Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_SIREFEF.DD; .QA; .RX; .EM Are plagueing me in need of bleeping expertise


  • This topic is locked This topic is locked
61 replies to this topic

#1 cowpoke75

cowpoke75

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 11 June 2012 - 11:07 PM

Hi all and thanks in advance to any who are willing to help me out,

this morning shortly after i began by morning net surfing, my trend micro security software notified me that it had detected and removed the following malware:

TROJ_SIREFEF.QA, TROJ_SIREFEF.DD, TROJ_SIREFEF.EM, and TROJ_SIREFEF.RX

fantastic, way to go trend micro except that the same message keeps popping up every couple of minutes, as though the virus reappears shortly after it is removed. so far i have only searched for solutions and ended up here. hopefully someone here has experience with this plague and the answer...

cowpoke

Edited by cowpoke75, 11 June 2012 - 11:10 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 13 June 2012 - 01:01 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 08:21 PM

Many thanks Gringo,

here are the contents from the security check log:

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Trend Micro Titanium Maximum Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#4 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 08:26 PM

Here is the result of the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Spence at 18:23:25 on 2012-06-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1932 [GMT -7:00]
.
AV: Trend Micro Titanium Maximum Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Maximum Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atashost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Spence\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Button Manager\BM.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Spence\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\Spence\Desktop\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [PCShowServer] "c:\users\spence\appdata\local\directv player\PCShowServerPMWrapper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\users\spence\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{2E7A827A-11ED-4070-BCE5-695D9E4B9EFA} : DhcpNameServer = 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-2-14 163328]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-4-26 188272]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-2-21 119608]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-4-26 64080]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2010-2-16 104960]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-2-14 9182208]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-2-14 264704]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2010-2-16 17920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2011-12-5 83472]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-4-10 21744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257224]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-3 136176]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2011-8-5 268512]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-11 18:02:13 22032 ----a-w- c:\windows\DCEBoot.exe
2012-06-11 16:46:49 102400 ----a-w- c:\windows\RegBootClean.exe
2012-06-09 04:58:12 -------- d-----w- c:\program files\common files\xing shared
2012-06-08 09:24:22 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a9666b8-409c-4a6b-a929-97aa0fd9cd7b}\mpengine.dll
2012-06-02 23:04:24 63080 ----a-r- c:\users\spence\appdata\roaming\microsoft\installer\{5f3783b7-f809-45a7-8a92-a44b441fda7c}\ARPPRODUCTICON.exe
2012-06-02 23:04:14 -------- d-----w- c:\users\spence\appdata\local\DIRECTV Player
2012-05-28 18:22:25 -------- d-----w- c:\users\spence\appdata\local\{CA3B91AD-000A-411D-BEF4-9CCEDB83E85D}
2012-05-28 18:21:31 -------- d-----w- c:\users\spence\appdata\local\{B61B6F4C-3477-4A58-A0CC-A4CFA9F9D586}
2012-05-26 20:47:33 -------- d-----w- c:\users\spence\appdata\local\{16FB9918-F9DE-48CA-970C-4BE7F53E7251}
2012-05-26 20:46:43 -------- d-----w- c:\users\spence\appdata\local\{3372E3FB-CE93-4041-A44C-557FB56E88EF}
2012-05-26 07:38:18 -------- d-----w- c:\users\spence\appdata\local\{997B1316-749C-451B-B017-0156531AAC0D}
2012-05-26 07:37:26 -------- d-----w- c:\users\spence\appdata\local\{2B44AE8B-61F2-44A1-8733-1D9E7BD4466B}
2012-05-26 02:49:28 -------- d-----w- c:\programdata\ZoomBrowser
2012-05-26 02:48:57 -------- d-----w- c:\programdata\Canon_Inc_IC
2012-05-26 02:48:56 -------- d-----w- c:\program files\Canon
2012-05-26 02:46:19 -------- d-----w- c:\program files\common files\Canon
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-17 15:07:07 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-11 16:49:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 16:49:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 04:56:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-09 04:56:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-04-19 03:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36:21 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 18:24:42.97 ===============

#5 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 08:27 PM

Here is the 2nd DDS log attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2009 9:34:20 PM
System Uptime: 6/13/2012 5:35:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz | Socket 775 | 2331/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 786.769 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.287 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Common File Installer
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft MediaImpression for Kodak
ArcSoft WebCam Companion 3
Bob the Builder Can Do Zoo
Canon Auto Update Service
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot SX40 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Connect
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
D3DX10
Data Lifeguard Diagnostic for Windows
Dell Resource CD
Dell Support Center
DIRECTV Player
DLCS Pre-K
FlipShare
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Guitar World Digital
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Button Manager
HP Webcam User's Guide
Java Auto Updater
Java™ 6 Update 29
LG USB Modem driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft Works 6-9 Converter
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Shutterfly Express Uploader
Sibelius Scorch (ActiveX Only)
Skype Toolbars
Skype™ 5.3
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Typing Instructor 30th Anniversary Edition
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebEx
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
6/13/2012 5:50:34 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/13/2012 5:36:25 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother MFC-490CW Printer with shared resource name Brother MFC-490CW Printer. Error 1753. The printer cannot be used by others on the network.
6/13/2012 5:36:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/13/2012 5:36:19 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/13/2012 5:36:19 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/11/2012 11:14:40 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:52 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx tmtdi Wanarpv6 ws2ifsl
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/11/2012 11:13:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2012 11:13:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
6/11/2012 11:13:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/11/2012 11:13:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/11/2012 11:13:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/11/2012 11:13:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/11/2012 11:13:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/11/2012 11:13:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/10/2012 7:48:41 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.116 for the Network Card with network address 0024E81F7468 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
6/10/2012 7:47:10 PM, Error: EventLog [6008] - The previous system shutdown at 3:40:30 PM on 6/10/2012 was unexpected.
.
==== End Of File ===========================

