Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me rid my laptop of win32/sirefef.an, sirefef, sirefef.ao, and sirefef.ag


  • This topic is locked This topic is locked
23 replies to this topic

#1 OmoAbode

OmoAbode

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 09 August 2012 - 05:08 PM

My security alert says I have these four viruses and all attempts to clean them using microsoft forefront client security have failed. Besides, the computer shuts down every couple of minutes. Please help, I am frustrated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:26 PM

Posted 10 August 2012 - 02:34 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:26 PM

Posted 14 August 2012 - 12:18 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 01:59 AM

Hi Gringo, Thank you for your reply. I still need help.

#5 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 02:30 AM

Before I could post the checkup.txt my computer crashed and restarted. I am guessing I should run security check again. Should I?

#6 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 03:00 AM

Here is the content of checkup.txt:

Results of screen317's Security Check version 0.99.44
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Forefront Client Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java™ 6 Update 6
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 10.0 Firefox out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Microsoft Forefront Client Security Client Antimalware\MsMpEng.exe
Microsoft Forefront Client Security Client Antimalware\MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#7 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 03:49 AM

Here's the content of DDS.txt and Attach.txt respectively:

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by pxabode at 1:31:14 on 2012-08-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1919.993 [GMT -7:00]
.
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\ProgramData\Anyplace Control 4\svcadmin.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Maxtor\Utils\SyncServices.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\rpcnet.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Maxtor\MANAGE~1\OneTouch.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Livestation\Livestation.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Users\pxabode\AppData\Local\Google\Chrome\Application\21.0.1180.79\chrome_frame_helper.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\Aware.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\SMART Technologies\SMART Board Drivers\Marker.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.fresnounified.org/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\notebook software\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - No File
uRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
uRun: [Livestation] c:\program files\livestation\Livestation.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\pxabode\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe
uRun: [Easy Dock] c:\users\pxabode\documents\rca easyrip\EZDock.exe
uRun: [ChromeFrameHelper] "c:\users\pxabode\appdata\local\google\chrome\application\21.0.1180.79\chrome_frame_helper.exe" --startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe -e
mRun: [SMART Board Service] c:\program files\smart technologies\smart board drivers\SMARTBoardService.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Easy Dock]
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart board drivers\SMARTBoardTools.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: fresnounified.org\dl
Trusted Zone: microsoft.com\oas.premier
Trusted Zone: microsoft.com\premier
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{91CDCAAF-5706-47F2-955F-07D9F8EF8C38} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{91CDCAAF-5706-47F2-955F-07D9F8EF8C38}\2456C6B696E6E253642473 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{91CDCAAF-5706-47F2-955F-07D9F8EF8C38}\64553544 : DhcpNameServer = 10.223.231.12 10.223.241.12 10.223.241.73 10.223.241.92 10.223.241.55 10.223.241.56 10.223.241.57 10.223.241.53
TCP: Interfaces\{91CDCAAF-5706-47F2-955F-07D9F8EF8C38}\64553544D23547166666 : DhcpNameServer = 10.223.231.12 10.223.241.12 10.223.241.73 10.223.241.92 10.223.241.55 10.223.241.56 10.223.241.57 10.223.241.53
TCP: Interfaces\{91CDCAAF-5706-47F2-955F-07D9F8EF8C38}\84F445149425 : DhcpNameServer = 192.168.11.1 4.2.2.1 4.2.2.2
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\users\pxabode\appdata\local\google\chrome\application\21.0.1180.79\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~1\google\google~2\GO36F4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pxabode\appdata\roaming\mozilla\firefox\profiles\c13j8jxe.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=8CB7CE4C-0881-48A1-845D-6B2F00889E49&apn_ptnrs=TV&apn_sauid=6CA957C2-53D2-4D85-B601-7BA33D2ED067&apn_dtid=OSJ000YYUS&&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programdata\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\pxabode\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-4-9 520704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-2-16 80824]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2010-4-14 11264]
.
=============== Created Last 30 ================
.
2012-08-16 08:05:01 -------- d--h--w- c:\windows\PIF
2012-08-16 07:10:24 56200 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{0b5571e2-da16-4d3a-85d1-a3f4cea3db3f}\offreg.dll
2012-08-16 06:11:29 119808 ----a-r- c:\users\pxabode\appdata\roaming\microsoft\installer\{ccf298af-9ce1-4b26-b251-486e98a34789}\icons.exe
2012-08-16 06:11:29 -------- d-----w- c:\users\pxabode\appdata\local\Apps
2012-08-11 21:55:38 43480 ----a-w- c:\windows\system32\drivers\vkqabaji.sys
2012-08-09 05:17:20 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-08-08 16:52:46 6891424 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{0b5571e2-da16-4d3a-85d1-a3f4cea3db3f}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-16 08:28:22 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-16 08:28:18 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-16 08:05:13 259072 ----a-w- c:\windows\system32\services.exe
2012-08-16 05:25:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:25:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 05:15:07 17408 ----a-w- c:\windows\system32\rpcnetp.dll
.
============= FINISH: 1:34:40.54 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/1/2009 11:44:11 AM
System Uptime: 8/16/2012 1:27:30 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30C2
Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | U10 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 63 GiB total, 8.668 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 4.409 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1497: 8/15/2012 9:34:10 PM - Microsoft Forefront Client Security Checkpoint
RP1499: 8/15/2012 9:51:44 PM - Microsoft Forefront Client Security Checkpoint
RP1501: 8/15/2012 10:35:18 PM - Microsoft Forefront Client Security Checkpoint
RP1503: 8/15/2012 10:54:10 PM - Microsoft Forefront Client Security Checkpoint
RP1504: 8/15/2012 11:10:59 PM - Installed Windows 7 USB/DVD Download Tool
RP1506: 8/15/2012 11:12:47 PM - Microsoft Forefront Client Security Checkpoint
RP1508: 8/16/2012 12:18:59 AM - Microsoft Forefront Client Security Checkpoint
RP1510: 8/16/2012 12:35:01 AM - Microsoft Forefront Client Security Checkpoint
RP1512: 8/16/2012 12:50:04 AM - Microsoft Forefront Client Security Checkpoint
RP1514: 8/16/2012 1:04:50 AM - Microsoft Forefront Client Security Checkpoint
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Anyplace Control 5.0.5.2_Trial
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
ATI Catalyst Install Manager
Audacity 1.2.6
BlackBerry Desktop Software 6.1
BlackBerry Desktop Software 7.0
BlackBerry Device Software Updater
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Digital Voice Editor 3
eMusic Download Manager
Express Dictate
Express Scribe
File Type Assistant
Free File Viewer 2011
Freeze.com NetAssistant
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP Quick Launch Buttons 6.40 C2
iCloud
Internet TV for Windows Media Center
Itibiti RTC
iTunes
Java Auto Updater
Java™ 6 Update 31
Java™ 6 Update 6
LAME v3.98.2 for Audacity
Learning Essentials for Microsoft Office
Livestation
Living 3D Dolphin
Maxtor Backup
Maxtor OneTouch III
MEO Encryption Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Forefront Client Security Antimalware Service
Microsoft Forefront Client Security State Assessment Service
Microsoft IntelliPoint 8.0
Microsoft IntelliType Pro 8.2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007 R2
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Operations Manager 2005 Agent
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 10.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser
NetAssistant
Notebook Software
OGA Notifier 2.0.0048.0
OpenAL
PASSPORT 32-bit (Standard Installation)
PGGP 4.0
Photo Story 3 for Windows
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RLPrintPlugin
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skins
SMART Board Drivers
SoundMAX
SPSS 12.0 for Windows
SPSS 15.0 for Windows
SPSS Dimensions Component Pack 5.5
SPSS Inc. Data Access Pack 5.3 for Windows
SPSS Statistics 17.0
Synaptics Pointing Device Driver
TaxACT 2008
TaxACT 2008 California
TaxACT 2009
TaxACT 2009 California
TaxACT 2011 - 1040 Edition
TaxACT 2011 California
Technology in the Class for Learning Essentials
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WIN7TS
Windows 7 USB/DVD Download Tool
Windows Media Center Add-in for Flash
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 9:19:14 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {1EE3A02F-91F2-4A94-8D87-2805F9B84DF8} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 9:04:32 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {AAEE1BD4-D479-4C2F-A106-4CE9F374B6D4} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 8:49:50 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {680D84E9-0B24-46B5-90D9-F99E5D489317} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 8:35:06 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {9AAB3495-CF0C-4133-8E7E-4553A9B27F06} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 8:20:22 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {AA2CB735-699E-47A2-AE80-771BEFDA10CE} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 8:05:36 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {09544F19-5C7D-48CA-BC6A-E866D65BFEB5} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 7:50:50 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {E3F85C1F-5FC8-4446-A161-D323849EFE08} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 7:35:48 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {C7009547-96E5-486C-B2C7-261DDB9336C4} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 7:20:38 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {17214F88-4035-47DC-829C-BD0106C75308} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 7:05:50 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {BF1F9B52-9F9D-41FD-8843-C7D7883BF448} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 4:02:21 PM, Error: FcsSas [10013] - Microsoft Update opt-in completed with errors. The Forefront Client Security State Assessment Service (FcsSas) failed to register the computer with Microsoft Update. Error Code: 0x800706ba Possible courses of action include: -Ensure the Windows Update Agent service (wuauserv) is enabled. -Manually opt-in to Microsoft Update through Windows Update.
8/9/2012 4:02:19 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Scan ID: {35C72829-EB04-41FA-98FA-CD30E0E7986B} User: STAFF\pxabode Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: file:\\?\C:\Windows\System32\services.exe->731;file:\\?\C:\Windows\System32\services.exe->731 Alert Type: Spyware or other potentially unwanted software Action: Quarantine Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.
8/9/2012 3:55:05 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Scan ID: {F904D6C8-61ED-4B40-AB7F-E336DB39E0F1} User: STAFF\pxabode Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: file:\\?\C:\Windows\System32\services.exe->731;file:\\?\C:\Windows\System32\services.exe->731 Alert Type: Spyware or other potentially unwanted software Action: Quarantine Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.
8/9/2012 3:46:30 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Scan ID: {69CE7087-9EB8-453F-ABC1-9B088509D736} User: STAFF\pxabode Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: file:\\?\C:\Windows\System32\services.exe->731;file:\\?\C:\Windows\System32\services.exe->731 Alert Type: Spyware or other potentially unwanted software Action: Quarantine Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.
8/9/2012 3:08:51 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {1B69C02E-FD7E-4310-B03C-B7BD850F7493} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 2:53:58 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {44B1DD90-9B4E-4FCC-AD8C-E72974589414} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 2:39:15 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {D21D2B61-4FDE-40E1-B72C-ED4E8F9A8193} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 2:24:33 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {2D1EA1BD-B8A5-402D-B103-36E50E73500F} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/9/2012 2:09:40 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {129C35C1-9748-4C5C-B496-0038CB573293} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/16/2012 12:50:25 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {4AEACB9B-583F-48FC-B3B0-829F911EA2DE} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/16/2012 12:35:24 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {C6450D00-35D1-41BC-BB3C-053FCCC865E7} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/16/2012 12:20:36 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {0997739D-808C-46C8-8EDB-9F2B66D38A6E} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/16/2012 12:10:01 AM, Error: Service Control Manager [7001] -
8/16/2012 1:33:04 AM, Error: FcsSas [10013] - Microsoft Update opt-in completed with errors. The Forefront Client Security State Assessment Service (FcsSas) failed to register the computer with Microsoft Update. Error Code: 0x80070424 Possible courses of action include: -Ensure the Windows Update Agent service (wuauserv) is enabled. -Manually opt-in to Microsoft Update through Windows Update.
8/16/2012 1:30:04 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/16/2012 1:28:13 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
8/16/2012 1:28:03 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
8/16/2012 1:28:02 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain STAFF due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
8/16/2012 1:05:15 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {6B3028FA-46D8-4279-A17D-5620A2A3178A} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/16/2012 1:05:13 AM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Scan ID: {BA568A70-3F2E-4301-8F46-1C8BADC8AD23} User: STAFF\pxabode Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: file:\\?\C:\Windows\System32\services.exe->731;file:\\?\C:\Windows\System32\services.exe->731 Alert Type: Spyware or other potentially unwanted software Action: Quarantine Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.
8/15/2012 9:52:12 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {0883C6FE-84A7-490E-8888-F38AF7899085} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 9:34:41 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {01E8B0F0-0721-48FD-A1BB-BFED97BC4745} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 9:00:21 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {E52A2EF0-65E3-4C6D-848F-B7AB3C310DB7} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 8:30:47 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AO&threatid=2147658140 Scan ID: {DDA5B990-8E2C-466E-B720-A304A3772B62} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AO ID: 2147658140 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 8:30:47 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {DDA5B990-8E2C-466E-B720-A304A3772B62} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 11:13:00 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {598BB720-E0CC-4744-A821-C5A5544A326B} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 10:35:49 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {919A5A98-1F74-4F0D-93BF-D3556765B53F} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 10:08:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/15/2012 1:16:35 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {97ED4A3A-1C0B-43B5-A5E8-83CC62ACDF8F} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/15/2012 1:12:11 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/14/2012 7:09:40 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {26374255-55E3-45D8-9E09-F908EECB9C5A} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/11/2012 3:05:40 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AH&threatid=2147655284 Scan ID: {8B5D3A57-7188-47CC-A962-32AA325CD58A} User: STAFF\pxabode Name: Trojan:Win32/Sirefef.AH ID: 2147655284 Severity: Severe Category: Trojan Path: file:\\?\C:\Windows\System32\services.exe->731;file:\\?\C:\Windows\System32\services.exe->731 Alert Type: Spyware or other potentially unwanted software Action: Quarantine Error Code: 0x80508026 Error description: This program can't remove a potentially harmful item from the contents of an archived file. To remove the item, you need to delete the archive. For more information, search for removing spyware in Help and Support.
8/11/2012 3:05:19 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AN&threatid=2147657992 Scan ID: {2F4B711C-49C1-4828-87F8-256CCD2FDB55} User: STAFF\pxabode Name: Trojan:Win32/Sirefef.AN ID: 2147657992 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/11/2012 2:55:38 PM, Error: FCSAM [3006] - Microsoft Forefront Client Security Real-Time Protection agent has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Sirefef.AB&threatid=2147654467 Scan ID: {0227D2C0-0AC5-4B7D-85D2-22D0158D08E2} User: NT AUTHORITY\SYSTEM Name: Trojan:Win32/Sirefef.AB ID: 2147654467 Severity: Severe Category: Trojan Path: Alert Type: Spyware or other potentially unwanted software Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
8/11/2012 2:37:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/11/2012 2:18:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/11/2012 2:18:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/11/2012 2:18:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2012 2:17:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
.
==== End Of File ===========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:26 PM

