Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WIN32: Downloader - PKU ... (Trojan)


  • This topic is locked This topic is locked
13 replies to this topic

#1 mrjackstraw

mrjackstraw

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 15 July 2012 - 01:01 PM

OK, as the post title states I have been notified by Avast that I have an infection known as: WIN32: Downloader - PKU (trj)

Unfortunately, the only thing Avast seems to be able to do is notify me of this problem... over and over again at about 5 minute intervals. It says it has moved it to 'The Chest'...

My OS is Vista, Firefox is my browser of choice.

This has all come about within the past 24hrs. From what I've been able to find out, this seems to be a fairly nasty issue. We have ceased all of our normal computer usage - going to places where we have to log-in - and will be dealing with only this until it is cleared up. Hopefully this is the place that can help...

I have just run a Malwarebytes Quick Scan so I'll just throw that up as a jumping off point although it doesn't seem to indicate it's found this trojan...



Malwarebytes' Anti-Malware 1.44
Database version: 3907
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/15/2012 10:42:54 AM
mbam-log-2012-07-15 (10-42-11).txt

Scan type: Quick Scan
Objects scanned: 140512
Time elapsed: 20 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> No action taken.

Files Infected:
C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\nscf.dat (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\rlcm.txt (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> No action taken.
C:\Program Files\RelevantKnowledge\shfscp.dat (Spyware.MarketScore) -> No action taken.



*********
Cheers!

Edited by mrjackstraw, 15 July 2012 - 01:02 PM.


BC AdBot (Login to Remove)

 


#2 JefeO

JefeO

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 15 July 2012 - 02:48 PM

I'm having the exact same issue on Windows 7 64-bit, IE9.

Started last night.

I'll post a log as soon as I have it.

It alternated between the WIN32: Downloader - PKU (trj) message and Win32:Malware-gen

Edited by JefeO, 15 July 2012 - 02:50 PM.


#3 mrjackstraw

mrjackstraw
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 15 July 2012 - 02:54 PM

I just received a notice from the Avast pop-up that now lists an infection called-> WIN64: Sirefef-A [trj]

Not sure if this was there from the beginning or not...

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 AM

Posted 18 July 2012 - 01:43 PM

Hello, this WIN64: Sirefef-A [trj] is a real nasty item. Lets see if we can get it off.

Did you click the Remove Selected button after the MABM scan,as the No action taken can mean you did not..




Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mrjackstraw

mrjackstraw
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 19 July 2012 - 12:04 AM

Thanks for your help...

Regarding the Malwarebytes scan... I did choose 'Remove Selected' after I posted the log here initially. I cannot recall if it referenced the 2 infections I have brought up here, but there were 8 or 9 items that were listed as 'Adware' I believe.



aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-18 21:12:08
-----------------------------
21:12:08.028 OS Version: Windows 6.0.6002 Service Pack 2
21:12:08.028 Number of processors: 2 586 0xF02
21:12:08.028 ComputerName: DARRENBROWN-PC UserName: Darren Brown
21:12:53.931 Initialize success
21:13:01.606 AVAST engine defs: 12071900
21:13:22.081 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:13:22.096 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 3
21:13:22.112 Disk 0 MBR read successfully
21:13:22.112 Disk 0 MBR scan
21:13:22.112 Disk 0 Windows VISTA default MBR code
21:13:22.128 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
21:13:22.159 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
21:13:22.190 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160
21:13:22.206 Disk 0 scanning sectors +488278016
21:13:22.377 Disk 0 scanning C:\Windows\system32\drivers
21:13:40.224 Service scanning
21:14:01.830 Modules scanning
21:14:14.294 Disk 0 trace - called modules:
21:14:14.809 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:14:14.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864fbac8]
21:14:14.824 3 CLASSPNP.SYS[871a98b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x846d5030]
21:14:15.292 AVAST engine scan C:\Windows
21:14:17.929 AVAST engine scan C:\Windows\system32
21:16:11.996 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:17:13.897 AVAST engine scan C:\Windows\system32\drivers
21:17:28.467 AVAST engine scan C:\Users\Darren Brown
21:22:45.100 File: C:\Users\Darren Brown\AppData\Local\Temp\~!#ACF7.tmp **INFECTED** Win32:Downloader-PMH [Trj]
21:48:57.181 AVAST engine scan C:\ProgramData
21:50:27.427 Disk 0 MBR has been saved successfully to "C:\Users\Darren Brown\Desktop\MBR.dat"
21:50:27.427 The log file has been saved successfully to "C:\Users\Darren Brown\Desktop\aswMBR.txt"