#6 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 08:35 PM

I have posted the requested logs...at this point I am still receiving the notices from my trend micro security program that it has removed sirefef.qa/dd/em every four minutes...as though trend micro catches the threats and stops them, but not whatever is generating them. Other than the notices my system seems to be running smoothly.

thanks

cowpoke

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 13 June 2012 - 08:36 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 09:16 PM

gringo...after reading your last post regarding disabling my virus protection i realize i did not disable it for the dds scan...oops. do i need to redo the dds scan or continue on with the combofix?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 13 June 2012 - 09:19 PM

Greetings


no that is fine - but from now on any active scan you run please turn off what you can


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 09:30 PM

double clicked combofix and it appeared to run (black box with green text) then finishes and i cannot find any log file...

cowpoke

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 13 June 2012 - 09:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 09:42 PM

so don't worry about combofix not generating a log?

#13 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 10:03 PM

here is the report from tds killer:

20:00:21.0852 4944 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:00:23.0219 4944 ============================================================
20:00:23.0219 4944 Current date / time: 2012/06/13 20:00:23.0219
20:00:23.0219 4944 SystemInfo:
20:00:23.0219 4944
20:00:23.0219 4944 OS Version: 6.0.6002 ServicePack: 2.0
20:00:23.0219 4944 Product type: Workstation
20:00:23.0219 4944 ComputerName: SPENCE-PC
20:00:23.0219 4944 UserName: Spence
20:00:23.0219 4944 Windows directory: C:\Windows
20:00:23.0219 4944 System windows directory: C:\Windows
20:00:23.0219 4944 Processor architecture: Intel x86
20:00:23.0219 4944 Number of processors: 4
20:00:23.0219 4944 Page size: 0x1000
20:00:23.0219 4944 Boot type: Normal boot
20:00:23.0219 4944 ============================================================
20:00:24.0157 4944 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:00:24.0243 4944 ============================================================
20:00:24.0243 4944 \Device\Harddisk0\DR0:
20:00:24.0243 4944 MBR partitions:
20:00:24.0243 4944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000
20:00:24.0243 4944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x728E2800
20:00:24.0243 4944 ============================================================
20:00:24.0274 4944 C: <-> \Device\Harddisk0\DR0\Partition1
20:00:24.0307 4944 D: <-> \Device\Harddisk0\DR0\Partition0
20:00:24.0307 4944 ============================================================
20:00:24.0307 4944 Initialize success
20:00:24.0307 4944 ============================================================
20:00:34.0063 3396 ============================================================
20:00:34.0063 3396 Scan started
20:00:34.0063 3396 Mode: Manual;
20:00:34.0063 3396 ============================================================
20:00:34.0630 3396 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:00:34.0632 3396 ACDaemon - ok
20:00:34.0718 3396 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:00:34.0721 3396 ACPI - ok
20:00:34.0760 3396 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
20:00:34.0762 3396 AdobeActiveFileMonitor6.0 - ok
20:00:34.0792 3396 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:00:34.0794 3396 AdobeARMservice - ok
20:00:34.0835 3396 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:34.0853 3396 AdobeFlashPlayerUpdateSvc - ok
20:00:34.0914 3396 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:00:34.0917 3396 adp94xx - ok
20:00:34.0937 3396 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:00:34.0940 3396 adpahci - ok
20:00:34.0949 3396 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:00:34.0951 3396 adpu160m - ok
20:00:34.0960 3396 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:00:34.0962 3396 adpu320 - ok
20:00:34.0986 3396 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:00:34.0988 3396 AeLookupSvc - ok
20:00:35.0045 3396 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
20:00:35.0046 3396 Afc - ok
20:00:35.0091 3396 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:00:35.0093 3396 AFD - ok
20:00:35.0112 3396 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:00:35.0113 3396 agp440 - ok
20:00:35.0136 3396 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:00:35.0137 3396 aic78xx - ok
20:00:35.0151 3396 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:00:35.0153 3396 ALG - ok
20:00:35.0163 3396 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:00:35.0164 3396 aliide - ok
20:00:35.0194 3396 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
20:00:35.0196 3396 AMD External Events Utility - ok
20:00:35.0209 3396 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:00:35.0211 3396 amdagp - ok
20:00:35.0215 3396 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:00:35.0217 3396 amdide - ok
20:00:35.0230 3396 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:00:35.0231 3396 AmdK7 - ok
20:00:35.0242 3396 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:00:35.0244 3396 AmdK8 - ok
20:00:35.0487 3396 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:35.0538 3396 amdkmdag - ok
20:00:35.0639 3396 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
20:00:35.0642 3396 amdkmdap - ok
20:00:35.0743 3396 Amsp (7b6425745b2ad8354fe8ad2dce30a9e7) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:00:35.0745 3396 Amsp - ok
20:00:35.0751 3396 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:00:35.0753 3396 Appinfo - ok
20:00:35.0771 3396 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:00:35.0772 3396 arc - ok
20:00:35.0784 3396 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:00:35.0785 3396 arcsas - ok
20:00:35.0805 3396 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:00:35.0806 3396 ArcSoftKsUFilter - ok
20:00:35.0838 3396 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:35.0839 3396 AsyncMac - ok
20:00:35.0852 3396 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:00:35.0854 3396 atapi - ok
20:00:35.0880 3396 atashost (e612bf8f5e3466239c0e595dd70b5b9d) C:\Windows\system32\atashost.exe
20:00:35.0881 3396 atashost - ok
20:00:35.0905 3396 AtiHDAudioService (9f7ccf1d6faf646f71f029a30ded2dc7) C:\Windows\system32\drivers\AtihdLH3.sys
20:00:35.0907 3396 AtiHDAudioService - ok
20:00:36.0141 3396 atikmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:36.0191 3396 atikmdag - ok
20:00:36.0268 3396 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:00:36.0271 3396 AudioEndpointBuilder - ok
20:00:36.0275 3396 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:00:36.0278 3396 Audiosrv - ok
20:00:36.0299 3396 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:00:36.0300 3396 Beep - ok
20:00:36.0329 3396 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:00:36.0332 3396 BFE - ok
20:00:36.0366 3396 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:00:36.0373 3396 BITS - ok
20:00:36.0388 3396 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:00:36.0389 3396 blbdrive - ok