Posted 16 August 2012 - 08:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 02:42 PM

Hi Gringo,

I cannot disable Microsoft forefront clent security. any other option?

#10 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 04:14 PM

Should I just remove forefront?

#11 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 August 2012 - 11:36 PM

Gringo, I want to thank you for the achievement so far. The machine does not shut down and attempt restart every couple of minutes anymore. ComboFix did not produce any log that I could copy. Everything disappears as it ComboFix runs, however I note the following:

Due to not being able to disable microsoft forefront, I removed the program and installed AVG instead which I was able to disable for 15 minutes Using instruction from TechSupport. After Combofix ran and I waited a while (without any capturable output, I did a full AVG scan. I got the following which I copied from the screen:

Threat detected
c:\windows\system32\services.exe
Trojan h-c.LYU
Detected on open
>>Ignore the threat
The identified file will remain in its current location on your disk
To ensure you are protected, Resident Shield will not allow you to access
files that are invited.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:26 PM

Posted 17 August 2012 - 03:15 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 18 August 2012 - 11:10 AM

Hi Gringo,

It appears my computer is malware free, but may be running a little slow. Here is the ComboFix report:

ComboFix 12-08-17.03 - pxabode 08/17/2012 20:23:05.2.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1919.1308 [GMT -7:00]
Running from: c:\users\pxabode\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\desktop
c:\windows\desktop\Shortcut to Pggp 4.0.lnk
c:\windows\system32\spool\prtprocs\w32x86\Xrpp_b.dll
D:\Autorun.inf
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))
.
.
2012-08-18 03:33 . 2012-08-18 03:58 -------- d-----w- c:\users\pxabode\AppData\Local\temp
2012-08-18 03:33 . 2012-08-18 03:33 -------- d-----w- c:\users\Startup\AppData\Local\temp
2012-08-18 03:33 . 2012-08-18 03:33 -------- d-----w- c:\users\eadewit\AppData\Local\temp
2012-08-18 03:33 . 2012-08-18 03:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 03:33 . 2012-08-18 03:33 -------- d-----w- c:\users\Default.bak\AppData\Local\temp
2012-08-18 03:32 . 2012-08-18 03:32 -------- d-----w- c:\users\iaelegb\AppData\Local\temp
2012-08-18 03:32 . 2012-08-18 03:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-18 02:34 . 2012-08-18 02:44 -------- d-----w- c:\program files\AVG Secure Search
2012-08-16 21:45 . 2012-08-16 21:45 -------- d-----w- c:\users\pxabode\AppData\Roaming\AVG2012
2012-08-16 21:41 . 2012-08-18 02:44 -------- d-----w- C:\$AVG
2012-08-16 21:39 . 2012-08-16 21:39 -------- d-----w- c:\program files\AVG
2012-08-16 21:33 . 2012-08-16 21:33 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-16 08:05 . 2012-08-16 08:05 -------- d--h--w- c:\windows\PIF
2012-08-16 06:11 . 2012-08-16 06:11 119808 ----a-r- c:\users\pxabode\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-08-16 06:11 . 2012-08-16 06:11 -------- d-----w- c:\users\pxabode\AppData\Local\Apps
2012-08-11 21:55 . 2012-08-11 21:55 43480 ----a-w- c:\windows\system32\drivers\vkqabaji.sys
2012-08-09 05:17 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 03:55 . 2010-01-27 16:36 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-08-18 03:55 . 2009-10-01 21:32 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-08-18 03:40 . 2010-01-27 16:37 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-08-16 05:25 . 2012-04-18 17:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 05:25 . 2011-06-24 23:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 08:16 . 2010-04-27 04:58 737072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll ERROR(0x00000005)
2012-07-30 08:16 . 2010-04-27 03:05 4283672 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll ERROR(0x00000005)
2012-07-30 08:16 . 2010-06-21 23:54 42776 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll ERROR(0x00000005)
2012-07-30 08:15 . 2010-04-27 03:05 539984 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll ERROR(0x00000005)
2012-06-24 00:08 . 2012-06-24 00:08 69632 ----a-r- c:\users\pxabode\AppData\Roaming\Microsoft\Installer\{DA94A899-F439-44D1-90B6-DB02A7341170}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2012-06-24 00:08 . 2012-06-24 00:08 413696 ----a-r- c:\users\pxabode\AppData\Roaming\Microsoft\Installer\{DA94A899-F439-44D1-90B6-DB02A7341170}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2012-06-24 00:08 . 2012-06-24 00:08 413696 ----a-r- c:\users\pxabode\AppData\Roaming\Microsoft\Installer\{DA94A899-F439-44D1-90B6-DB02A7341170}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2012-06-24 00:08 . 2012-06-24 00:08 413696 ----a-r- c:\users\pxabode\AppData\Roaming\Microsoft\Installer\{DA94A899-F439-44D1-90B6-DB02A7341170}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-11-02 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 04:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Livestation"="c:\program files\Livestation\Livestation.exe" [2010-06-25 4657152]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ChromeFrameHelper"="c:\users\pxabode\AppData\Local\Google\Chrome\Application\21.0.1180.79\chrome_frame_helper.exe" [2012-08-14 81432]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-05-15 5164120]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2008-10-22 1041704]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2008-10-22 2172200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-17 30192]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-03-25 81920]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-04 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-10-1 25214]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-10-22 9704744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpuz134;cpuz134;c:\users\pxabode\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ICDUSB3;ICDUSB3;c:\windows\system32\Drivers\ICDUSB3.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Anyplace Control Security;Anyplace Control Security;c:\programdata\Anyplace Control 4\svcadmin.exe [x]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MOM;MOM;c:\program files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 05:25]
.
2012-08-18 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-18 22:24]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 22:29]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 22:29]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3413334021-152096191-276171842-2901Core.job
- c:\users\pxabode\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 23:54]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3413334021-152096191-276171842-2901UA.job
- c:\users\pxabode\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-23 23:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fresnounified.org/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: fresnounified.org\dl
Trusted Zone: microsoft.com\oas.premier
Trusted Zone: microsoft.com\premier
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\pxabode\AppData\Roaming\Mozilla\Firefox\Profiles\c13j8jxe.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=8CB7CE4C-0881-48A1-845D-6B2F00889E49&apn_ptnrs=TV&apn_sauid=6CA957C2-53D2-4D85-B601-7BA33D2ED067&apn_dtid=OSJ000YYUS&&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe
HKCU-Run-Easy Dock - c:\users\pxabode\Documents\RCA easyRip\EZDock.exe
HKLM-Run-Easy Dock - (no file)
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3413334021-152096191-276171842-2901\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C42D2FD4-FFD5-4A4D-460F-7E3F5F6B6924}*]
"iadlkoaonafpciijaj"=hex:6a,61,65,61,6b,69,69,6e,65,68,63,67,69,70,66,66,6e,70,
67,69,00,fb
"hanmapbgbfiglfff"=hex:6a,61,65,61,6a,69,64,69,66,6e,6e,61,63,69,6d,63,65,68,
6f,6d,00,f7
"hagmglelklbfghhe"=hex:66,61,66,61,62,69,6a,6a,6c,62,68,6c,00,5d
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Maxtor\Utils\SyncServices.exe
c:\windows\System32\rpcnet.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\SMART Technologies\SMART Board Drivers\Aware.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SMART Technologies\SMART Board Drivers\Marker.exe
.
**************************************************************************
.
Completion time: 2012-08-17 21:05:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-18 04:05
.
Pre-Run: 9,169,543,168 bytes free
Post-Run: 11,483,312,128 bytes free
.
- - End Of File - - E32BE33AEFF06542CC5377249F5EAF41

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:26 PM

Posted 18 August 2012 - 12:46 PM

Greetings OmoAbode

I am glad we got combofix to run but I still want to run these next just to make sure all of the viri was removed,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 OmoAbode

OmoAbode
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 18 August 2012 - 10:52 PM

Hello Gringo,

I am not virus-free afterall. Below are the reports you requested:

