Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with virus.win32.sirefef.r (v)


  • This topic is locked This topic is locked
14 replies to this topic

#1 egydos

egydos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 26 July 2012 - 04:46 AM

vipre antivirus found infected services.exe with a virus, need help to clean this file

Attached Files


Edited by egydos, 26 July 2012 - 04:50 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 27 July 2012 - 01:46 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 egydos

egydos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 27 July 2012 - 05:22 AM

checkup results


Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Sunbelt VIPRE
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




dds results

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Egis at 11:06:55 on 2012-07-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3037.2077 [GMT 1:00]
.
AV: Sunbelt VIPRE *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Egis\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\mIRC\mirc.exe
C:\Users\Egis\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Egis\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\Egis\Desktop\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=3012_6&babsrc=HP_ss&mntrId=aeb6b64b00000000000020cf306ab1db
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Akamai NetSession Interface] "c:\users\egis\appdata\local\akamai\netsession_win.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SBAMTray] "c:\program files\sunbelt software\vipre\SBAMTray.exe"
StartupFolder: c:\users\egis\appdata\roaming\micros~1\windows\startm~1\programs\startup\mirc.lnk - c:\program files\mirc\mirc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9DDC46EF-D783-429C-9ADF-21DA6390C331} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\egis\appdata\roaming\mozilla\firefox\profiles\ivuwu29v.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=3012_6&babsrc=KW_ss&mntrId=aeb6b64b00000000000020cf306ab1db&q=
FF - component: c:\users\egis\appdata\roaming\mozilla\firefox\profiles\ivuwu29v.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar_i.hardId - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar.instlDay - 15547
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.12:08:17
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-6-16 11448]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-7-17 220760]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-7-17 78936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-6-14 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-7-17 68696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-19 116648]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2010-8-20 2763080]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-16 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-19 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-16 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-5-16 15872]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-7-17 68696]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-7-17 94040]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-5-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-16 1343400]
.
=============== Created Last 30 ================
.
2012-07-26 10:52:06 -------- d-----w- C:\FRST
2012-07-26 01:07:24 -------- d-----w- c:\users\egis\appdata\roaming\YourFileDownloader
2012-07-26 01:00:20 -------- d-----w- c:\programdata\RegRun
2012-07-26 00:59:53 2 --shatr- c:\windows\winstart.bat
2012-07-26 00:59:44 -------- d-----w- c:\program files\UnHackMe
2012-07-26 00:25:33 -------- d-----w- c:\program files\1ClickDownload
2012-07-26 00:14:55 -------- d-----w- c:\program files\Enigma Software Group
2012-07-26 00:14:36 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-26 00:14:34 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-25 22:43:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 22:16:31 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2012-07-25 22:16:31 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-07-25 22:01:41 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-07-25 22:01:03 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-25 21:56:00 -------- d-----w- c:\programdata\PLAV
2012-07-25 21:55:34 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-25 21:55:33 -------- d-----w- c:\program files\ParetoLogic
2012-07-25 03:59:53 -------- d-----w- c:\users\egis\appdata\local\Aeria Games
2012-07-25 03:59:26 -------- d-----w- c:\programdata\Aeria Games
2012-07-25 03:53:53 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-25 02:07:51 -------- d-----w- c:\users\egis\appdata\local\Akamai
2012-07-24 07:59:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-24 05:56:03 427520 ----a-w- c:\users\egis\appdata\roaming\iprenr.dll
2012-07-22 21:44:43 -------- d-----w- c:\users\egis\appdata\roaming\ApexDC++
2012-07-22 21:44:43 -------- d-----w- c:\users\egis\appdata\local\ApexDC++
2012-07-17 18:10:48 -------- d-----w- c:\users\egis\appdata\roaming\Sunbelt
2012-07-17 18:10:32 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-17 18:10:31 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-07-17 18:10:25 68696 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-17 18:10:25 220760 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-17 18:10:22 -------- d-----w- c:\program files\Sunbelt Software
2012-07-16 21:55:24 -------- d-----w- c:\programdata\AVS4YOU
2012-07-16 21:55:18 -------- d-----w- c:\users\egis\appdata\roaming\AVS4YOU
2012-07-16 21:53:32 -------- d-----w- c:\program files\common files\AVSMedia
2012-07-16 21:53:31 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-07-16 21:53:31 -------- d-----w- c:\program files\AVS4YOU
2012-07-16 21:39:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 21:37:53 -------- d-----w- c:\program files\Yahoo!
2012-07-16 21:22:53 -------- d-----w- c:\users\egis\appdata\local\Halvar Information
2012-07-16 21:22:25 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-16 21:22:25 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-16 21:22:22 -------- d-----w- c:\program files\hMailServer
2012-07-01 00:47:20 -------- d-----w- c:\users\egis\appdata\local\ElevatedDiagnostics
2012-06-28 05:39:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 05:30:03 -------- d-----w- c:\program files\SystemRequirementsLab
.
==================== Find3M ====================
.
2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-20 08:44:48 152576 ----a-w- c:\windows\system32\msclmd.dll
.
============= FINISH: 11:07:29.49 ===============