20:00:36.0405 3396 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:00:36.0406 3396 bowser - ok
20:00:36.0420 3396 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:00:36.0421 3396 BrFiltLo - ok
20:00:36.0434 3396 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:00:36.0435 3396 BrFiltUp - ok
20:00:36.0451 3396 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
20:00:36.0453 3396 BridgeMP - ok
20:00:36.0501 3396 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:00:36.0503 3396 Browser - ok
20:00:36.0516 3396 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:00:36.0517 3396 Brserid - ok
20:00:36.0540 3396 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
20:00:36.0542 3396 BrSerIf - ok
20:00:36.0552 3396 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:00:36.0554 3396 BrSerWdm - ok
20:00:36.0558 3396 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:00:36.0559 3396 BrUsbMdm - ok
20:00:36.0573 3396 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
20:00:36.0574 3396 BrUsbSer - ok
20:00:36.0588 3396 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:00:36.0590 3396 BTHMODEM - ok
20:00:36.0617 3396 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
20:00:36.0641 3396 BVRPMPR5 - ok
20:00:36.0745 3396 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:00:36.0746 3396 cdfs - ok
20:00:36.0763 3396 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:00:36.0764 3396 cdrom - ok
20:00:36.0772 3396 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:00:36.0774 3396 CertPropSvc - ok
20:00:36.0784 3396 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:00:36.0785 3396 circlass - ok
20:00:36.0797 3396 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:00:36.0800 3396 CLFS - ok
20:00:36.0885 3396 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:36.0887 3396 clr_optimization_v2.0.50727_32 - ok
20:00:36.0964 3396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:36.0966 3396 clr_optimization_v4.0.30319_32 - ok
20:00:36.0975 3396 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:00:36.0977 3396 cmdide - ok
20:00:36.0982 3396 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
20:00:36.0984 3396 Compbatt - ok
20:00:36.0987 3396 COMSysApp - ok
20:00:36.0998 3396 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:00:36.0999 3396 crcdisk - ok
20:00:37.0014 3396 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:00:37.0015 3396 Crusoe - ok
20:00:37.0033 3396 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:00:37.0035 3396 CryptSvc - ok
20:00:37.0057 3396 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:00:37.0063 3396 DcomLaunch - ok
20:00:37.0075 3396 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:00:37.0077 3396 DfsC - ok
20:00:37.0142 3396 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:00:37.0155 3396 DFSR - ok
20:00:37.0230 3396 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:00:37.0233 3396 Dhcp - ok
20:00:37.0255 3396 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:00:37.0256 3396 disk - ok
20:00:37.0272 3396 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:00:37.0273 3396 Dnscache - ok
20:00:37.0291 3396 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:00:37.0293 3396 dot3svc - ok
20:00:37.0327 3396 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:00:37.0329 3396 DPS - ok
20:00:37.0393 3396 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:00:37.0394 3396 drmkaud - ok
20:00:37.0432 3396 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:00:37.0437 3396 DXGKrnl - ok
20:00:37.0485 3396 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:00:37.0487 3396 E1G60 - ok
20:00:37.0510 3396 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:00:37.0512 3396 EapHost - ok
20:00:37.0539 3396 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:00:37.0541 3396 Ecache - ok
20:00:37.0606 3396 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:00:37.0609 3396 ehRecvr - ok
20:00:37.0616 3396 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:00:37.0618 3396 ehSched - ok
20:00:37.0622 3396 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:00:37.0623 3396 ehstart - ok
20:00:37.0651 3396 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:00:37.0654 3396 elxstor - ok
20:00:37.0680 3396 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:00:37.0684 3396 EMDMgmt - ok
20:00:37.0695 3396 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:00:37.0696 3396 ErrDev - ok
20:00:37.0718 3396 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:00:37.0721 3396 EventSystem - ok
20:00:37.0738 3396 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:00:37.0740 3396 exfat - ok
20:00:37.0758 3396 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:00:37.0760 3396 fastfat - ok
20:00:37.0770 3396 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:00:37.0771 3396 fdc - ok
20:00:37.0775 3396 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:00:37.0777 3396 fdPHost - ok
20:00:37.0786 3396 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:00:37.0788 3396 FDResPub - ok
20:00:37.0793 3396 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:00:37.0795 3396 FileInfo - ok
20:00:37.0799 3396 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:00:37.0801 3396 Filetrace - ok
20:00:37.0889 3396 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:00:37.0918 3396 FLEXnet Licensing Service - ok
20:00:37.0963 3396 FlipShare Service (7a7f1d1c598c5c8b21ceaaab892b9fb8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
20:00:37.0966 3396 FlipShare Service - ok
20:00:37.0971 3396 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:37.0972 3396 flpydisk - ok
20:00:37.0984 3396 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:00:37.0986 3396 FltMgr - ok
20:00:38.0048 3396 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:00:38.0054 3396 FontCache - ok
20:00:38.0119 3396 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:00:38.0121 3396 FontCache3.0.0.0 - ok
20:00:38.0177 3396 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
20:00:38.0178 3396 fssfltr - ok
20:00:38.0260 3396 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:00:38.0270 3396 fsssvc - ok
20:00:38.0357 3396 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:00:38.0358 3396 Fs_Rec - ok
20:00:38.0403 3396 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:00:38.0405 3396 gagp30kx - ok
20:00:38.0433 3396 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
20:00:38.0434 3396 GoToAssist - ok
20:00:38.0465 3396 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:00:38.0470 3396 gpsvc - ok
20:00:38.0509 3396 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:38.0511 3396 gupdate - ok
20:00:38.0515 3396 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:38.0517 3396 gupdatem - ok
20:00:38.0554 3396 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:00:38.0556 3396 gusvc - ok
20:00:38.0579 3396 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:00:38.0581 3396 HdAudAddService - ok
20:00:38.0604 3396 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:38.0607 3396 HDAudBus - ok
20:00:38.0617 3396 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:00:38.0618 3396 HidBth - ok
20:00:38.0624 3396 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:00:38.0626 3396 HidIr - ok
20:00:38.0638 3396 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:00:38.0640 3396 hidserv - ok
20:00:38.0644 3396 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:00:38.0645 3396 HidUsb - ok