TDSSKiller.txt

19:28:40.0569 7836 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
19:28:41.0235 7836 ============================================================
19:28:41.0235 7836 Current date / time: 2012/08/18 19:28:41.0235
19:28:41.0235 7836 SystemInfo:
19:28:41.0235 7836
19:28:41.0236 7836 OS Version: 6.1.7601 ServicePack: 1.0
19:28:41.0236 7836 Product type: Workstation
19:28:41.0236 7836 ComputerName: FUSD-1F298F61C9
19:28:41.0236 7836 UserName: pxabode
19:28:41.0236 7836 Windows directory: C:\Windows
19:28:41.0236 7836 System windows directory: C:\Windows
19:28:41.0236 7836 Processor architecture: Intel x86
19:28:41.0236 7836 Number of processors: 2
19:28:41.0236 7836 Page size: 0x1000
19:28:41.0236 7836 Boot type: Normal boot
19:28:41.0236 7836 ============================================================
19:28:43.0846 7836 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:28:43.0953 7836 ============================================================
19:28:43.0953 7836 \Device\Harddisk0\DR0:
19:28:43.0953 7836 MBR partitions:
19:28:43.0953 7836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7D1FEE8
19:28:43.0953 7836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7D1FF27, BlocksNum 0x17EE59A
19:28:43.0953 7836 ============================================================
19:28:43.0993 7836 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:44.0059 7836 D: <-> \Device\Harddisk0\DR0\Partition2
19:28:44.0171 7836 ============================================================
19:28:44.0171 7836 Initialize success
19:28:44.0171 7836 ============================================================
19:28:51.0287 7240 ============================================================
19:28:51.0287 7240 Scan started
19:28:51.0287 7240 Mode: Manual;
19:28:51.0287 7240 ============================================================
19:28:55.0545 7240 ================ Scan services =============================
19:28:56.0678 7240 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:28:56.0722 7240 1394ohci - ok
19:28:56.0801 7240 [ 5c41679e1a2e0830069e45d288fa8499 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:28:56.0804 7240 Accelerometer - ok
19:28:56.0943 7240 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:28:56.0995 7240 ACPI - ok
19:28:57.0081 7240 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:28:57.0105 7240 AcpiPmi - ok
19:28:57.0187 7240 [ 4897455c9ea1d28e4e0980da497c316d ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
19:28:57.0195 7240 ADIHdAudAddService - ok
19:28:57.0333 7240 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:28:57.0387 7240 AdobeARMservice - ok
19:28:57.0513 7240 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:28:57.0519 7240 AdobeFlashPlayerUpdateSvc - ok
19:28:57.0551 7240 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:28:57.0560 7240 adp94xx - ok
19:28:57.0588 7240 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:28:57.0594 7240 adpahci - ok
19:28:57.0608 7240 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:28:57.0615 7240 adpu320 - ok
19:28:57.0671 7240 [ 12d23758621b00b8d3134095ec3325fd ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
19:28:57.0673 7240 AEADIFilters - ok
19:28:57.0721 7240 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:28:57.0723 7240 AeLookupSvc - ok
19:28:57.0800 7240 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:28:57.0812 7240 AFD - ok
19:28:57.0882 7240 [ 7e10e3bb9b258ad8a9300f91214d67b9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
19:28:57.0903 7240 AgereSoftModem - ok
19:28:57.0948 7240 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
19:28:57.0951 7240 agp440 - ok
19:28:57.0983 7240 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:28:57.0987 7240 aic78xx - ok
19:28:58.0031 7240 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
19:28:58.0036 7240 ALG - ok
19:28:58.0060 7240 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:28:58.0072 7240 aliide - ok
19:28:58.0089 7240 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:28:58.0092 7240 amdagp - ok
19:28:58.0110 7240 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:28:58.0112 7240 amdide - ok
19:28:58.0152 7240 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:28:58.0156 7240 AmdK8 - ok
19:28:58.0208 7240 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:28:58.0212 7240 AmdPPM - ok
19:28:58.0271 7240 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:28:58.0275 7240 amdsata - ok
19:28:58.0313 7240 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:28:58.0324 7240 amdsbs - ok
19:28:58.0347 7240 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:28:58.0351 7240 amdxata - ok
19:28:58.0444 7240 Anyplace Control Security - ok
19:28:58.0494 7240 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
19:28:58.0497 7240 AppID - ok
19:28:58.0543 7240 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:28:58.0546 7240 AppIDSvc - ok
19:28:58.0603 7240 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
19:28:58.0605 7240 Appinfo - ok
19:28:58.0718 7240 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:28:58.0721 7240 Apple Mobile Device - ok
19:28:58.0762 7240 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
19:28:58.0767 7240 AppMgmt - ok
19:28:58.0814 7240 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:28:58.0817 7240 arc - ok
19:28:58.0827 7240 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:28:58.0836 7240 arcsas - ok
19:28:58.0933 7240 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:28:58.0965 7240 aspnet_state - ok
19:28:59.0005 7240 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:28:59.0010 7240 AsyncMac - ok
19:28:59.0056 7240 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
19:28:59.0057 7240 atapi - ok
19:28:59.0127 7240 [ 86acb6a60c50e99eb8e68710d5a12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:28:59.0144 7240 Ati External Event Utility - ok
19:28:59.0322 7240 [ 7db96c2801a78513bdc133c25d07929e ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:28:59.0459 7240 atikmdag - ok
19:28:59.0508 7240 [ 4aa1eb65481c392955939e735d27118b ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:28:59.0510 7240 AtiPcie - ok
19:28:59.0559 7240 [ 335e143fa963106021241947ab73ac50 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
19:28:59.0590 7240 ATSwpWDF - ok
19:28:59.0653 7240 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:28:59.0663 7240 AudioEndpointBuilder - ok
19:28:59.0677 7240 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:28:59.0683 7240 Audiosrv - ok
19:28:59.0949 7240 [ 6d440ff3f44ca72edfd6176c6d6a89c0 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:29:00.0132 7240 AVGIDSAgent - ok
19:29:00.0241 7240 [ f6878b90a8a9795116bce335238e65af ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:29:00.0249 7240 AVGIDSDriver - ok
19:29:00.0294 7240 [ 19a08a6728a6e02099d64268218cd799 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:29:00.0296 7240 AVGIDSEH - ok
19:29:00.0369 7240 [ f8927ab1dd086edeff2924a64dc89869 ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:29:00.0451 7240 AVGIDSFilter - ok
19:29:00.0484 7240 [ dadca567891033dcf2ec4a3f9da46ae4 ] AVGIDSShim C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:29:00.0487 7240 AVGIDSShim - ok
19:29:00.0541 7240 [ bf8118cd5e2255387b715b534d64acd1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
19:29:00.0547 7240 Avgldx86 - ok
19:29:00.0570 7240 [ 1c77ef67f196466adc9924cb288afe87 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
19:29:00.0573 7240 Avgmfx86 - ok
19:29:00.0621 7240 [ f2038ed7284b79dcef581468121192a9 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
19:29:00.0624 7240 Avgrkx86 - ok
19:29:00.0649 7240 [ a6d562b612216d8d02a35ebeb92366bd ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
19:29:00.0655 7240 Avgtdix - ok
19:29:00.0695 7240 [ 6699ece24fe4b3f752a66c66a602ee86 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:29:00.0700 7240 avgwd - ok
19:29:00.0751 7240 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:29:00.0755 7240 AxInstSV - ok
19:29:00.0814 7240 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:29:00.0824 7240 b06bdrv - ok
19:29:00.0864 7240 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:29:00.0869 7240 b57nd60x - ok
19:29:00.0940 7240 [ eb7c2dadf52f50f69f198c14c3556dc1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:29:00.0958 7240 BCM43XX - ok
19:29:00.0984 7240 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:29:00.0987 7240 BDESVC - ok
19:29:01.0052 7240 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:29:01.0054 7240 Beep - ok
19:29:01.0136 7240 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
19:29:01.0145 7240 BFE - ok
19:29:01.0286 7240 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:01.0307 7240 blbdrive - ok
19:29:01.0429 7240 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:29:01.0436 7240 Bonjour Service - ok
19:29:01.0489 7240 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:29:01.0492 7240 bowser - ok
19:29:01.0524 7240 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:01.0526 7240 BrFiltLo - ok
19:29:01.0544 7240 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:01.0546 7240 BrFiltUp - ok
19:29:01.0592 7240 [ 77361d72a04f18809d0efb6cceb74d4b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:29:01.0595 7240 BridgeMP - ok
19:29:01.0659 7240 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll
19:29:01.0662 7240 Browser - ok
19:29:01.0703 7240 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:29:01.0708 7240 Brserid - ok
19:29:01.0732 7240 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:01.0736 7240 BrSerWdm - ok
19:29:01.0760 7240 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:01.0762 7240 BrUsbMdm - ok
19:29:01.0792 7240 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:01.0795 7240 BrUsbSer - ok
19:29:01.0852 7240 [ 2865a5c8e98c70c605f417908cebb3a4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:29:01.0855 7240 BthEnum - ok
19:29:01.0864 7240 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:01.0868 7240 BTHMODEM - ok
19:29:01.0906 7240 [ ad1872e5829e8a2c3b5b4b641c3eab0e ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:29:01.0909 7240 BthPan - ok
19:29:01.0980 7240 [ c2fbf6d271d9a94d839c416bf186ead9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:29:01.0988 7240 BTHPORT - ok
19:29:02.0019 7240 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
19:29:02.0022 7240 bthserv - ok
19:29:02.0050 7240 [ c81e9413a25a439f436b1d4b6a0cf9e9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:29:02.0053 7240 BTHUSB - ok
19:29:02.0264 7240 catchme - ok
19:29:02.0300 7240 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:29:02.0304 7240 cdfs - ok
