:25.004 Disk 0 scanning sectors +625137345
22:26:25.098 Disk 0 scanning C:\WINDOWS\system32\drivers
22:26:59.035 Service scanning
22:27:31.082 Modules scanning
22:27:45.050 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
22:27:50.675 Disk 0 trace - called modules:
22:27:50.691 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:27:50.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f77778]
22:27:50.691 3 CLASSPNP.SYS[f7544fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x86a4c030]
22:27:51.129 AVAST engine scan C:\WINDOWS
22:28:37.066 AVAST engine scan C:\WINDOWS\system32
22:33:21.707 AVAST engine scan C:\WINDOWS\system32\drivers
22:33:50.425 AVAST engine scan C:\Documents and Settings\WE
22:42:48.660 AVAST engine scan C:\Documents and Settings\All Users
22:42:57.535 File: C:\Documents and Settings\All Users\Application Data\F4D55EFF00000B9A000003A8D151FC4E\F4D55EFF00000B9A000003A8D151FC4E.exe **INFECTED** Win32:MalOb-KK [Trj]
22:44:29.941 Scan finished successfully
22:52:43.754 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WE\Desktop\MBR.dat"
22:52:43.847 The log file has been saved successfully to "C:\Documents and Settings\WE\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 14 June 2012 - 02:58 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Documents and Settings\All Users\Application Data\F4D55EFF00000B9A000003A8D151FC4E\F4D55EFF00000B9A000003A8D151FC4E.exe 

FireFox::
FF - ProfilePath - c:\documents and settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/?a=1pcrjNOs89S
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1pcrjNOs89S&search=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 June 2012 - 06:30 AM

Here you go. Thanks!

ComboFix 12-06-14.01 - WE 06/14/2012 7:10.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.312 [GMT -4:00]
Running from: c:\documents and settings\WE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\WE\Desktop\CFScript.txt
AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
FILE ::
"c:\documents and settings\All Users\Application Data\F4D55EFF00000B9A000003A8D151FC4E\F4D55EFF00000B9A000003A8D151FC4E.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\F4D55EFF00000B9A000003A8D151FC4E\F4D55EFF00000B9A000003A8D151FC4E.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-14 to 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-13 06:03 . 2012-06-13 06:03 -------- d-----w- c:\windows\LastGood
2012-06-11 14:57 . 2012-06-11 14:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-10 22:17 . 2012-06-10 22:17 -------- d-----w- c:\documents and settings\WE\Local Settings\Application Data\{0B4BE3C4-B34A-11E1-8270-B8AC6F996F26}
2012-06-10 21:44 . 2009-12-03 20:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-10 21:44 . 2012-06-10 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-10 21:44 . 2009-12-03 20:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 11:49 . 2012-06-10 22:36 22032 ----a-w- c:\windows\DCEBoot.exe
2012-06-05 11:27 . 2012-06-05 11:27 -------- d-----w- c:\documents and settings\WE\Local Settings\Application Data\{6F185CE9-AF01-11E1-8270-B8AC6F996F26}
2012-06-05 11:27 . 2012-06-08 09:58 102400 ----a-w- c:\windows\RegBootClean.exe
2012-06-05 11:26 . 2012-06-14 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55EFF00000B9A000003A8D151FC4E
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2005-08-16 10:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-14 13:30 . 2012-05-14 12:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-14 13:30 . 2012-05-14 12:32 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14 . 2005-08-16 10:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2005-08-16 10:18 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-04 04:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-19 20:38 . 2011-05-10 01:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-04 98304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-9-22 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-4 24576]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 11:51 442455 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 20:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-01-04 13:56 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2011-07-06 23:30 313160 ----a-w- c:\documents and settings\WE\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [2/29/2012 2:38 PM 188272]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/29/2012 2:39 PM 64080]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/14/2012 8:32 AM 257696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 28286178
*NewlyCreated* - ASWMBR
*Deregistered* - 28286178
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 13:30]
.
2012-06-02 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
FF - ProfilePath - c:\documents and settings\WE\Application Data\Mozilla\Firefox\Profiles\dooawzly.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 07:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-06-14 07:26:56
ComboFix-quarantined-files.txt 2012-06-14 11:26
ComboFix2.txt 2012-06-13 21:46
.
Pre-Run: 295,347,163,136 bytes free
Post-Run: 295,536,717,824 bytes free
.
- - End Of File - - 67A935DDB6E345D918B8871CA8E8B84A

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:15 PM

Posted 14 June 2012 - 07:39 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 7.1.0
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 June 2012 - 08:42 AM

Thanks! I'll work on it now. I have to leave in an hour and will be away from this computer until Monday. I'll try to get it all done before I go...

#14 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 June 2012 - 09:58 AM

Thanks! Trendmicro kept shutting down MBAM so I disabled and it ran fine.

MBAM:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
WE :: RB [administrator]

Protection: Disabled

6/14/2012 10:46:41 AM
mbam-log-2012-06-14 (10-46-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212683
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:54 AM, on 6/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070104
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1313771123718
O16 - DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} (ECareAgent Class) - http://ecare4c.netopia.com/RA/ecare4/components/CobAgent_4.2.1.318.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

--
End of file - 9113 bytes

#15 mediamom

mediamom
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 14 June 2012 - 10:08 AM

I'll check back on Monday. Thanks Gringo!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users