20:00:38.0685 3396 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:00:38.0687 3396 hkmsvc - ok
20:00:38.0706 3396 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:00:38.0707 3396 HpCISSs - ok
20:00:38.0748 3396 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:00:38.0754 3396 HSF_DPV - ok
20:00:38.0787 3396 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
20:00:38.0789 3396 HSXHWBS2 - ok
20:00:38.0817 3396 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:00:38.0820 3396 HTTP - ok
20:00:38.0824 3396 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:00:38.0825 3396 i2omp - ok
20:00:38.0851 3396 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:38.0852 3396 i8042prt - ok
20:00:38.0871 3396 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:00:38.0873 3396 iaStorV - ok
20:00:38.0953 3396 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:00:38.0959 3396 idsvc - ok
20:00:38.0973 3396 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:00:38.0974 3396 iirsp - ok
20:00:38.0995 3396 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:00:38.0999 3396 IKEEXT - ok
20:00:39.0026 3396 IntcAzAudAddService - ok
20:00:39.0034 3396 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:00:39.0036 3396 intelide - ok
20:00:39.0048 3396 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:00:39.0049 3396 intelppm - ok
20:00:39.0092 3396 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:00:39.0094 3396 IPBusEnum - ok
20:00:39.0106 3396 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:39.0108 3396 IpFilterDriver - ok
20:00:39.0141 3396 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:00:39.0143 3396 iphlpsvc - ok
20:00:39.0146 3396 IpInIp - ok
20:00:39.0158 3396 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:00:39.0160 3396 IPMIDRV - ok
20:00:39.0168 3396 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:00:39.0170 3396 IPNAT - ok
20:00:39.0182 3396 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:00:39.0183 3396 IRENUM - ok
20:00:39.0196 3396 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:00:39.0198 3396 isapnp - ok
20:00:39.0221 3396 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:39.0223 3396 iScsiPrt - ok
20:00:39.0235 3396 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:00:39.0236 3396 iteatapi - ok
20:00:39.0242 3396 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:00:39.0244 3396 iteraid - ok
20:00:39.0257 3396 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:39.0258 3396 kbdclass - ok
20:00:39.0272 3396 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:39.0273 3396 kbdhid - ok
20:00:39.0298 3396 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:00:39.0300 3396 KeyIso - ok
20:00:39.0331 3396 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:00:39.0335 3396 KSecDD - ok
20:00:39.0383 3396 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:00:39.0387 3396 KtmRm - ok
20:00:39.0445 3396 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:00:39.0448 3396 LanmanServer - ok
20:00:39.0463 3396 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:00:39.0467 3396 LanmanWorkstation - ok
20:00:39.0489 3396 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:00:39.0490 3396 lltdio - ok
20:00:39.0507 3396 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:00:39.0510 3396 lltdsvc - ok
20:00:39.0525 3396 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:00:39.0527 3396 lmhosts - ok
20:00:39.0541 3396 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:00:39.0542 3396 LSI_FC - ok
20:00:39.0551 3396 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:00:39.0553 3396 LSI_SAS - ok
20:00:39.0565 3396 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:00:39.0567 3396 LSI_SCSI - ok
20:00:39.0582 3396 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:00:39.0584 3396 luafv - ok
20:00:39.0595 3396 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:00:39.0597 3396 Mcx2Svc - ok
20:00:39.0607 3396 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:00:39.0608 3396 mdmxsdk - ok
20:00:39.0625 3396 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:00:39.0626 3396 megasas - ok
20:00:39.0698 3396 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:00:39.0701 3396 MegaSR - ok
20:00:39.0805 3396 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:00:39.0807 3396 Microsoft Office Groove Audit Service - ok
20:00:39.0828 3396 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:00:39.0830 3396 MMCSS - ok
20:00:39.0838 3396 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:00:39.0839 3396 Modem - ok
20:00:39.0876 3396 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:00:39.0878 3396 monitor - ok
20:00:39.0884 3396 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:00:39.0885 3396 mouclass - ok
20:00:39.0898 3396 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:00:39.0899 3396 mouhid - ok
20:00:39.0905 3396 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:00:39.0907 3396 MountMgr - ok
20:00:39.0923 3396 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:00:39.0925 3396 mpio - ok
20:00:39.0933 3396 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:00:39.0934 3396 mpsdrv - ok
20:00:39.0945 3396 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:00:39.0947 3396 Mraid35x - ok
20:00:39.0957 3396 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:00:39.0958 3396 MRxDAV - ok
20:00:39.0980 3396 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:39.0981 3396 mrxsmb - ok
20:00:40.0001 3396 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:40.0003 3396 mrxsmb10 - ok
20:00:40.0009 3396 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:40.0011 3396 mrxsmb20 - ok
20:00:40.0018 3396 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:00:40.0019 3396 msahci - ok
20:00:40.0027 3396 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:00:40.0028 3396 msdsm - ok
20:00:40.0046 3396 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:00:40.0049 3396 MSDTC - ok
20:00:40.0065 3396 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:00:40.0067 3396 Msfs - ok
20:00:40.0079 3396 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:00:40.0080 3396 msisadrv - ok
20:00:40.0134 3396 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:00:40.0136 3396 MSiSCSI - ok
20:00:40.0139 3396 msiserver - ok
20:00:40.0161 3396 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:00:40.0162 3396 MSKSSRV - ok
20:00:40.0183 3396 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:40.0184 3396 MSPCLOCK - ok
20:00:40.0188 3396 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:00:40.0189 3396 MSPQM - ok
20:00:40.0221 3396 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:00:40.0223 3396 MsRPC - ok
20:00:40.0235 3396 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:40.0236 3396 mssmbios - ok
20:00:40.0246 3396 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:00:40.0247 3396 MSTEE - ok
20:00:40.0259 3396 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:00:40.0260 3396 Mup - ok
20:00:40.0281 3396 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:00:40.0285 3396 napagent - ok
20:00:40.0311 3396 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:00:40.0312 3396 NativeWifiP - ok
20:00:40.0332 3396 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:00:40.0336 3396 NDIS - ok
20:00:40.0347 3396 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:00:40.0348 3396 NdisTapi - ok