19:29:02.0349 7240 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:29:02.0353 7240 cdrom - ok
19:29:02.0394 7240 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
19:29:02.0398 7240 CertPropSvc - ok
19:29:02.0428 7240 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:29:02.0431 7240 circlass - ok
19:29:02.0497 7240 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
19:29:02.0501 7240 CLFS - ok
19:29:02.0554 7240 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:29:02.0559 7240 clr_optimization_v2.0.50727_32 - ok
19:29:02.0626 7240 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:29:02.0657 7240 clr_optimization_v4.0.30319_32 - ok
19:29:02.0700 7240 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:02.0703 7240 CmBatt - ok
19:29:02.0741 7240 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:29:02.0743 7240 cmdide - ok
19:29:02.0801 7240 [ 6427525d76f61d0c519b008d3680e8e7 ] CNG C:\Windows\system32\Drivers\cng.sys
19:29:02.0809 7240 CNG - ok
19:29:02.0875 7240 [ a94146208170d78906c93ee39cebdd9f ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:29:02.0878 7240 Com4QLBEx - ok
19:29:02.0903 7240 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:29:02.0905 7240 Compbatt - ok
19:29:02.0958 7240 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:29:02.0960 7240 CompositeBus - ok
19:29:02.0969 7240 COMSysApp - ok
19:29:02.0996 7240 cpuz134 - ok
19:29:03.0041 7240 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:03.0043 7240 crcdisk - ok
19:29:03.0106 7240 [ a585bebf7d054bd9618eda0922d5484a ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:29:03.0110 7240 CryptSvc - ok
19:29:03.0185 7240 [ 3c2177a897b4ca2788c6fb0c3fd81d4b ] CSC C:\Windows\system32\drivers\csc.sys
19:29:03.0198 7240 CSC - ok
19:29:03.0237 7240 [ 15f93b37f6801943360d9eb42485d5d3 ] CscService C:\Windows\System32\cscsvc.dll
19:29:03.0246 7240 CscService - ok
19:29:03.0306 7240 [ 7caaf4af453ef3582fef65dd72caa0aa ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:29:03.0308 7240 dc3d - ok
19:29:03.0375 7240 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
19:29:03.0385 7240 DcomLaunch - ok
19:29:03.0420 7240 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:29:03.0426 7240 defragsvc - ok
19:29:03.0492 7240 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:29:03.0495 7240 DfsC - ok
19:29:03.0560 7240 [ 73fc5bc52572084ec1241514cf6230a0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:29:03.0563 7240 dg_ssudbus - ok
19:29:03.0626 7240 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:29:03.0632 7240 Dhcp - ok
19:29:03.0666 7240 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
19:29:03.0669 7240 discache - ok
19:29:03.0683 7240 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:29:03.0686 7240 Disk - ok
19:29:03.0731 7240 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:29:03.0736 7240 Dnscache - ok
19:29:03.0782 7240 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:29:03.0788 7240 dot3svc - ok
19:29:03.0857 7240 [ b5e479eb83707dd698f66953e922042c ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:29:03.0861 7240 Dot4 - ok
19:29:03.0900 7240 [ caefd09b6a6249c53a67d55a9a9fcabf ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:29:03.0903 7240 Dot4Print - ok
19:29:03.0949 7240 [ cf491ff38d62143203c065260567e2f7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:29:03.0952 7240 dot4usb - ok
19:29:04.0010 7240 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
19:29:04.0014 7240 DPS - ok
19:29:04.0032 7240 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:29:04.0034 7240 drmkaud - ok
19:29:04.0090 7240 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:29:04.0103 7240 DXGKrnl - ok
19:29:04.0158 7240 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
19:29:04.0162 7240 EapHost - ok
19:29:04.0303 7240 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:29:04.0348 7240 ebdrv - ok
19:29:04.0424 7240 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
19:29:04.0428 7240 EFS - ok
19:29:04.0535 7240 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:29:04.0544 7240 ehRecvr - ok
19:29:04.0575 7240 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
19:29:04.0578 7240 ehSched - ok
19:29:04.0621 7240 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:29:04.0629 7240 elxstor - ok
19:29:04.0703 7240 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:29:04.0705 7240 ErrDev - ok
19:29:04.0781 7240 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
19:29:04.0787 7240 EventSystem - ok
19:29:04.0820 7240 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
19:29:04.0825 7240 exfat - ok
19:29:04.0856 7240 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:29:04.0860 7240 fastfat - ok
19:29:04.0924 7240 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
19:29:04.0934 7240 Fax - ok
19:29:05.0029 7240 [ d33c07955aa3972853117151a4a861fb ] FcsSas C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
19:29:05.0054 7240 FcsSas - ok
19:29:05.0105 7240 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:29:05.0108 7240 fdc - ok
19:29:05.0139 7240 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
19:29:05.0141 7240 fdPHost - ok
19:29:05.0167 7240 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
19:29:05.0171 7240 FDResPub - ok
19:29:05.0209 7240 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:29:05.0212 7240 FileInfo - ok
19:29:05.0240 7240 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:29:05.0242 7240 Filetrace - ok
19:29:05.0250 7240 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:05.0256 7240 flpydisk - ok
19:29:05.0277 7240 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:29:05.0282 7240 FltMgr - ok
19:29:05.0363 7240 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
19:29:05.0400 7240 FontCache - ok
19:29:05.0465 7240 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:29:05.0468 7240 FontCache3.0.0.0 - ok
19:29:05.0539 7240 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:29:05.0541 7240 FsDepends - ok
19:29:05.0603 7240 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:29:05.0605 7240 Fs_Rec - ok
19:29:05.0670 7240 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:29:05.0675 7240 fvevol - ok
19:29:05.0701 7240 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:05.0704 7240 gagp30kx - ok
19:29:05.0755 7240 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:29:05.0758 7240 GEARAspiWDM - ok
19:29:05.0865 7240 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
19:29:05.0867 7240 GoogleDesktopManager-051210-111108 - ok
19:29:05.0951 7240 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:29:05.0960 7240 gpsvc - ok
19:29:06.0017 7240 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:29:06.0020 7240 gupdate - ok
19:29:06.0039 7240 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:29:06.0041 7240 gupdatem - ok
19:29:06.0133 7240 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:29:06.0138 7240 gusvc - ok
19:29:06.0177 7240 [ de15777902a5d9121857d155873a1d1b ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
19:29:06.0180 7240 HBtnKey - ok
19:29:06.0218 7240 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:29:06.0233 7240 hcw85cir - ok
19:29:06.0283 7240 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:29:06.0291 7240 HdAudAddService - ok
19:29:06.0328 7240 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:29:06.0332 7240 HDAudBus - ok
19:29:06.0357 7240 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:06.0360 7240 HidBatt - ok
19:29:06.0381 7240 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:29:06.0385 7240 HidBth - ok
19:29:06.0417 7240 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:29:06.0419 7240 HidIr - ok
19:29:06.0452 7240 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll
19:29:06.0455 7240 hidserv - ok
19:29:06.0516 7240 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:29:06.0518 7240 HidUsb - ok
19:29:06.0566 7240 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:29:06.0571 7240 hkmsvc - ok
19:29:06.0618 7240 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:29:06.0624 7240 HomeGroupListener - ok
19:29:06.0681 7240 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:29:06.0687 7240 HomeGroupProvider - ok
19:29:06.0743 7240 [ cc2148a432c351b9b0d289cde198b530 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:29:06.0746 7240 hpdskflt - ok
19:29:06.0769 7240 [ 35956140e686d53bf676cf0c778880fc ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:29:06.0772 7240 HpqKbFiltr - ok
19:29:06.0813 7240 [ d50fdad1e57aa60f1973cfc77d905f0e ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:29:06.0816 7240 hpqwmiex - ok
19:29:06.0851 7240 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:29:06.0855 7240 HpSAMD - ok
19:29:06.0885 7240 [ b2994326b4b39e643ba52a86c60f8149 ] hpsrv C:\Windows\system32\Hpservice.exe
19:29:06.0889 7240 hpsrv - ok
19:29:06.0973 7240 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:29:06.0985 7240 HTTP - ok
19:29:07.0022 7240 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:29:07.0024 7240 hwpolicy - ok
19:29:07.0069 7240 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:29:07.0072 7240 i8042prt - ok
19:29:07.0147 7240 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:29:07.0154 7240 iaStorV - ok
19:29:07.0233 7240 [ 4b9f5768f6da1fd247198d91a07328d9 ] ICDUSB3 C:\Windows\system32\Drivers\ICDUSB3.sys
19:29:07.0236 7240 ICDUSB3 - ok
19:29:07.0324 7240 [ daf66902f08796f9c694901660e5a64a ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:29:07.0361 7240 IDriverT - ok
19:29:07.0455 7240 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:29:07.0468 7240 idsvc - ok
19:29:07.0521 7240 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:29:07.0524 7240 iirsp - ok
19:29:07.0575 7240 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:29:07.0586 7240 IKEEXT - ok
19:29:07.0647 7240 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:29:07.0649 7240 intelide - ok
19:29:07.0671 7240 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:29:07.0673 7240 intelppm - ok
19:29:07.0709 7240 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:29:07.0713 7240 IPBusEnum - ok
19:29:07.0744 7240 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:07.0747 7240 IpFilterDriver - ok
19:29:07.0834 7240 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:29:07.0844 7240 iphlpsvc - ok
19:29:07.0892 7240 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:29:07.0895 7240 IPMIDRV - ok
19:29:07.0930 7240 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:29:07.0933 7240 IPNAT - ok
19:29:07.0993 7240 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:29:08.0006 7240 iPod Service - ok