TDSSKiller Log


21:54:01.0296 4852 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
21:54:01.0827 4852 ============================================================
21:54:01.0827 4852 Current date / time: 2012/07/18 21:54:01.0827
21:54:01.0827 4852 SystemInfo:
21:54:01.0827 4852
21:54:01.0827 4852 OS Version: 6.0.6002 ServicePack: 2.0
21:54:01.0827 4852 Product type: Workstation
21:54:01.0827 4852 ComputerName: DARRENBROWN-PC
21:54:01.0827 4852 UserName: Darren Brown
21:54:01.0827 4852 Windows directory: C:\Windows
21:54:01.0827 4852 System windows directory: C:\Windows
21:54:01.0827 4852 Processor architecture: Intel x86
21:54:01.0827 4852 Number of processors: 2
21:54:01.0827 4852 Page size: 0x1000
21:54:01.0827 4852 Boot type: Normal boot
21:54:01.0827 4852 ============================================================
21:54:02.0560 4852 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:54:02.0576 4852 ============================================================
21:54:02.0576 4852 \Device\Harddisk0\DR0:
21:54:02.0591 4852 MBR partitions:
21:54:02.0591 4852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
21:54:02.0591 4852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
21:54:02.0591 4852 ============================================================
21:54:02.0638 4852 C: <-> \Device\Harddisk0\DR0\Partition1
21:54:02.0654 4852 D: <-> \Device\Harddisk0\DR0\Partition0
21:54:02.0654 4852 ============================================================
21:54:02.0654 4852 Initialize success
21:54:02.0654 4852 ============================================================
21:54:59.0531 3568 ============================================================
21:54:59.0531 3568 Scan started
21:54:59.0531 3568 Mode: Manual; TDLFS;
21:54:59.0531 3568 ============================================================
21:55:00.0857 3568 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:55:00.0857 3568 !SASCORE - ok
21:55:01.0029 3568 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:55:01.0044 3568 ACPI - ok
21:55:01.0122 3568 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:55:01.0122 3568 AdobeARMservice - ok
21:55:01.0200 3568 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:01.0216 3568 AdobeFlashPlayerUpdateSvc - ok
21:55:01.0263 3568 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:55:01.0278 3568 adp94xx - ok
21:55:01.0388 3568 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:55:01.0388 3568 adpahci - ok
21:55:01.0419 3568 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:55:01.0419 3568 adpu160m - ok
21:55:01.0450 3568 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:55:01.0466 3568 adpu320 - ok
21:55:01.0497 3568 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:55:01.0512 3568 AeLookupSvc - ok
21:55:01.0559 3568 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:55:01.0559 3568 AFD - ok
21:55:01.0606 3568 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:55:01.0606 3568 agp440 - ok
21:55:01.0637 3568 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:55:01.0637 3568 aic78xx - ok
21:55:01.0653 3568 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:55:01.0668 3568 ALG - ok
21:55:01.0684 3568 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
21:55:01.0684 3568 aliide - ok
21:55:01.0715 3568 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:55:01.0715 3568 amdagp - ok
21:55:01.0746 3568 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
21:55:01.0746 3568 amdide - ok
21:55:01.0793 3568 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:55:01.0793 3568 AmdK7 - ok
21:55:01.0980 3568 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:55:01.0980 3568 AmdK8 - ok
21:55:02.0027 3568 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:55:02.0027 3568 Appinfo - ok
21:55:02.0292 3568 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:55:02.0292 3568 Apple Mobile Device - ok
21:55:02.0324 3568 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:55:02.0324 3568 arc - ok
21:55:02.0402 3568 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:55:02.0402 3568 arcsas - ok
21:55:02.0448 3568 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
21:55:02.0448 3568 aswFsBlk - ok
21:55:02.0480 3568 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
21:55:02.0480 3568 aswMonFlt - ok
21:55:02.0511 3568 aswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\aswRdr.sys
21:55:02.0511 3568 aswRdr - ok
21:55:02.0589 3568 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
21:55:02.0604 3568 aswSnx - ok
21:55:02.0636 3568 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
21:55:02.0651 3568 aswSP - ok
21:55:02.0698 3568 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
21:55:02.0698 3568 aswTdi - ok
21:55:02.0745 3568 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:02.0745 3568 AsyncMac - ok
21:55:02.0792 3568 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
21:55:02.0807 3568 atapi - ok
21:55:02.0870 3568 Ati External Event Utility (796f5a6263404c0fc473adcad61f2788) C:\Windows\system32\Ati2evxx.exe
21:55:02.0870 3568 Ati External Event Utility - ok
21:55:02.0979 3568 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:55:02.0994 3568 AudioEndpointBuilder - ok
21:55:02.0994 3568 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:55:02.0994 3568 Audiosrv - ok
21:55:03.0057 3568 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:55:03.0057 3568 avast! Antivirus - ok
21:55:03.0088 3568 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:55:03.0104 3568 Beep - ok
21:55:03.0306 3568 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
21:55:03.0322 3568 BITS - ok
21:55:03.0353 3568 blbdrive - ok
21:55:03.0447 3568 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:55:03.0462 3568 Bonjour Service - ok
21:55:03.0478 3568 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:55:03.0494 3568 bowser - ok
21:55:03.0540 3568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:55:03.0540 3568 BrFiltLo - ok
21:55:03.0618 3568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:55:03.0618 3568 BrFiltUp - ok
21:55:03.0696 3568 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:55:03.0696 3568 Browser - ok
21:55:03.0728 3568 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:55:03.0728 3568 Brserid - ok
21:55:03.0868 3568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:55:03.0868 3568 BrSerWdm - ok
21:55:03.0899 3568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:55:03.0899 3568 BrUsbMdm - ok
21:55:03.0930 3568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:55:03.0930 3568 BrUsbSer - ok
21:55:03.0962 3568 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:55:03.0962 3568 BTHMODEM - ok
21:55:04.0024 3568 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:04.0024 3568 cdfs - ok
21:55:04.0586 3568 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:55:04.0601 3568 cdrom - ok
21:55:06.0582 3568 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:55:06.0598 3568 CertPropSvc - ok
21:55:07.0893 3568 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:55:07.0908 3568 circlass - ok
21:55:07.0971 3568 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:55:07.0971 3568 CLFS - ok
21:55:08.0049 3568 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:08.0049 3568 clr_optimization_v2.0.50727_32 - ok
21:55:08.0220 3568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:08.0267 3568 clr_optimization_v4.0.30319_32 - ok