20:00:40.0354 3396 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:00:40.0355 3396 Ndisuio - ok
20:00:40.0376 3396 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:00:40.0378 3396 NdisWan - ok
20:00:40.0390 3396 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:00:40.0391 3396 NDProxy - ok
20:00:40.0396 3396 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:00:40.0397 3396 NetBIOS - ok
20:00:40.0418 3396 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:00:40.0420 3396 netbt - ok
20:00:40.0447 3396 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:00:40.0449 3396 Netlogon - ok
20:00:40.0493 3396 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:00:40.0497 3396 Netman - ok
20:00:40.0510 3396 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:00:40.0513 3396 netprofm - ok
20:00:40.0560 3396 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:00:40.0562 3396 NetTcpPortSharing - ok
20:00:40.0580 3396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:00:40.0582 3396 nfrd960 - ok
20:00:40.0598 3396 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:00:40.0601 3396 NlaSvc - ok
20:00:40.0608 3396 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:00:40.0609 3396 Npfs - ok
20:00:40.0616 3396 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:00:40.0618 3396 nsi - ok
20:00:40.0622 3396 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:00:40.0623 3396 nsiproxy - ok
20:00:40.0661 3396 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:00:40.0668 3396 Ntfs - ok
20:00:40.0691 3396 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:00:40.0693 3396 ntrigdigi - ok
20:00:40.0696 3396 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:00:40.0698 3396 Null - ok
20:00:40.0706 3396 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:00:40.0708 3396 nvraid - ok
20:00:40.0718 3396 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:00:40.0720 3396 nvstor - ok
20:00:40.0730 3396 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:00:40.0732 3396 nv_agp - ok
20:00:40.0735 3396 NwlnkFlt - ok
20:00:40.0740 3396 NwlnkFwd - ok
20:00:40.0822 3396 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:00:40.0826 3396 odserv - ok
20:00:40.0858 3396 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:00:40.0859 3396 ohci1394 - ok
20:00:40.0907 3396 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:00:40.0908 3396 ose - ok
20:00:40.0950 3396 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:00:40.0956 3396 p2pimsvc - ok
20:00:40.0963 3396 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:00:40.0968 3396 p2psvc - ok
20:00:40.0998 3396 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:00:41.0000 3396 Parport - ok
20:00:41.0014 3396 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:00:41.0016 3396 partmgr - ok
20:00:41.0024 3396 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:00:41.0025 3396 Parvdm - ok
20:00:41.0070 3396 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:00:41.0072 3396 PcaSvc - ok
20:00:41.0131 3396 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
20:00:41.0133 3396 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
20:00:41.0161 3396 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:00:41.0163 3396 pci - ok
20:00:41.0167 3396 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:00:41.0168 3396 pciide - ok
20:00:41.0182 3396 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:00:41.0184 3396 pcmcia - ok
20:00:41.0220 3396 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:00:41.0226 3396 PEAUTH - ok
20:00:41.0305 3396 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:00:41.0316 3396 pla - ok
20:00:41.0432 3396 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:00:41.0436 3396 PlugPlay - ok
20:00:41.0468 3396 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:00:41.0474 3396 PNRPAutoReg - ok
20:00:41.0481 3396 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:00:41.0486 3396 PNRPsvc - ok
20:00:41.0540 3396 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:00:41.0543 3396 PolicyAgent - ok
20:00:41.0563 3396 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:00:41.0565 3396 PptpMiniport - ok
20:00:41.0577 3396 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:00:41.0579 3396 Processor - ok
20:00:41.0604 3396 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:00:41.0607 3396 ProfSvc - ok
20:00:41.0629 3396 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:00:41.0631 3396 ProtectedStorage - ok
20:00:41.0649 3396 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:00:41.0650 3396 PSched - ok
20:00:41.0664 3396 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:00:41.0666 3396 PxHelp20 - ok
20:00:41.0704 3396 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:00:41.0711 3396 ql2300 - ok
20:00:41.0724 3396 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:00:41.0726 3396 ql40xx - ok
20:00:41.0739 3396 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:00:41.0742 3396 QWAVE - ok
20:00:41.0768 3396 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:00:41.0770 3396 QWAVEdrv - ok
20:00:41.0773 3396 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:00:41.0774 3396 RasAcd - ok
20:00:41.0813 3396 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:00:41.0816 3396 RasAuto - ok
20:00:41.0825 3396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:00:41.0826 3396 Rasl2tp - ok
20:00:41.0841 3396 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:00:41.0845 3396 RasMan - ok
20:00:41.0860 3396 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:00:41.0862 3396 RasPppoe - ok
20:00:41.0868 3396 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:00:41.0870 3396 RasSstp - ok
20:00:41.0887 3396 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:00:41.0890 3396 rdbss - ok
20:00:41.0893 3396 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:00:41.0894 3396 RDPCDD - ok
20:00:41.0916 3396 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:00:41.0919 3396 rdpdr - ok
20:00:41.0922 3396 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:00:41.0924 3396 RDPENCDD - ok
20:00:41.0952 3396 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:00:41.0954 3396 RDPWD - ok
20:00:41.0996 3396 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:00:41.0998 3396 RemoteAccess - ok
20:00:42.0019 3396 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:00:42.0021 3396 RemoteRegistry - ok
20:00:42.0033 3396 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:00:42.0035 3396 RpcLocator - ok
20:00:42.0059 3396 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:00:42.0065 3396 RpcSs - ok
20:00:42.0078 3396 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:00:42.0079 3396 rspndr - ok
20:00:42.0109 3396 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:00:42.0111 3396 RTL8169 - ok
20:00:42.0123 3396 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:00:42.0126 3396 SamSs - ok
20:00:42.0157 3396 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:00:42.0158 3396 sbp2port - ok
20:00:42.0173 3396 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:00:42.0176 3396 SCardSvr - ok
20:00:42.0239 3396 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:00:42.0245 3396 Schedule - ok
20:00:42.0256 3396 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:00:42.0257 3396 SCPolicySvc - ok