19:29:08.0027 7240 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:29:08.0030 7240 IRENUM - ok
19:29:08.0081 7240 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:29:08.0083 7240 isapnp - ok
19:29:08.0126 7240 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:29:08.0132 7240 iScsiPrt - ok
19:29:08.0177 7240 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:08.0180 7240 kbdclass - ok
19:29:08.0207 7240 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:08.0209 7240 kbdhid - ok
19:29:08.0224 7240 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
19:29:08.0228 7240 KeyIso - ok
19:29:08.0277 7240 [ f4647bb23db9038a7536cf6b68f4207f ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:29:08.0280 7240 KSecDD - ok
19:29:08.0297 7240 [ e73cae53bbb72ba26918492c6b4c229d ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:29:08.0301 7240 KSecPkg - ok
19:29:08.0357 7240 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
19:29:08.0365 7240 KtmRm - ok
19:29:08.0428 7240 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\System32\srvsvc.dll
19:29:08.0435 7240 LanmanServer - ok
19:29:08.0494 7240 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:29:08.0500 7240 LanmanWorkstation - ok
19:29:08.0544 7240 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:29:08.0546 7240 lltdio - ok
19:29:08.0586 7240 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:29:08.0592 7240 lltdsvc - ok
19:29:08.0630 7240 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
19:29:08.0636 7240 lmhosts - ok
19:29:08.0659 7240 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:08.0664 7240 LSI_FC - ok
19:29:08.0676 7240 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:08.0685 7240 LSI_SAS - ok
19:29:08.0700 7240 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:08.0707 7240 LSI_SAS2 - ok
19:29:08.0716 7240 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:08.0722 7240 LSI_SCSI - ok
19:29:08.0759 7240 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
19:29:08.0762 7240 luafv - ok
19:29:08.0855 7240 [ c53c86727678b4cdf974c880d27ee7bb ] MaxBackServiceInt C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
19:29:08.0893 7240 MaxBackServiceInt - ok
19:29:08.0941 7240 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:29:08.0948 7240 Mcx2Svc - ok
19:29:09.0018 7240 [ 7cf1b716372b89568ae4c0fe769f5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:29:09.0025 7240 MDM - ok
19:29:09.0054 7240 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:29:09.0057 7240 megasas - ok
19:29:09.0093 7240 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:09.0099 7240 MegaSR - ok
19:29:09.0171 7240 [ 7c4c76b39d5525c4a465e0be32528e19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:29:09.0174 7240 Microsoft Office Groove Audit Service - ok
19:29:09.0206 7240 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
19:29:09.0208 7240 MMCSS - ok
19:29:09.0230 7240 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:29:09.0234 7240 Modem - ok
19:29:09.0326 7240 [ f3c2e6441348a7fc20f21fe2f5eb28e6 ] MOM c:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
19:29:09.0348 7240 MOM - ok
19:29:09.0394 7240 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:29:09.0397 7240 monitor - ok
19:29:09.0445 7240 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:29:09.0449 7240 mouclass - ok
19:29:09.0466 7240 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:29:09.0468 7240 mouhid - ok
19:29:09.0518 7240 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:29:09.0521 7240 mountmgr - ok
19:29:09.0530 7240 MpFilter - ok
19:29:09.0564 7240 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:29:09.0568 7240 mpio - ok
19:29:09.0592 7240 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:29:09.0595 7240 mpsdrv - ok
19:29:09.0631 7240 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:29:09.0636 7240 MRxDAV - ok
19:29:09.0671 7240 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:09.0694 7240 mrxsmb - ok
19:29:09.0747 7240 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:09.0752 7240 mrxsmb10 - ok
19:29:09.0775 7240 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:09.0779 7240 mrxsmb20 - ok
19:29:09.0829 7240 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
19:29:09.0831 7240 msahci - ok
19:29:09.0870 7240 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:29:09.0874 7240 msdsm - ok
19:29:09.0905 7240 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
19:29:09.0914 7240 MSDTC - ok
19:29:09.0962 7240 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:29:09.0965 7240 Msfs - ok
19:29:09.0981 7240 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:29:09.0983 7240 mshidkmdf - ok
19:29:10.0033 7240 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:29:10.0035 7240 msisadrv - ok
19:29:10.0080 7240 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:29:10.0084 7240 MSiSCSI - ok
19:29:10.0094 7240 msiserver - ok
19:29:10.0124 7240 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:29:10.0126 7240 MSKSSRV - ok
19:29:10.0150 7240 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:10.0153 7240 MSPCLOCK - ok
19:29:10.0169 7240 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:29:10.0172 7240 MSPQM - ok
19:29:10.0204 7240 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:29:10.0209 7240 MsRPC - ok
19:29:10.0256 7240 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:29:10.0258 7240 mssmbios - ok
19:29:10.0296 7240 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:29:10.0299 7240 MSTEE - ok
19:29:10.0322 7240 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:10.0325 7240 MTConfig - ok
19:29:10.0352 7240 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:29:10.0355 7240 Mup - ok
19:29:10.0449 7240 [ c29f284ff7ab4ed38ce419a9424e52a2 ] MXOPSWD C:\Windows\system32\DRIVERS\mxopswd.sys
19:29:10.0457 7240 MXOPSWD - ok
19:29:10.0506 7240 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
19:29:10.0516 7240 napagent - ok
19:29:10.0559 7240 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:29:10.0565 7240 NativeWifiP - ok
19:29:10.0636 7240 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:29:10.0647 7240 NDIS - ok
19:29:10.0686 7240 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:10.0688 7240 NdisCap - ok
19:29:10.0728 7240 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:10.0731 7240 NdisTapi - ok
19:29:10.0784 7240 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:10.0787 7240 Ndisuio - ok
19:29:10.0813 7240 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:10.0818 7240 NdisWan - ok
19:29:10.0889 7240 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:29:10.0895 7240 NDProxy - ok
19:29:10.0955 7240 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:29:10.0958 7240 NetBIOS - ok
19:29:11.0019 7240 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:29:11.0026 7240 NetBT - ok
19:29:11.0069 7240 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
19:29:11.0072 7240 Netlogon - ok
19:29:11.0126 7240 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
19:29:11.0134 7240 Netman - ok
19:29:11.0189 7240 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:29:11.0213 7240 NetMsmqActivator - ok
19:29:11.0235 7240 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:29:11.0237 7240 NetPipeActivator - ok
19:29:11.0273 7240 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
19:29:11.0283 7240 netprofm - ok
19:29:11.0291 7240 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:29:11.0292 7240 NetTcpActivator - ok
19:29:11.0303 7240 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:29:11.0305 7240 NetTcpPortSharing - ok
19:29:11.0346 7240 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:11.0349 7240 nfrd960 - ok
19:29:11.0410 7240 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:29:11.0416 7240 NlaSvc - ok
19:29:11.0466 7240 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:29:11.0472 7240 Npfs - ok
19:29:11.0519 7240 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
19:29:11.0553 7240 nsi - ok
19:29:11.0582 7240 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:29:11.0583 7240 nsiproxy - ok
19:29:11.0681 7240 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:29:11.0701 7240 Ntfs - ok
19:29:11.0779 7240 [ f778606b1e8c0567b1fff5879ab38d8c ] NTService1 C:\Program Files\Maxtor\Utils\SyncServices.exe
19:29:11.0795 7240 NTService1 - ok
19:29:11.0893 7240 [ 37be10ff10a92031fc5a01e8363925cc ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
19:29:11.0895 7240 NuidFltr - ok
19:29:11.0943 7240 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
19:29:11.0946 7240 Null - ok
19:29:12.0000 7240 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:29:12.0003 7240 nvraid - ok
19:29:12.0028 7240 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:29:12.0033 7240 nvstor - ok
19:29:12.0082 7240 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:29:12.0086 7240 nv_agp - ok
19:29:12.0172 7240 [ 1f0e05dff4f5a833168e49be1256f002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:29:12.0180 7240 odserv - ok
19:29:12.0214 7240 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:29:12.0217 7240 ohci1394 - ok
19:29:12.0269 7240 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:29:12.0295 7240 ose - ok
19:29:12.0344 7240 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:29:12.0351 7240 p2pimsvc - ok
19:29:12.0377 7240 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:29:12.0386 7240 p2psvc - ok
19:29:12.0421 7240 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:29:12.0424 7240 Parport - ok
19:29:12.0477 7240 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:29:12.0479 7240 partmgr - ok
19:29:12.0510 7240 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:29:12.0513 7240 Parvdm - ok
19:29:12.0534 7240 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:29:12.0541 7240 PcaSvc - ok
19:29:12.0593 7240 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
19:29:12.0597 7240 pci - ok
19:29:12.0616 7240 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
19:29:12.0619 7240 pciide - ok
19:29:12.0641 7240 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:12.0646 7240 pcmcia - ok
19:29:12.0679 7240 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
19:29:12.0683 7240 pcw - ok
19:29:12.0749 7240 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:29:12.0758 7240 PEAUTH - ok
19:29:12.0816 7240 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:29:12.0833 7240 PeerDistSvc - ok
19:29:12.0943 7240 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
19:29:12.0967 7240 pla - ok
19:29:13.0006 7240 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:29:13.0015 7240 PlugPlay - ok