attach results

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 16-May-2012 2:05:20 AM
System Uptime: 27-Jul-2012 8:02:45 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K50IJ
Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | Socket 478 | 2094/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 97.289 GiB free.
D: is FIXED (NTFS) - 330 GiB total, 22.184 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
Akamai NetSession Interface
Alkonas v1.0
ASUSUpdate
AVS Audio Editor 7.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
DAEMON Tools Toolbar
DJ_AIO_06_F2400_SW_Min
Google Earth Plug-in
Google Update Helper
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
K-Lite Codec Pack 5.8.3 (Full)
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Professional Edition 2003
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Scan
Skype™ 5.8
System Requirements Lab for Intel
TapinRadio 1.57.3
Toolbox
VIPRE Antivirus Premium
VLC media player 2.0.1
Winamp
Winamp Detector Plug-in
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
27-Jul-2012 10:09:01 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
27-Jul-2012 10:09:01 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
26-Jul-2012 8:03:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
26-Jul-2012 3:44:21 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x87006530, 0x8700669c, 0x82c5edf0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-10935-01.
26-Jul-2012 2:36:50 AM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
26-Jul-2012 2:04:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv SBRE
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26-Jul-2012 1:00:54 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7024] - The Remote Procedure Call (RPC) service terminated with service-specific error Access is denied..
26-Jul-2012 1:00:53 AM, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error %%-1073741670.
25-Jul-2012 11:20:26 PM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 2 time(s).
25-Jul-2012 11:19:49 PM, Error: Service Control Manager [7034] - The PLAVService service terminated unexpectedly. It has done this 1 time(s).
25-Jul-2012 11:15:19 PM, Error: Service Control Manager [7034] - The VIPRE Antivirus Premium service terminated unexpectedly. It has done this 1 time(s).
25-Jul-2012 11:01:41 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25-Jul-2012 10:54:43 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
25-Jul-2012 10:39:03 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
25-Jul-2012 10:22:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
25-Jul-2012 10:22:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25-Jul-2012 10:22:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25-Jul-2012 10:22:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25-Jul-2012 10:22:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25-Jul-2012 10:22:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO discache spldr sptd Wanarpv6
25-Jul-2012 10:22:27 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
24-Jul-2012 8:37:32 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
24-Jul-2012 7:00:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VIPRE Antivirus Premium service to connect.
24-Jul-2012 7:00:05 AM, Error: Service Control Manager [7000] - The VIPRE Antivirus Premium service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24-Jul-2012 7:00:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}
24-Jul-2012 6:57:49 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: Access is denied.
24-Jul-2012 6:57:39 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
24-Jul-2012 6:57:17 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
24-Jul-2012 6:57:09 AM, Error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
24-Jul-2012 6:57:08 AM, Error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
24-Jul-2012 6:57:08 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
20-Jul-2012 3:07:31 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 27 July 2012 - 02:10 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 egydos

egydos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 28 July 2012 - 05:39 AM