20:00:42.0283 3396 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:00:42.0286 3396 SDRSVC - ok
20:00:42.0422 3396 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:00:42.0424 3396 SeaPort - ok
20:00:42.0437 3396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:00:42.0439 3396 secdrv - ok
20:00:42.0452 3396 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:00:42.0454 3396 seclogon - ok
20:00:42.0465 3396 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:00:42.0468 3396 SENS - ok
20:00:42.0472 3396 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:00:42.0474 3396 Serenum - ok
20:00:42.0490 3396 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:00:42.0491 3396 Serial - ok
20:00:42.0505 3396 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:00:42.0506 3396 sermouse - ok
20:00:42.0521 3396 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:00:42.0524 3396 SessionEnv - ok
20:00:42.0528 3396 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:00:42.0529 3396 sffdisk - ok
20:00:42.0537 3396 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:00:42.0538 3396 sffp_mmc - ok
20:00:42.0546 3396 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:00:42.0547 3396 sffp_sd - ok
20:00:42.0551 3396 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:00:42.0553 3396 sfloppy - ok
20:00:42.0576 3396 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:00:42.0580 3396 ShellHWDetection - ok
20:00:42.0589 3396 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:00:42.0590 3396 sisagp - ok
20:00:42.0605 3396 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:00:42.0606 3396 SiSRaid2 - ok
20:00:42.0620 3396 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:00:42.0622 3396 SiSRaid4 - ok
20:00:42.0716 3396 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:00:42.0736 3396 slsvc - ok
20:00:42.0820 3396 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:00:42.0823 3396 SLUINotify - ok
20:00:42.0852 3396 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:00:42.0853 3396 Smb - ok
20:00:42.0862 3396 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:00:42.0864 3396 SNMPTRAP - ok
20:00:42.0868 3396 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:00:42.0869 3396 spldr - ok
20:00:42.0920 3396 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:00:42.0923 3396 Spooler - ok
20:00:42.0951 3396 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:00:42.0953 3396 srv - ok
20:00:42.0968 3396 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:00:42.0970 3396 srv2 - ok
20:00:42.0982 3396 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:00:42.0984 3396 srvnet - ok
20:00:42.0997 3396 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:00:43.0000 3396 SSDPSRV - ok
20:00:43.0020 3396 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:00:43.0023 3396 SstpSvc - ok
20:00:43.0063 3396 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:00:43.0068 3396 stisvc - ok
20:00:43.0132 3396 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:00:43.0149 3396 stllssvr - ok
20:00:43.0153 3396 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:00:43.0154 3396 swenum - ok
20:00:43.0177 3396 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:00:43.0181 3396 swprv - ok
20:00:43.0193 3396 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:00:43.0195 3396 Symc8xx - ok
20:00:43.0206 3396 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:00:43.0207 3396 Sym_hi - ok
20:00:43.0216 3396 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:00:43.0218 3396 Sym_u3 - ok
20:00:43.0248 3396 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:00:43.0254 3396 SysMain - ok
20:00:43.0266 3396 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:00:43.0269 3396 TabletInputService - ok
20:00:43.0283 3396 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:00:43.0287 3396 TapiSrv - ok
20:00:43.0300 3396 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:00:43.0303 3396 TBS - ok
20:00:43.0343 3396 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:00:43.0350 3396 Tcpip - ok
20:00:43.0360 3396 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:00:43.0367 3396 Tcpip6 - ok
20:00:43.0385 3396 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:00:43.0387 3396 tcpipreg - ok
20:00:43.0397 3396 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:00:43.0398 3396 TDPIPE - ok
20:00:43.0409 3396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:00:43.0410 3396 TDTCP - ok
20:00:43.0433 3396 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:00:43.0435 3396 tdx - ok
20:00:43.0453 3396 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:00:43.0455 3396 TermDD - ok
20:00:43.0475 3396 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:00:43.0481 3396 TermService - ok
20:00:43.0508 3396 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:00:43.0512 3396 Themes - ok
20:00:43.0557 3396 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:00:43.0559 3396 THREADORDER - ok
20:00:43.0591 3396 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\Windows\system32\DRIVERS\tmactmon.sys
20:00:43.0593 3396 tmactmon - ok
20:00:43.0614 3396 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\Windows\system32\DRIVERS\tmcomm.sys
20:00:43.0616 3396 tmcomm - ok
20:00:43.0629 3396 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\Windows\system32\DRIVERS\tmevtmgr.sys
20:00:43.0631 3396 tmevtmgr - ok
20:00:43.0646 3396 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\Windows\system32\DRIVERS\tmtdi.sys
20:00:43.0647 3396 tmtdi - ok
20:00:43.0700 3396 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:00:43.0703 3396 TrkWks - ok
20:00:43.0749 3396 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:00:43.0750 3396 TrustedInstaller - ok
20:00:43.0768 3396 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:00:43.0770 3396 tssecsrv - ok
20:00:43.0784 3396 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:00:43.0786 3396 tunmp - ok
20:00:43.0805 3396 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:00:43.0806 3396 tunnel - ok
20:00:43.0826 3396 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:00:43.0828 3396 uagp35 - ok
20:00:43.0879 3396 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
20:00:43.0881 3396 uCamMonitor - ok
20:00:43.0896 3396 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:00:43.0898 3396 udfs - ok
20:00:43.0913 3396 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:00:43.0915 3396 UI0Detect - ok
20:00:43.0935 3396 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:00:43.0937 3396 uliagpkx - ok
20:00:43.0956 3396 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:00:43.0958 3396 uliahci - ok
20:00:43.0982 3396 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:00:43.0983 3396 UlSata - ok
20:00:44.0001 3396 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:00:44.0002 3396 ulsata2 - ok
20:00:44.0021 3396 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:00:44.0023 3396 umbus - ok
20:00:44.0038 3396 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
20:00:44.0039 3396 UMPass - ok
20:00:44.0056 3396 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:00:44.0060 3396 upnphost - ok
20:00:44.0089 3396 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:00:44.0090 3396 usbaudio - ok
20:00:44.0129 3396 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
20:00:44.0130 3396 usbbus - ok
20:00:44.0190 3396 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:00:44.0192 3396 usbccgp - ok