19:29:13.0065 7240 [ 379f7a0ec9fbe07629fd3f244d3e3e44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:29:13.0069 7240 Pml Driver HPZ12 - ok
19:29:13.0106 7240 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:29:13.0110 7240 PNRPAutoReg - ok
19:29:13.0156 7240 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:29:13.0162 7240 PNRPsvc - ok
19:29:13.0211 7240 [ 60a044879c4fa76314494f5fddc43b93 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
19:29:13.0214 7240 Point32 - ok
19:29:13.0278 7240 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:29:13.0286 7240 PolicyAgent - ok
19:29:13.0333 7240 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
19:29:13.0340 7240 Power - ok
19:29:13.0381 7240 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:29:13.0388 7240 PptpMiniport - ok
19:29:13.0418 7240 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:29:13.0421 7240 Processor - ok
19:29:13.0476 7240 [ 43ca4ccc22d52fb58e8988f0198851d0 ] ProfSvc C:\Windows\system32\profsvc.dll
19:29:13.0483 7240 ProfSvc - ok
19:29:13.0502 7240 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:29:13.0505 7240 ProtectedStorage - ok
19:29:13.0541 7240 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:29:13.0545 7240 Psched - ok
19:29:13.0603 7240 [ 5491e4e7d93804f43abe8ce3c39f5a86 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:29:13.0607 7240 PxHelp20 - ok
19:29:13.0666 7240 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:29:13.0689 7240 ql2300 - ok
19:29:13.0698 7240 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:13.0704 7240 ql40xx - ok
19:29:13.0745 7240 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
19:29:13.0752 7240 QWAVE - ok
19:29:13.0784 7240 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:29:13.0791 7240 QWAVEdrv - ok
19:29:13.0815 7240 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:29:13.0817 7240 RasAcd - ok
19:29:13.0844 7240 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:13.0847 7240 RasAgileVpn - ok
19:29:13.0875 7240 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
19:29:13.0881 7240 RasAuto - ok
19:29:13.0907 7240 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:13.0910 7240 Rasl2tp - ok
19:29:13.0969 7240 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
19:29:13.0979 7240 RasMan - ok
19:29:14.0008 7240 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:14.0012 7240 RasPppoe - ok
19:29:14.0070 7240 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:29:14.0073 7240 RasSstp - ok
19:29:14.0158 7240 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:29:14.0164 7240 rdbss - ok
19:29:14.0194 7240 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:14.0212 7240 rdpbus - ok
19:29:14.0266 7240 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:14.0269 7240 RDPCDD - ok
19:29:14.0331 7240 [ b973fcfc50dc1434e1970a146f7e3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:29:14.0335 7240 RDPDR - ok
19:29:14.0378 7240 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:29:14.0385 7240 RDPENCDD - ok
19:29:14.0416 7240 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:29:14.0419 7240 RDPREFMP - ok
19:29:14.0472 7240 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:29:14.0478 7240 RDPWD - ok
19:29:14.0538 7240 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:29:14.0542 7240 rdyboost - ok
19:29:14.0583 7240 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
19:29:14.0587 7240 RemoteAccess - ok
19:29:14.0635 7240 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:29:14.0641 7240 RemoteRegistry - ok
19:29:14.0691 7240 [ cb928d9e6daf51879dd6ba8d02f01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:29:14.0696 7240 RFCOMM - ok
19:29:14.0775 7240 [ 4f4a4c09cc5be58a76cac1c337e004e6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
19:29:14.0778 7240 RimUsb - ok
19:29:14.0853 7240 [ 3a5633ad615e2b15291bd0b1b97ccd8a ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
19:29:14.0856 7240 RimVSerPort - ok
19:29:14.0913 7240 [ 564297827d213f52c7a3a2ff749568ca ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
19:29:14.0916 7240 ROOTMODEM - ok
19:29:14.0958 7240 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:29:14.0963 7240 RpcEptMapper - ok
19:29:14.0997 7240 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
19:29:15.0000 7240 RpcLocator - ok
19:29:15.0045 7240 [ 3297445bb9fd3e8363e7559010ed2ae7 ] Rpcnet C:\Windows\System32\rpcnet.exe
19:29:15.0051 7240 Rpcnet - ok
19:29:15.0121 7240 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
19:29:15.0127 7240 RpcSs - ok
19:29:15.0155 7240 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:29:15.0158 7240 rspndr - ok
19:29:15.0244 7240 [ 7fa7f2e249a5dcbb7970630e15e1f482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:29:15.0247 7240 s3cap - ok
19:29:15.0291 7240 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
19:29:15.0294 7240 SamSs - ok
19:29:15.0348 7240 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:29:15.0352 7240 sbp2port - ok
19:29:15.0394 7240 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:29:15.0401 7240 SCardSvr - ok
19:29:15.0448 7240 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:29:15.0451 7240 scfilter - ok
19:29:15.0493 7240 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
19:29:15.0507 7240 Schedule - ok
19:29:15.0550 7240 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
19:29:15.0552 7240 SCPolicySvc - ok
19:29:15.0600 7240 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:29:15.0606 7240 SDRSVC - ok
19:29:15.0649 7240 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:29:15.0651 7240 secdrv - ok
19:29:15.0683 7240 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
19:29:15.0688 7240 seclogon - ok
19:29:15.0707 7240 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll
19:29:15.0711 7240 SENS - ok
19:29:15.0729 7240 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:29:15.0734 7240 SensrSvc - ok
19:29:15.0757 7240 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:29:15.0759 7240 Serenum - ok
19:29:15.0774 7240 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:29:15.0778 7240 Serial - ok
19:29:15.0820 7240 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:29:15.0823 7240 sermouse - ok
19:29:15.0885 7240 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:29:15.0891 7240 SessionEnv - ok
19:29:15.0930 7240 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:29:15.0933 7240 sffdisk - ok
19:29:15.0961 7240 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:29:15.0963 7240 sffp_mmc - ok
19:29:15.0986 7240 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:29:15.0989 7240 sffp_sd - ok
19:29:16.0018 7240 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:16.0022 7240 sfloppy - ok
19:29:16.0104 7240 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:29:16.0112 7240 SharedAccess - ok
19:29:16.0191 7240 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:29:16.0201 7240 ShellHWDetection - ok
19:29:16.0245 7240 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:29:16.0248 7240 sisagp - ok
19:29:16.0265 7240 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:16.0269 7240 SiSRaid2 - ok
19:29:16.0288 7240 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:16.0291 7240 SiSRaid4 - ok
19:29:16.0345 7240 [ 9d819137bbdee71f4241706acf80fbe1 ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
19:29:16.0347 7240 SMARTMouseFilterx86 - ok
19:29:16.0375 7240 [ 2d362731fac8440e9d3a43f5d1dae280 ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
19:29:16.0377 7240 SMARTVHidMini2000x86 - ok
19:29:16.0405 7240 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:29:16.0409 7240 Smb - ok
19:29:16.0467 7240 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:29:16.0472 7240 SNMPTRAP - ok
19:29:16.0486 7240 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:29:16.0492 7240 spldr - ok
19:29:16.0556 7240 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe
19:29:16.0566 7240 Spooler - ok
19:29:16.0703 7240 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:29:16.0749 7240 sppsvc - ok
19:29:16.0791 7240 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:29:16.0796 7240 sppuinotify - ok
19:29:16.0842 7240 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:29:16.0857 7240 srv - ok
19:29:16.0902 7240 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:29:16.0909 7240 srv2 - ok
19:29:16.0931 7240 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:29:16.0936 7240 srvnet - ok
19:29:16.0969 7240 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:29:16.0976 7240 SSDPSRV - ok
19:29:16.0994 7240 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:29:17.0001 7240 SstpSvc - ok
19:29:17.0083 7240 [ e3d493bfb7cd108ec50b2f560c96367c ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:29:17.0088 7240 ssudmdm - ok
19:29:17.0123 7240 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:29:17.0125 7240 stexstor - ok
19:29:17.0181 7240 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:29:17.0193 7240 StiSvc - ok
19:29:17.0240 7240 [ 472af0311073dceceaa8fa18ba2bdf89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:29:17.0243 7240 storflt - ok
19:29:17.0288 7240 [ 0bf669f0a910beda4a32258d363af2a5 ] StorSvc C:\Windows\system32\storsvc.dll
19:29:17.0292 7240 StorSvc - ok
19:29:17.0342 7240 [ dcaffd62259e0bdb433dd67b5bb37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:29:17.0345 7240 storvsc - ok
19:29:17.0388 7240 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:29:17.0390 7240 swenum - ok
19:29:17.0417 7240 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
19:29:17.0426 7240 swprv - ok
19:29:17.0465 7240 [ bf7aa84d5af0faa0978c840e63b17dbf ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:29:17.0470 7240 SynTP - ok
19:29:17.0563 7240 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
19:29:17.0583 7240 SysMain - ok
19:29:17.0619 7240 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:29:17.0625 7240 TabletInputService - ok
19:29:17.0675 7240 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
19:29:17.0684 7240 TapiSrv - ok
19:29:17.0718 7240 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
19:29:17.0722 7240 TBS - ok
19:29:17.0808 7240 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:29:17.0828 7240 Tcpip - ok
19:29:17.0861 7240 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:29:17.0873 7240 TCPIP6 - ok
19:29:17.0938 7240 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:29:17.0941 7240 tcpipreg - ok
19:29:17.0996 7240 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:29:17.0999 7240 TDPIPE - ok
19:29:18.0037 7240 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:29:18.0040 7240 TDTCP - ok