21:55:08.0298 3568 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
21:55:08.0298 3568 cmdide - ok
21:55:08.0330 3568 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:55:08.0330 3568 Compbatt - ok
21:55:08.0392 3568 COMSysApp - ok
21:55:08.0423 3568 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:55:08.0423 3568 crcdisk - ok
21:55:08.0548 3568 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:55:08.0548 3568 Crusoe - ok
21:55:08.0595 3568 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:55:08.0610 3568 CryptSvc - ok
21:55:08.0657 3568 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:55:08.0720 3568 DcomLaunch - ok
21:55:08.0782 3568 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:55:08.0798 3568 DfsC - ok
21:55:08.0907 3568 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:55:08.0954 3568 DFSR - ok
21:55:09.0110 3568 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:55:09.0125 3568 Dhcp - ok
21:55:09.0172 3568 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:55:09.0172 3568 disk - ok
21:55:09.0219 3568 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
21:55:09.0219 3568 DLABMFSM - ok
21:55:09.0234 3568 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
21:55:09.0234 3568 DLABOIOM - ok
21:55:09.0250 3568 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
21:55:09.0250 3568 DLACDBHM - ok
21:55:09.0250 3568 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
21:55:09.0250 3568 DLADResM - ok
21:55:09.0281 3568 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
21:55:09.0281 3568 DLAIFS_M - ok
21:55:09.0297 3568 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
21:55:09.0297 3568 DLAOPIOM - ok
21:55:09.0312 3568 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
21:55:09.0312 3568 DLAPoolM - ok
21:55:09.0328 3568 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
21:55:09.0328 3568 DLARTL_M - ok
21:55:09.0359 3568 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
21:55:09.0375 3568 DLAUDFAM - ok
21:55:09.0390 3568 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
21:55:09.0390 3568 DLAUDF_M - ok
21:55:09.0437 3568 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:55:09.0437 3568 Dnscache - ok
21:55:09.0468 3568 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:55:09.0484 3568 dot3svc - ok
21:55:09.0515 3568 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:55:09.0531 3568 dot4 - ok
21:55:09.0562 3568 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:55:09.0562 3568 Dot4Print - ok
21:55:09.0578 3568 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
21:55:09.0578 3568 Dot4Scan - ok
21:55:09.0593 3568 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:55:09.0593 3568 dot4usb - ok
21:55:09.0624 3568 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:55:09.0624 3568 DPS - ok
21:55:09.0656 3568 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:55:09.0656 3568 drmkaud - ok
21:55:09.0671 3568 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
21:55:09.0671 3568 DRVMCDB - ok
21:55:09.0687 3568 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
21:55:09.0687 3568 DRVNDDM - ok
21:55:09.0765 3568 DSBrokerService (01d5b95d0a12a916bbdc258629113258) C:\Program Files\DellSupport\brkrsvc.exe
21:55:09.0765 3568 DSBrokerService - ok
21:55:09.0796 3568 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:55:09.0796 3568 DSproct - ok
21:55:09.0812 3568 dsunidrv (64fa28c15dd71a80bef3527e1ef07df6) C:\Program Files\DellSupport\Drivers\dsunidrv.sys
21:55:09.0812 3568 dsunidrv - ok
21:55:09.0858 3568 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:09.0874 3568 DXGKrnl - ok
21:55:09.0921 3568 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:55:09.0936 3568 e1express - ok
21:55:09.0968 3568 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:55:09.0983 3568 E1G60 - ok
21:55:10.0014 3568 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:55:10.0014 3568 EapHost - ok
21:55:10.0046 3568 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:55:10.0061 3568 Ecache - ok
21:55:10.0202 3568 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:55:10.0217 3568 ehRecvr - ok
21:55:10.0248 3568 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:55:10.0248 3568 ehSched - ok
21:55:10.0264 3568 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:55:10.0280 3568 ehstart - ok
21:55:10.0311 3568 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:55:10.0326 3568 elxstor - ok
21:55:10.0389 3568 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:55:10.0420 3568 EMDMgmt - ok
21:55:10.0467 3568 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:55:10.0498 3568 EventSystem - ok
21:55:10.0545 3568 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:55:10.0545 3568 exfat - ok
21:55:10.0576 3568 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:55:10.0623 3568 fastfat - ok
21:55:10.0638 3568 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:55:10.0638 3568 fdc - ok
21:55:10.0670 3568 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:55:10.0670 3568 fdPHost - ok
21:55:10.0685 3568 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:55:10.0685 3568 FDResPub - ok
21:55:10.0716 3568 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:55:10.0716 3568 FileInfo - ok
21:55:10.0748 3568 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:55:10.0748 3568 Filetrace - ok
21:55:10.0779 3568 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:10.0779 3568 flpydisk - ok
21:55:10.0826 3568 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:55:10.0841 3568 FltMgr - ok
21:55:10.0904 3568 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:55:10.0950 3568 FontCache - ok
21:55:11.0013 3568 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:55:11.0013 3568 FontCache3.0.0.0 - ok
21:55:11.0044 3568 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
21:55:11.0044 3568 fssfltr - ok
21:55:11.0216 3568 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:55:11.0278 3568 fsssvc - ok
21:55:11.0387 3568 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:11.0387 3568 Fs_Rec - ok
21:55:11.0434 3568 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:55:11.0434 3568 gagp30kx - ok
21:55:11.0465 3568 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:55:11.0465 3568 GEARAspiWDM - ok
21:55:11.0559 3568 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:55:11.0559 3568 GoogleDesktopManager-051210-111108 - ok
21:55:11.0606 3568 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:55:11.0621 3568 gpsvc - ok
21:55:11.0684 3568 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:11.0699 3568 gupdate - ok
21:55:11.0715 3568 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:55:11.0715 3568 gupdatem - ok
21:55:11.0746 3568 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:11.0762 3568 gusvc - ok
21:55:11.0808 3568 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:55:11.0808 3568 HdAudAddService - ok
21:55:11.0871 3568 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:55:11.0886 3568 HDAudBus - ok
21:55:11.0949 3568 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:55:11.0964 3568 HidBth - ok
21:55:11.0980 3568 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:55:11.0980 3568 HidIr - ok
21:55:12.0011 3568 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
21:55:12.0011 3568 hidserv - ok