20:00:44.0213 3396 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:00:44.0215 3396 usbcir - ok
20:00:44.0228 3396 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
20:00:44.0230 3396 UsbDiag - ok
20:00:44.0235 3396 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:00:44.0237 3396 usbehci - ok
20:00:44.0665 3396 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:00:44.0667 3396 usbhub - ok
20:00:44.0671 3396 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
20:00:44.0672 3396 USBModem - ok
20:00:44.0683 3396 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:00:44.0685 3396 usbohci - ok
20:00:44.0695 3396 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:00:44.0697 3396 usbprint - ok
20:00:44.0715 3396 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:00:44.0717 3396 usbscan - ok
20:00:44.0729 3396 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:00:44.0731 3396 USBSTOR - ok
20:00:44.0739 3396 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:00:44.0741 3396 usbuhci - ok
20:00:44.0762 3396 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:00:44.0764 3396 usbvideo - ok
20:00:44.0782 3396 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:00:44.0785 3396 UxSms - ok
20:00:44.0812 3396 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:00:44.0817 3396 vds - ok
20:00:44.0839 3396 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:00:44.0840 3396 vga - ok
20:00:44.0855 3396 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:00:44.0857 3396 VgaSave - ok
20:00:44.0883 3396 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:00:44.0884 3396 viaagp - ok
20:00:44.0906 3396 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:00:44.0907 3396 ViaC7 - ok
20:00:44.0924 3396 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:00:44.0925 3396 viaide - ok
20:00:44.0941 3396 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:00:44.0943 3396 volmgr - ok
20:00:44.0957 3396 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:00:44.0960 3396 volmgrx - ok
20:00:44.0969 3396 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:00:44.0971 3396 volsnap - ok
20:00:44.0999 3396 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:00:45.0001 3396 vsmraid - ok
20:00:45.0048 3396 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:00:45.0057 3396 VSS - ok
20:00:45.0109 3396 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:00:45.0111 3396 VSTHWBS2 - ok
20:00:45.0156 3396 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:00:45.0163 3396 VST_DPV - ok
20:00:45.0178 3396 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:00:45.0182 3396 W32Time - ok
20:00:45.0225 3396 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:00:45.0226 3396 WacomPen - ok
20:00:45.0242 3396 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:00:45.0243 3396 Wanarp - ok
20:00:45.0247 3396 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:00:45.0249 3396 Wanarpv6 - ok
20:00:45.0267 3396 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:00:45.0272 3396 wcncsvc - ok
20:00:45.0314 3396 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:00:45.0317 3396 WcsPlugInService - ok
20:00:45.0328 3396 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:00:45.0330 3396 Wd - ok
20:00:45.0366 3396 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:00:45.0369 3396 Wdf01000 - ok
20:00:45.0391 3396 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:00:45.0394 3396 WdiServiceHost - ok
20:00:45.0397 3396 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:00:45.0400 3396 WdiSystemHost - ok
20:00:45.0427 3396 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:00:45.0430 3396 WebClient - ok
20:00:45.0455 3396 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:00:45.0458 3396 Wecsvc - ok
20:00:45.0469 3396 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:00:45.0472 3396 wercplsupport - ok
20:00:45.0485 3396 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:00:45.0488 3396 WerSvc - ok
20:00:45.0525 3396 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:00:45.0530 3396 winachsf - ok
20:00:45.0634 3396 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:00:45.0636 3396 WinDefend - ok
20:00:45.0642 3396 WinHttpAutoProxySvc - ok
20:00:45.0685 3396 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:00:45.0687 3396 Winmgmt - ok
20:00:45.0732 3396 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:00:45.0742 3396 WinRM - ok
20:00:45.0834 3396 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
20:00:45.0835 3396 WinUSB - ok
20:00:45.0872 3396 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:00:45.0877 3396 Wlansvc - ok
20:00:45.0945 3396 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:00:45.0956 3396 wlidsvc - ok
20:00:46.0049 3396 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:00:46.0050 3396 WmiAcpi - ok
20:00:46.0082 3396 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:00:46.0084 3396 wmiApSrv - ok
20:00:46.0149 3396 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:00:46.0155 3396 WMPNetworkSvc - ok
20:00:46.0218 3396 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe
20:00:46.0221 3396 WMZuneComm - ok
20:00:46.0266 3396 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:00:46.0269 3396 WPCSvc - ok
20:00:46.0292 3396 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:00:46.0295 3396 WPDBusEnum - ok
20:00:46.0340 3396 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:00:46.0341 3396 WpdUsb - ok
20:00:46.0437 3396 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:00:46.0443 3396 WPFFontCache_v0400 - ok
20:00:46.0455 3396 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:00:46.0457 3396 ws2ifsl - ok
20:00:46.0469 3396 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:00:46.0472 3396 wscsvc - ok
20:00:46.0475 3396 WSearch - ok
20:00:46.0551 3396 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:00:46.0566 3396 wuauserv - ok
20:00:46.0611 3396 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:00:46.0613 3396 WudfPf - ok
20:00:46.0623 3396 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:00:46.0625 3396 WUDFRd - ok
20:00:46.0635 3396 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
20:00:46.0638 3396 wudfsvc - ok
20:00:46.0652 3396 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:00:46.0653 3396 XAudio - ok
20:00:46.0671 3396 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
20:00:46.0675 3396 XAudioService - ok
20:00:46.0913 3396 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe
20:00:46.0948 3396 ZuneNetworkSvc - ok
20:00:46.0991 3396 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:00:46.0995 3396 ZuneWlanCfgSvc - ok
20:00:47.0008 3396 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:00:47.0143 3396 \Device\Harddisk0\DR0 - ok
20:00:47.0153 3396 Boot (0x1200) (2aa832f1a7504d62c86ef8f64235b0d5) \Device\Harddisk0\DR0\Partition0
20:00:47.0155 3396 \Device\Harddisk0\DR0\Partition0 - ok
20:00:47.0158 3396 Boot (0x1200) (3fb94db627a20d2ecc525b42c269f3f2) \Device\Harddisk0\DR0\Partition1
20:00:47.0159 3396 \Device\Harddisk0\DR0\Partition1 - ok
20:00:47.0160 3396 ============================================================
20:00:47.0160 3396 Scan finished
20:00:47.0160 3396 ============================================================
20:00:47.0170 2728 Detected object count: 0
20:00:47.0170 2728 Actual detected object count: 0