19:29:18.0072 7240 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:29:18.0076 7240 tdx - ok
19:29:18.0111 7240 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:29:18.0113 7240 TermDD - ok
19:29:18.0146 7240 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
19:29:18.0159 7240 TermService - ok
19:29:18.0197 7240 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
19:29:18.0202 7240 Themes - ok
19:29:18.0216 7240 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
19:29:18.0219 7240 THREADORDER - ok
19:29:18.0251 7240 [ 5ad05191dc8b444a7ba4d79b76c42a30 ] TPM C:\Windows\system32\drivers\tpm.sys
19:29:18.0254 7240 TPM - ok
19:29:18.0288 7240 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
19:29:18.0292 7240 TrkWks - ok
19:29:18.0374 7240 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:29:18.0378 7240 TrustedInstaller - ok
19:29:18.0435 7240 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:18.0438 7240 tssecsrv - ok
19:29:18.0489 7240 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:29:18.0492 7240 TsUsbFlt - ok
19:29:18.0559 7240 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:29:18.0563 7240 tunnel - ok
19:29:18.0602 7240 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:29:18.0605 7240 uagp35 - ok
19:29:18.0640 7240 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:29:18.0647 7240 udfs - ok
19:29:18.0698 7240 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:29:18.0704 7240 UI0Detect - ok
19:29:18.0727 7240 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:29:18.0730 7240 uliagpkx - ok
19:29:18.0787 7240 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\drivers\umbus.sys
19:29:18.0790 7240 umbus - ok
19:29:18.0814 7240 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:29:18.0817 7240 UmPass - ok
19:29:18.0861 7240 [ 409994a8eaceee4e328749c0353527a0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:29:18.0868 7240 UmRdpService - ok
19:29:18.0896 7240 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
19:29:18.0905 7240 upnphost - ok
19:29:18.0957 7240 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:29:18.0961 7240 USBAAPL - ok
19:29:19.0018 7240 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:19.0022 7240 usbccgp - ok
19:29:19.0057 7240 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:29:19.0060 7240 usbcir - ok
19:29:19.0130 7240 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:29:19.0133 7240 usbehci - ok
19:29:19.0170 7240 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:29:19.0176 7240 usbhub - ok
19:29:19.0199 7240 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:29:19.0202 7240 usbohci - ok
19:29:19.0232 7240 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:29:19.0235 7240 usbprint - ok
19:29:19.0273 7240 [ 576096ccbc07e7c4ea4f5e6686d6888f ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:29:19.0276 7240 usbscan - ok
19:29:19.0306 7240 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:19.0318 7240 USBSTOR - ok
19:29:19.0363 7240 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:29:19.0366 7240 usbuhci - ok
19:29:19.0413 7240 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
19:29:19.0417 7240 UxSms - ok
19:29:19.0436 7240 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
19:29:19.0439 7240 VaultSvc - ok
19:29:19.0457 7240 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:29:19.0459 7240 vdrvroot - ok
19:29:19.0519 7240 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
19:29:19.0533 7240 vds - ok
19:29:19.0566 7240 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:29:19.0568 7240 vga - ok
19:29:19.0587 7240 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:29:19.0590 7240 VgaSave - ok
19:29:19.0628 7240 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:29:19.0633 7240 vhdmp - ok
19:29:19.0662 7240 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:29:19.0665 7240 viaagp - ok
19:29:19.0686 7240 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:29:19.0690 7240 ViaC7 - ok
19:29:19.0739 7240 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
19:29:19.0742 7240 viaide - ok
19:29:19.0812 7240 [ c2f2911156fdc7817c52829c86da494e ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:29:19.0817 7240 vmbus - ok
19:29:19.0863 7240 [ d4d77455211e204f370d08f4963063ce ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:29:19.0866 7240 VMBusHID - ok
19:29:19.0915 7240 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:29:19.0917 7240 volmgr - ok
19:29:19.0959 7240 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:29:19.0966 7240 volmgrx - ok
19:29:20.0011 7240 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:29:20.0017 7240 volsnap - ok
19:29:20.0059 7240 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:29:20.0064 7240 vsmraid - ok
19:29:20.0149 7240 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
19:29:20.0167 7240 VSS - ok
19:29:20.0278 7240 [ 49099f62da09c819ecc69e9d9267d3ac ] vToolbarUpdater C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
19:29:20.0291 7240 vToolbarUpdater - ok
19:29:20.0323 7240 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:29:20.0325 7240 vwifibus - ok
19:29:20.0353 7240 [ 7090d3436eeb4e7da3373090a23448f7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:29:20.0356 7240 vwififlt - ok
19:29:20.0386 7240 [ a3f04cbea6c2a10e6cb01f8b47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:29:20.0389 7240 vwifimp - ok
19:29:20.0439 7240 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
19:29:20.0448 7240 W32Time - ok
19:29:20.0474 7240 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:29:20.0478 7240 WacomPen - ok
19:29:20.0529 7240 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:29:20.0533 7240 WANARP - ok
19:29:20.0539 7240 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:29:20.0541 7240 Wanarpv6 - ok
19:29:20.0652 7240 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:29:20.0672 7240 WatAdminSvc - ok
19:29:20.0750 7240 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
19:29:20.0771 7240 wbengine - ok
19:29:20.0826 7240 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:29:20.0833 7240 WbioSrvc - ok
19:29:20.0894 7240 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:29:20.0904 7240 wcncsvc - ok
19:29:20.0925 7240 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:29:20.0931 7240 WcsPlugInService - ok
19:29:20.0970 7240 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:29:20.0972 7240 Wd - ok
19:29:21.0011 7240 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:29:21.0020 7240 Wdf01000 - ok
19:29:21.0052 7240 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:29:21.0058 7240 WdiServiceHost - ok
19:29:21.0065 7240 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:29:21.0070 7240 WdiSystemHost - ok
19:29:21.0121 7240 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
19:29:21.0127 7240 WebClient - ok
19:29:21.0159 7240 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:29:21.0166 7240 Wecsvc - ok
19:29:21.0181 7240 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:29:21.0187 7240 wercplsupport - ok
19:29:21.0211 7240 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:29:21.0217 7240 WerSvc - ok
19:29:21.0255 7240 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:29:21.0257 7240 WfpLwf - ok
19:29:21.0279 7240 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:29:21.0282 7240 WIMMount - ok
19:29:21.0389 7240 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:29:21.0402 7240 WinDefend - ok
19:29:21.0425 7240 WinHttpAutoProxySvc - ok
19:29:21.0504 7240 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:29:21.0508 7240 Winmgmt - ok
19:29:21.0608 7240 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
19:29:21.0637 7240 WinRM - ok
19:29:21.0787 7240 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:29:21.0789 7240 WinUsb - ok
19:29:21.0856 7240 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:29:21.0872 7240 Wlansvc - ok
19:29:21.0930 7240 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:29:21.0933 7240 WmiAcpi - ok
19:29:21.0962 7240 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:29:21.0966 7240 wmiApSrv - ok
19:29:22.0063 7240 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:29:22.0079 7240 WMPNetworkSvc - ok
19:29:22.0117 7240 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:29:22.0123 7240 WPCSvc - ok
19:29:22.0183 7240 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:29:22.0189 7240 WPDBusEnum - ok
19:29:22.0221 7240 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:29:22.0224 7240 ws2ifsl - ok
19:29:22.0262 7240 [ 6f5d49efe0e7164e03ae773a3fe25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:29:22.0269 7240 wscsvc - ok
19:29:22.0278 7240 WSearch - ok
19:29:22.0392 7240 [ 3026418a50c5b4761befa632cedb7406 ] wuauserv C:\Windows\system32\wuaueng.dll
19:29:22.0421 7240 wuauserv - ok
19:29:22.0482 7240 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:29:22.0486 7240 WudfPf - ok
19:29:22.0535 7240 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:29:22.0540 7240 WUDFRd - ok
19:29:22.0583 7240 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:29:22.0589 7240 wudfsvc - ok
19:29:22.0634 7240 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:29:22.0641 7240 WwanSvc - ok
19:29:22.0743 7240 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:29:22.0752 7240 YahooAUService - ok
19:29:22.0830 7240 ================ Scan global ===============================
19:29:22.0959 7240 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
19:29:23.0005 7240 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
19:29:23.0021 7240 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
19:29:23.0053 7240 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
19:29:23.0082 7240 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
19:29:23.0088 7240 [Global] - ok
19:29:23.0089 7240 ================ Scan MBR ==================================
19:29:23.0104 7240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:29:23.0346 7240 \Device\Harddisk0\DR0 - ok
19:29:23.0346 7240 ================ Scan VBR ==================================
19:29:23.0351 7240 Boot (0x1200) (2af2bb94891fa71d7ea41dc39e8c6ab0) \Device\Harddisk0\DR0\Partition1
19:29:23.0353 7240 \Device\Harddisk0\DR0\Partition1 - ok
19:29:23.0382 7240 Boot (0x1200) (76b0479ff11ec1f1c8dc7c9aae724e75) \Device\Harddisk0\DR0\Partition2
19:29:23.0384 7240 \Device\Harddisk0\DR0\Partition2 - ok
19:29:23.0385 7240 ============================================================
19:29:23.0385 7240 Scan finished
19:29:23.0385 7240 ============================================================
19:29:23.0406 7056 Detected object count: 0
19:29:23.0406 7056 Actual detected object count: 0