21:55:12.0042 3568 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:55:12.0058 3568 HidUsb - ok
21:55:12.0074 3568 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:55:12.0074 3568 hkmsvc - ok
21:55:12.0105 3568 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:55:12.0120 3568 HpCISSs - ok
21:55:12.0198 3568 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:55:12.0214 3568 hpqcxs08 - ok
21:55:12.0245 3568 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:55:12.0245 3568 hpqddsvc - ok
21:55:12.0292 3568 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:55:12.0339 3568 HPSLPSVC - ok
21:55:12.0401 3568 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:55:12.0417 3568 HTTP - ok
21:55:12.0432 3568 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:55:12.0432 3568 i2omp - ok
21:55:12.0495 3568 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:55:12.0495 3568 i8042prt - ok
21:55:12.0542 3568 IAANTMON (0bcee844a02747dd7f1e30352e619f2e) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:55:12.0542 3568 IAANTMON - ok
21:55:12.0573 3568 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
21:55:12.0573 3568 iaStor - ok
21:55:12.0635 3568 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:55:12.0651 3568 iaStorV - ok
21:55:12.0713 3568 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:55:12.0713 3568 IDriverT - ok
21:55:12.0791 3568 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:55:12.0807 3568 idsvc - ok
21:55:12.0838 3568 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:55:12.0838 3568 iirsp - ok
21:55:12.0885 3568 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:55:12.0900 3568 IKEEXT - ok
21:55:12.0947 3568 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
21:55:12.0947 3568 intelide - ok
21:55:12.0978 3568 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:12.0994 3568 intelppm - ok
21:55:13.0010 3568 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:55:13.0010 3568 IPBusEnum - ok
21:55:13.0056 3568 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:13.0072 3568 IpFilterDriver - ok
21:55:13.0072 3568 IpInIp - ok
21:55:13.0103 3568 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:55:13.0103 3568 IPMIDRV - ok
21:55:13.0134 3568 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:55:13.0150 3568 IPNAT - ok
21:55:13.0228 3568 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:55:13.0259 3568 iPod Service - ok
21:55:13.0306 3568 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:55:13.0306 3568 IRENUM - ok
21:55:13.0337 3568 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:55:13.0353 3568 isapnp - ok
21:55:13.0384 3568 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:55:13.0384 3568 iScsiPrt - ok
21:55:13.0431 3568 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:55:13.0431 3568 iteatapi - ok
21:55:13.0462 3568 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:55:13.0462 3568 iteraid - ok
21:55:13.0493 3568 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:13.0493 3568 kbdclass - ok
21:55:13.0524 3568 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:55:13.0524 3568 kbdhid - ok
21:55:13.0556 3568 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:55:13.0556 3568 KeyIso - ok
21:55:13.0602 3568 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
21:55:13.0618 3568 KSecDD - ok
21:55:13.0680 3568 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:55:13.0712 3568 KtmRm - ok
21:55:13.0758 3568 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
21:55:13.0774 3568 LanmanServer - ok
21:55:13.0821 3568 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:55:13.0852 3568 LanmanWorkstation - ok
21:55:13.0899 3568 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:13.0899 3568 lltdio - ok
21:55:13.0961 3568 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:55:13.0977 3568 lltdsvc - ok
21:55:14.0008 3568 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:55:14.0008 3568 lmhosts - ok
21:55:14.0055 3568 LMIInfo - ok
21:55:14.0086 3568 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
21:55:14.0086 3568 lmimirr - ok
21:55:14.0102 3568 LMIRfsClientNP - ok
21:55:14.0148 3568 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:55:14.0148 3568 LMIRfsDriver - ok
21:55:14.0211 3568 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:55:14.0211 3568 LSI_FC - ok
21:55:14.0258 3568 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:55:14.0258 3568 LSI_SAS - ok
21:55:14.0289 3568 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:55:14.0289 3568 LSI_SCSI - ok
21:55:14.0320 3568 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:55:14.0320 3568 luafv - ok
21:55:14.0367 3568 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:55:14.0382 3568 Mcx2Svc - ok
21:55:14.0414 3568 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:55:14.0414 3568 megasas - ok
21:55:14.0507 3568 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:55:14.0507 3568 Microsoft Office Groove Audit Service - ok
21:55:14.0538 3568 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:55:14.0538 3568 MMCSS - ok
21:55:14.0570 3568 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:55:14.0570 3568 Modem - ok
21:55:14.0601 3568 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:55:14.0616 3568 monitor - ok
21:55:14.0648 3568 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:55:14.0648 3568 mouclass - ok
21:55:14.0710 3568 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:14.0710 3568 mouhid - ok
21:55:14.0726 3568 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:55:14.0726 3568 MountMgr - ok
21:55:14.0788 3568 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:55:14.0788 3568 MozillaMaintenance - ok
21:55:14.0835 3568 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:55:14.0835 3568 mpio - ok
21:55:14.0866 3568 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:55:14.0866 3568 mpsdrv - ok
21:55:14.0897 3568 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:55:14.0897 3568 Mraid35x - ok
21:55:14.0928 3568 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:55:14.0944 3568 MRxDAV - ok
21:55:14.0975 3568 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:14.0975 3568 mrxsmb - ok
21:55:15.0006 3568 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:15.0022 3568 mrxsmb10 - ok
21:55:15.0053 3568 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:15.0069 3568 mrxsmb20 - ok
21:55:15.0116 3568 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
21:55:15.0116 3568 msahci - ok
21:55:15.0162 3568 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
21:55:15.0162 3568 MSCamSvc - ok
21:55:15.0194 3568 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:55:15.0194 3568 msdsm - ok
21:55:15.0225 3568 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:55:15.0240 3568 MSDTC - ok
21:55:15.0272 3568 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:55:15.0287 3568 Msfs - ok
21:55:15.0318 3568 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:55:15.0334 3568 msisadrv - ok
21:55:15.0365 3568 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:55:15.0381 3568 MSiSCSI - ok
21:55:15.0381 3568 msiserver - ok
21:55:15.0412 3568 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:15.0428 3568 MSKSSRV - ok
21:55:15.0459 3568 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:15.0459 3568 MSPCLOCK - ok
21:55:15.0474 3568 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:55:15.0474 3568 MSPQM - ok