#14 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 10:17 PM

here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 20:05:11
-----------------------------
20:05:11.986 OS Version: Windows 6.0.6002 Service Pack 2
20:05:11.986 Number of processors: 4 586 0x1707
20:05:11.988 ComputerName: SPENCE-PC UserName: Spence
20:05:38.108 Initialize success
20:06:09.919 AVAST engine download error: 0
20:10:41.912 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:10:41.914 Disk 0 Vendor: ST31000528AS CC44 Size: 953869MB BusType: 3
20:10:41.929 Disk 0 MBR read successfully
20:10:41.932 Disk 0 MBR scan
20:10:41.935 Disk 0 Windows VISTA default MBR code
20:10:41.938 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
20:10:41.950 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408
20:10:41.959 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 938437 MB offset 31602688
20:10:41.965 Disk 0 scanning sectors +1953521664
20:10:42.035 Disk 0 scanning C:\Windows\system32\drivers
20:10:47.817 Service scanning
20:10:57.424 Modules scanning
20:11:03.922 Disk 0 trace - called modules:
20:11:03.938 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:11:03.944 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85833ac8]
20:11:03.950 3 CLASSPNP.SYS[8afa58b3] -> nt!IofCallDriver -> [0x85568898]
20:11:03.956 5 acpi.sys[806896bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8556cb98]
20:11:03.962 Scan finished successfully
20:11:18.977 Disk 0 MBR has been saved successfully to "C:\Users\Spence\Desktop\MBR.dat"
20:11:18.983 The log file has been saved successfully to "C:\Users\Spence\Desktop\aswMBR.txt"

#15 cowpoke75

cowpoke75
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 13 June 2012 - 10:29 PM

still getting the notice from trend micro every four minutes...sometimes it says files: 00000001.@, 800000cb.@, and 80000000.@ in a windows\installer{760a0073-166....\ directory then when i click on more info it calls the actions sirefef.aq, .em, and .dd.

here is the trend micro log just in case it may be of some help:

Date/Time,Affected Files,Threat,Source,Response
6/13/2012 8:27 PM,C:\Windows\Installer\{7b0a0073-1661-bee0-7815-5094a0db7192}\U\00000001.@,TROJ_SIREFEF.QA,Threat,Removed
6/13/2012 8:27 PM,C:\Windows\Installer\{7b0a0073-1661-bee0-7815-5094a0db7192}\U\800000cb.@,TROJ_SIREFEF.EM,Threat,Removed
6/13/2012 8:27 PM,C:\Windows\Installer\{7b0a0073-1661-bee0-7815-5094a0db7192}\U\80000000.@,TROJ_SIREFEF.DD,Threat,Removed




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users