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-18 19:42:44
-----------------------------
19:42:44.331 OS Version: Windows 6.1.7601 Service Pack 1
19:42:44.331 Number of processors: 2 586 0x6802
19:42:44.333 ComputerName: FUSD-1F298F61C9 UserName: pxabode
19:43:07.366 Initialize success
19:44:53.638 AVAST engine defs: 12081801
19:45:09.746 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:45:09.751 Disk 0 Vendor: TOSHIBA_MK8046GSX LB314C Size: 76319MB BusType: 3
19:45:09.774 Disk 0 MBR read successfully
19:45:09.778 Disk 0 MBR scan
19:45:09.789 Disk 0 Windows 7 default MBR code
19:45:09.794 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 64063 MB offset 63
19:45:09.830 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12252 MB offset 131202855
19:45:09.842 Disk 0 scanning sectors +156296385
19:45:09.939 Disk 0 scanning C:\Windows\system32\drivers
19:45:25.660 Service scanning
19:46:07.477 Modules scanning
19:46:18.034 Disk 0 trace - called modules:
19:46:18.053 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys atikmdag.sys dxgmms1.sys
19:46:18.063 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86370030]
19:46:18.072 3 CLASSPNP.SYS[891af59e] -> nt!IofCallDriver -> [0x8636a8d0]
19:46:18.081 5 hpdskflt.sys[8940a090] -> nt!IofCallDriver -> [0x863778d8]
19:46:18.091 7 ACPI.sys[83bb73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86363030]
19:46:18.636 AVAST engine scan C:\Windows
19:46:24.300 AVAST engine scan C:\Windows\system32
19:50:06.356 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
19:52:01.281 AVAST engine scan C:\Windows\system32\drivers
19:52:25.994 AVAST engine scan C:\Users\pxabode
20:07:03.902 AVAST engine scan C:\ProgramData
20:17:35.599 Scan finished successfully
20:46:55.172 Disk 0 MBR has been saved successfully to "C:\Users\pxabode\Desktop\MBR.dat"
20:46:55.187 The log file has been saved successfully to "C:\Users\pxabode\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users