21:55:15.0506 3568 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:55:15.0521 3568 MsRPC - ok
21:55:15.0584 3568 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:55:15.0584 3568 mssmbios - ok
21:55:15.0615 3568 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:55:15.0615 3568 MSTEE - ok
21:55:15.0630 3568 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:55:15.0630 3568 Mup - ok
21:55:15.0677 3568 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:55:15.0693 3568 napagent - ok
21:55:15.0755 3568 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:15.0755 3568 NativeWifiP - ok
21:55:15.0818 3568 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:55:15.0833 3568 NDIS - ok
21:55:15.0896 3568 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:15.0896 3568 NdisTapi - ok
21:55:15.0927 3568 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:15.0927 3568 Ndisuio - ok
21:55:15.0958 3568 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:15.0974 3568 NdisWan - ok
21:55:15.0989 3568 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:55:16.0005 3568 NDProxy - ok
21:55:16.0020 3568 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
21:55:16.0036 3568 Net Driver HPZ12 - ok
21:55:16.0052 3568 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:55:16.0052 3568 NetBIOS - ok
21:55:16.0067 3568 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:55:16.0083 3568 netbt - ok
21:55:16.0114 3568 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:55:16.0114 3568 Netlogon - ok
21:55:16.0145 3568 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:55:16.0161 3568 Netman - ok
21:55:16.0192 3568 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:55:16.0208 3568 netprofm - ok
21:55:16.0286 3568 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:55:16.0301 3568 NetTcpPortSharing - ok
21:55:16.0348 3568 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:55:16.0348 3568 nfrd960 - ok
21:55:16.0395 3568 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:55:16.0410 3568 NlaSvc - ok
21:55:16.0457 3568 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:55:16.0457 3568 Npfs - ok
21:55:16.0520 3568 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:55:16.0520 3568 nsi - ok
21:55:16.0566 3568 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:55:16.0566 3568 nsiproxy - ok
21:55:16.0629 3568 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:55:16.0691 3568 Ntfs - ok
21:55:16.0754 3568 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:55:16.0754 3568 ntrigdigi - ok
21:55:16.0769 3568 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:55:16.0769 3568 Null - ok
21:55:16.0816 3568 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:55:16.0816 3568 nvraid - ok
21:55:16.0832 3568 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:55:16.0847 3568 nvstor - ok
21:55:16.0894 3568 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:55:16.0894 3568 nv_agp - ok
21:55:16.0910 3568 NwlnkFlt - ok
21:55:16.0910 3568 NwlnkFwd - ok
21:55:17.0019 3568 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:55:17.0034 3568 odserv - ok
21:55:17.0066 3568 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:55:17.0081 3568 ohci1394 - ok
21:55:17.0128 3568 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:17.0144 3568 ose - ok
21:55:17.0190 3568 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:55:17.0206 3568 p2pimsvc - ok
21:55:17.0222 3568 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:55:17.0222 3568 p2psvc - ok
21:55:17.0300 3568 PAC7302 (aff9a1986555e4592de8092f9a5fa2d2) C:\Windows\system32\DRIVERS\PAC7302.SYS
21:55:17.0315 3568 PAC7302 - ok
21:55:17.0346 3568 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:55:17.0346 3568 Parport - ok
21:55:17.0378 3568 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:55:17.0378 3568 partmgr - ok
21:55:17.0393 3568 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:55:17.0393 3568 Parvdm - ok
21:55:17.0424 3568 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:55:17.0424 3568 PcaSvc - ok
21:55:17.0456 3568 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:55:17.0471 3568 pci - ok
21:55:17.0487 3568 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
21:55:17.0487 3568 pciide - ok
21:55:17.0518 3568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:55:17.0534 3568 pcmcia - ok
21:55:17.0596 3568 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:55:17.0627 3568 PEAUTH - ok
21:55:17.0721 3568 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:55:17.0799 3568 pla - ok
21:55:17.0892 3568 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:55:17.0908 3568 PlugPlay - ok
21:55:17.0939 3568 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
21:55:17.0939 3568 Pml Driver HPZ12 - ok
21:55:17.0986 3568 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:55:17.0986 3568 PNRPAutoReg - ok
21:55:18.0002 3568 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:55:18.0017 3568 PNRPsvc - ok
21:55:18.0048 3568 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:55:18.0064 3568 PolicyAgent - ok
21:55:18.0126 3568 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:18.0126 3568 PptpMiniport - ok
21:55:18.0158 3568 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:55:18.0158 3568 Processor - ok
21:55:18.0204 3568 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:55:18.0204 3568 ProfSvc - ok
21:55:18.0236 3568 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:55:18.0236 3568 ProtectedStorage - ok
21:55:18.0267 3568 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:55:18.0267 3568 PSched - ok
21:55:18.0329 3568 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
21:55:18.0329 3568 PxHelp20 - ok
21:55:18.0392 3568 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:55:18.0407 3568 ql2300 - ok
21:55:18.0454 3568 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:55:18.0470 3568 ql40xx - ok
21:55:18.0501 3568 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:55:18.0516 3568 QWAVE - ok
21:55:18.0532 3568 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:55:18.0532 3568 QWAVEdrv - ok
21:55:18.0641 3568 R300 (8766b8f65459c37e20d525645e30e466) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:18.0688 3568 R300 - ok
21:55:18.0813 3568 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:18.0828 3568 RasAcd - ok
21:55:18.0844 3568 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:55:18.0860 3568 RasAuto - ok
21:55:18.0891 3568 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:18.0891 3568 Rasl2tp - ok
21:55:18.0969 3568 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:55:18.0984 3568 RasMan - ok
21:55:19.0000 3568 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:19.0000 3568 RasPppoe - ok
21:55:19.0031 3568 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:19.0047 3568 RasSstp - ok
21:55:19.0078 3568 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:19.0094 3568 rdbss - ok
21:55:19.0109 3568 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:19.0109 3568 RDPCDD - ok
21:55:19.0156 3568 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:55:19.0172 3568 rdpdr - ok
21:55:19.0187 3568 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:55:19.0187 3568 RDPENCDD - ok
21:55:19.0218 3568 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:55:19.0234 3568 RDPWD - ok
21:55:19.0281 3568 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:55:19.0281 3568 RemoteAccess - ok
21:55:19.0312 3568 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:55:19.0328 3568 RemoteRegistry - ok
21:55:19.0343 3568 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
21:55:19.0359 3568 Revoflt - ok
21:55:19.0484 3568 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
21:55:19.0515 3568 RoxMediaDB9 - ok
21:55:19.0546 3568 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
21:55:19.0546 3568 RoxWatch9 - ok
21:55:19.0577 3568 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:55:19.0577 3568 RpcLocator - ok
21:55:19.0624 3568 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:55:19.0640 3568 RpcSs - ok
21:55:19.0671 3568 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:19.0671 3568 rspndr - ok
21:55:19.0702 3568 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:55:19.0702 3568 SamSs - ok
21:55:19.0733 3568 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:55:19.0733 3568 SASDIFSV - ok
21:55:19.0764 3568 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:55:19.0764 3568 SASENUM - ok
21:55:19.0780 3568 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
21:55:19.0780 3568 SASKUTIL - ok
21:55:19.0811 3568 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:55:19.0811 3568 sbp2port - ok
21:55:19.0858 3568 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:55:19.0858 3568 SCardSvr - ok
21:55:19.0936 3568 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:55:19.0967 3568 Schedule - ok
21:55:19.0967 3568 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:55:19.0967 3568 SCPolicySvc - ok
21:55:19.0998 3568 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:55:20.0014 3568 SDRSVC - ok
21:55:20.0014 3568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:55:20.0014 3568 secdrv - ok
21:55:20.0045 3568 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:55:20.0045 3568 seclogon - ok
21:55:20.0061 3568 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:55:20.0076 3568 SENS - ok
21:55:20.0108 3568 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:55:20.0108 3568 Serenum - ok
21:55:20.0123 3568 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:55:20.0139 3568 Serial - ok
21:55:20.0170 3568 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:55:20.0170 3568 sermouse - ok
21:55:20.0201 3568 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:55:20.0217 3568 SessionEnv - ok
21:55:20.0232 3568 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:55:20.0232 3568 sffdisk - ok
21:55:20.0279 3568 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:20.0279 3568 sffp_mmc - ok
21:55:20.0295 3568 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:55:20.0295 3568 sffp_sd - ok
21:55:20.0310 3568 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:55:20.0326 3568 sfloppy - ok
21:55:20.0357 3568 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:55:20.0373 3568 ShellHWDetection - ok
21:55:20.0435 3568 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:55:20.0435 3568 sisagp - ok
21:55:20.0466 3568 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:55:20.0466 3568 SiSRaid2 - ok
21:55:20.0482 3568 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:55:20.0482 3568 SiSRaid4 - ok
21:55:20.0544 3568 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
21:55:20.0560 3568 SkypeUpdate - ok
21:55:20.0716 3568 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:55:20.0810 3568 slsvc - ok
21:55:20.0903 3568 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:55:20.0903 3568 SLUINotify - ok
21:55:20.0950 3568 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:55:20.0950 3568 Smb - ok
21:55:20.0981 3568 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:55:20.0981 3568 SNMPTRAP - ok
21:55:21.0028 3568 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:55:21.0028 3568 spldr - ok
21:55:21.0059 3568 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:55:21.0075 3568 Spooler - ok
21:55:21.0122 3568 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:55:21.0122 3568 srv - ok
21:55:21.0153 3568 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:55:21.0168 3568 srv2 - ok
21:55:21.0184 3568 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:21.0184 3568 srvnet - ok
21:55:21.0215 3568 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:55:21.0231 3568 SSDPSRV - ok
21:55:21.0262 3568 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:55:21.0278 3568 SstpSvc - ok
21:55:21.0340 3568 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
21:55:21.0387 3568 STHDA - ok
21:55:21.0418 3568 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
21:55:21.0418 3568 StillCam - ok
21:55:21.0465 3568 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:55:21.0480 3568 stisvc - ok
21:55:21.0543 3568 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:55:21.0543 3568 stllssvr - ok
21:55:21.0574 3568 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:55:21.0574 3568 swenum - ok
21:55:21.0605 3568 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:55:21.0621 3568 swprv - ok
21:55:21.0652 3568 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:55:21.0652 3568 Symc8xx - ok
21:55:21.0668 3568 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:55:21.0668 3568 Sym_hi - ok
21:55:21.0683 3568 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:55:21.0683 3568 Sym_u3 - ok
21:55:21.0730 3568 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:55:21.0777 3568 SysMain - ok
21:55:21.0808 3568 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:55:21.0808 3568 TabletInputService - ok
21:55:21.0855 3568 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:55:21.0855 3568 TapiSrv - ok
21:55:21.0886 3568 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:55:21.0886 3568 TBS - ok
21:55:21.0948 3568 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:55:21.0964 3568 Tcpip - ok
21:55:21.0980 3568 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:21.0980 3568 Tcpip6 - ok
21:55:22.0011 3568 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:55:22.0011 3568 tcpipreg - ok
21:55:22.0042 3568 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:55:22.0042 3568 TDPIPE - ok
21:55:22.0073 3568 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:55:22.0073 3568 TDTCP - ok
21:55:22.0104 3568 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:55:22.0104 3568 tdx - ok
21:55:22.0136 3568 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:55:22.0136 3568 TermDD - ok
21:55:22.0182 3568 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:55:22.0198 3568 TermService - ok
21:55:22.0229 3568 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:55:22.0229 3568 Themes - ok
21:55:22.0260 3568 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:55:22.0260 3568 THREADORDER - ok
21:55:22.0292 3568 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:55:22.0292 3568 TrkWks - ok
21:55:22.0323 3568 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:55:22.0338 3568 TrustedInstaller - ok
21:55:22.0385 3568 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:22.0385 3568 tssecsrv - ok
21:55:22.0416 3568 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:55:22.0416 3568 tunmp - ok
21:55:22.0432 3568 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:22.0448 3568 tunnel - ok
21:55:22.0463 3568 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:55:22.0479 3568 uagp35 - ok
21:55:22.0510 3568 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:55:22.0526 3568 udfs - ok
21:55:22.0572 3568 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:55:22.0572 3568 UI0Detect - ok
21:55:22.0604 3568 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:55:22.0604 3568 uliagpkx - ok
21:55:22.0619 3568 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:55:22.0635 3568 uliahci - ok
21:55:22.0650 3568 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:55:22.0666 3568 UlSata - ok
21:55:22.0682 3568 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:55:22.0682 3568 ulsata2 - ok
21:55:22.0713 3568 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:55:22.0728 3568 umbus - ok
21:55:22.0791 3568 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:55:22.0806 3568 upnphost - ok
21:55:22.0838 3568 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:55:22.0838 3568 USBAAPL - ok
21:55:22.0884 3568 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:55:22.0884 3568 usbaudio - ok
21:55:22.0916 3568 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:22.0931 3568 usbccgp - ok
21:55:22.0947 3568 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:55:22.0962 3568 usbcir - ok
21:55:22.0978 3568 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:55:22.0978 3568 usbehci - ok
21:55:23.0025 3568 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:23.0040 3568 usbhub - ok
21:55:23.0056 3568 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:55:23.0056 3568 usbohci - ok
21:55:23.0087 3568 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:55:23.0087 3568 usbprint - ok
21:55:23.0103 3568 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:55:23.0103 3568 usbscan - ok
21:55:23.0134 3568 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:23.0134 3568 USBSTOR - ok
21:55:23.0150 3568 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:55:23.0165 3568 usbuhci - ok
21:55:23.0181 3568 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
21:55:23.0196 3568 usb_rndisx - ok
21:55:23.0212 3568 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:55:23.0228 3568 UxSms - ok
21:55:23.0259 3568 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:55:23.0274 3568 vds - ok
21:55:23.0306 3568 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:23.0306 3568 vga - ok
21:55:23.0321 3568 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:55:23.0321 3568 VgaSave - ok
21:55:23.0352 3568 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:55:23.0352 3568 viaagp - ok
21:55:23.0399 3568 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:55:23.0399 3568 ViaC7 - ok
21:55:23.0430 3568 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
21:55:23.0430 3568 viaide - ok
21:55:23.0462 3568 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:55:23.0462 3568 volmgr - ok
21:55:23.0508 3568 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:55:23.0508 3568 volmgrx - ok
21:55:23.0555 3568 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:55:23.0571 3568 volsnap - ok
21:55:23.0633 3568 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:55:23.0633 3568 vsmraid - ok
21:55:23.0711 3568 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:55:23.0758 3568 VSS - ok
21:55:23.0867 3568 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\Windows\system32\DRIVERS\VX3000.sys
21:55:23.0930 3568 VX3000 - ok
21:55:24.0023 3568 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:55:24.0039 3568 W32Time - ok
21:55:24.0117 3568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:55:24.0117 3568 WacomPen - ok
21:55:24.0148 3568 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:24.0148 3568 Wanarp - ok
21:55:24.0164 3568 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:24.0164 3568 Wanarpv6 - ok
21:55:24.0195 3568 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:55:24.0226 3568 wcncsvc - ok
21:55:24.0242 3568 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:55:24.0257 3568 WcsPlugInService - ok
21:55:24.0273 3568 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:55:24.0288 3568 Wd - ok
21:55:24.0304 3568 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
21:55:24.0304 3568 WDC_SAM - ok
21:55:24.0366 3568 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:55:24.0413 3568 Wdf01000 - ok
21:55:24.0429 3568 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:55:24.0444 3568 WdiServiceHost - ok
21:55:24.0444 3568 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:55:24.0444 3568 WdiSystemHost - ok
21:55:24.0476 3568 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:55:24.0491 3568 WebClient - ok
21:55:24.0522 3568 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:55:24.0538 3568 Wecsvc - ok
21:55:24.0569 3568 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:55:24.0585 3568 wercplsupport - ok
21:55:24.0616 3568 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:55:24.0632 3568 WerSvc - ok
21:55:24.0632 3568 WinHttpAutoProxySvc - ok
21:55:24.0678 3568 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:55:24.0694 3568 Winmgmt - ok
21:55:24.0756 3568 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:55:24.0834 3568 WinRM - ok
21:55:24.0881 3568 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:55:24.0897 3568 Wlansvc - ok
21:55:24.0959 3568 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:55:24.0959 3568 wlcrasvc - ok
21:55:25.0068 3568 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:55:25.0100 3568 wlidsvc - ok
21:55:25.0209 3568 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:55:25.0209 3568 WmiAcpi - ok
21:55:25.0271 3568 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:55:25.0287 3568 wmiApSrv - ok
21:55:25.0380 3568 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:55:25.0427 3568 WMPNetworkSvc - ok
21:55:25.0458 3568 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:55:25.0505 3568 WPCSvc - ok
21:55:25.0536 3568 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:55:25.0536 3568 WPDBusEnum - ok
21:55:25.0614 3568 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:55:25.0614 3568 WpdUsb - ok
21:55:25.0724 3568 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:55:25.0770 3568 WPFFontCache_v0400 - ok
21:55:25.0817 3568 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:25.0833 3568 ws2ifsl - ok
21:55:25.0833 3568 WSearch - ok
21:55:25.0973 3568 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:55:26.0036 3568 wuauserv - ok
21:55:26.0160 3568 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:26.0176 3568 WUDFRd - ok
21:55:26.0192 3568 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:55:26.0207 3568 wudfsvc - ok
21:55:26.0238 3568 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:55:26.0535 3568 \Device\Harddisk0\DR0 - ok
21:55:26.0566 3568 Boot (0x1200) (182394e05bc59b3d626d683cb2c81792) \Device\Harddisk0\DR0\Partition0
21:55:26.0566 3568 \Device\Harddisk0\DR0\Partition0 - ok
21:55:26.0566 3568 Boot (0x1200) (7524931d36e892312b84234fc57d5604) \Device\Harddisk0\DR0\Partition1
21:55:26.0566 3568 \Device\Harddisk0\DR0\Partition1 - ok
21:55:26.0566 3568 ============================================================
21:55:26.0566 3568 Scan finished
21:55:26.0566 3568 ============================================================
21:55:26.0582 4532 Detected object count: 0
21:55:26.0582 4532 Actual detected object count: 0



I did not need a Reboot.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 AM

Posted 19 July 2012 - 08:06 PM

OK,good,, we should run one more and see if there is anything left.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


Then Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mrjackstraw

mrjackstraw
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 20 July 2012 - 06:21 AM

ESET OnlineScan Results


C:\Users\Darren Brown\AppData\Local\Temp\jar_cache4084040468004844827.tmp a variant of Java/Exploit.CVE-2012-1723.L trojan deleted - quarantined
C:\Users\Darren Brown\AppData\Local\Temp\~!#ACF7.tmp a variant of Win32/Injector.TZD trojan cleaned by deleting - quarantined
C:\Users\Darren Brown\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Darren Brown\AppData\Local\{C239D4E3-CDE8-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan cleaned by deleting - quarantined
C:\Users\Darren Brown\AppData\Roaming\utfce.dll a variant of Win32/Medfos.AU trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz1195.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3346.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3467.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz36BB.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3A07.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3A9.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3AA7.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3C70.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz3EAB.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz44C.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz4916.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz492D.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz4AC9.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz5033.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz545A.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz59E.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz5FA2.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz6240.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz667F.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz66BD.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz6DA5.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz6EA2.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz6F8D.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz70D3.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz72E7.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz790B.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz8AEC.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz8F2E.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz9052.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz9498.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trz95F8.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzB41E.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzBCA3.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzC1D6.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzC4E0.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzCA60.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzCC3B.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzD426.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzD44D.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzDAC.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzDCB6.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzE0D7.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzE118.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzE2A2.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzE2C6.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzEDE1.tmp a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzF0F0.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzFB5A.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzFE8D.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f00a6b08-3c57-0288-ced4-796231f6a301}\U\trzFF22.tmp a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Windows\System32\services.exe Win32/Sirefef.FB.Gen trojan unable to clean


Security Check Results


Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may

not be accurate!

avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.


```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Wise Registry Cleaner 6.21
Java™ 6 Update 31
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 AM

Posted 23 July 2012 - 12:34 PM

Hello, sorry aboutthe delay. Had a familt issue and was away.

Due to this
C:\Windows\System32\services.exe Win32/Sirefef.FB.Gen trojan unable to clean

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 mrjackstraw

mrjackstraw
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 23 July 2012 - 05:10 PM

I have been unable to complete step #7 > Downloading DDS. I will keep trying. Please advise if you know of another location where I can get this or if I need to do something on my end. All other downloads have gone off without a hitch.

Cheers.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 AM

Posted 23 July 2012 - 06:09 PM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 mrjackstraw

mrjackstraw
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 23 July 2012 - 10:06 PM

OK. I did manage to get the DDS by subs through another link on these boards and I now have the 2 text files required for my new topic post in the Virus, Trojan, Spyware, and Malware Removal Logs section.

Where I was lucky enough to pick up a new problem was in the next step. Step 8. I have the gmer.exe file and I have tried to run it a few times. Each time, about 2 minutes into the scan I get a blue screen followed by a quick shut-down of Windows. Not too sure what it says. It happens pretty quickly. I do get messages from Windows when I reboot that says there was an unexpected problem. I've also just received one that says 'Host Process for Windows Services stopped working and was closed'.

I have also tried to run gmer.exe in Safe Networking Mode. Not sure why. Anyway, same results.

I did not want to create a new topic in the other section without completing all the steps. Please advise.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:50 AM

Posted 24 July 2012 - 01:13 PM

Ok, post the DDS log there and stste GMER failed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 mrjackstraw

mrjackstraw
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 24 July 2012 - 02:02 PM

Done as requested.

Link to the new thread: HERE

Thanks.

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,987 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:50 AM

Posted 24 July 2012 - 04:22 PM

Hello,

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users