ComboFix 12-07-27.03 - Egis 8-Jul-2012 11:27:09.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3037.2279 [GMT 1:00]
Running from: c:\users\Egis\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Egis\AppData\Roaming\iprenr.dll
c:\users\Egis\AppData\Roaming\mIRC\logs\status.log
c:\windows\Installer\{a6f25279-d42d-69ee-8e91-c6c455d0738c}\U\00000001.@
c:\windows\Installer\{a6f25279-d42d-69ee-8e91-c6c455d0738c}\U\80000000.@
c:\windows\Installer\{a6f25279-d42d-69ee-8e91-c6c455d0738c}\virus
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 10:31 . 2012-07-28 10:32 -------- d-----w- c:\users\Egis\AppData\Local\temp
2012-07-26 10:52 . 2012-07-26 10:52 -------- d-----w- C:\FRST
2012-07-26 01:07 . 2012-07-26 01:07 -------- d-----w- c:\users\Egis\AppData\Roaming\YourFileDownloader
2012-07-26 01:00 . 2012-07-26 01:54 -------- d-----w- c:\programdata\RegRun
2012-07-26 00:59 . 2012-07-26 00:59 2 --shatr- c:\windows\winstart.bat
2012-07-26 00:59 . 2012-07-26 01:55 -------- d-----w- c:\program files\UnHackMe
2012-07-26 00:25 . 2012-07-26 01:14 -------- d-----w- c:\program files\1ClickDownload
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files\Enigma Software Group
2012-07-26 00:14 . 2012-07-26 01:18 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-25 22:43 . 2012-07-25 22:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-25 22:16 . 2012-07-25 22:16 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2012-07-25 22:16 . 2012-07-25 22:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-07-25 22:01 . 2012-07-26 09:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-07-25 22:01 . 2012-07-25 22:01 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-25 21:56 . 2012-07-25 22:25 -------- d-----w- c:\programdata\PLAV
2012-07-25 21:55 . 2012-07-25 21:55 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-25 21:55 . 2012-07-25 22:45 -------- d-----w- c:\program files\ParetoLogic
2012-07-25 03:59 . 2012-07-25 03:59 -------- d-----w- c:\users\Egis\AppData\Local\Aeria Games
2012-07-25 03:59 . 2012-07-25 22:21 -------- d-----w- c:\programdata\Aeria Games
2012-07-25 03:53 . 2012-07-25 22:21 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-25 02:07 . 2012-07-25 02:08 -------- d-----w- c:\users\Egis\AppData\Local\Akamai
2012-07-24 07:59 . 2012-07-24 07:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-22 21:44 . 2012-07-22 21:50 -------- d-----w- c:\users\Egis\AppData\Roaming\ApexDC++
2012-07-22 21:44 . 2012-07-22 21:50 -------- d-----w- c:\users\Egis\AppData\Local\ApexDC++
2012-07-16 21:55 . 2012-07-16 21:55 -------- d-----w- c:\programdata\AVS4YOU
2012-07-16 21:55 . 2012-07-16 21:55 -------- d-----w- c:\users\Egis\AppData\Roaming\AVS4YOU
2012-07-16 21:53 . 2012-07-16 21:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-07-16 21:53 . 2012-07-16 21:53 -------- d-----w- c:\program files\AVS4YOU
2012-07-16 21:53 . 2010-07-08 19:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-07-16 21:39 . 2012-07-28 08:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 21:39 . 2012-07-18 21:47 -------- d-----w- c:\programdata\Yahoo!
2012-07-16 21:37 . 2012-07-19 14:24 -------- d-----w- c:\program files\Yahoo!
2012-07-16 21:22 . 2012-07-16 21:22 -------- d-----w- c:\users\Egis\AppData\Local\Halvar Information
2012-07-16 21:22 . 2012-07-16 21:22 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-16 21:22 . 2012-07-16 21:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-16 21:22 . 2012-07-17 18:09 -------- d-----w- c:\program files\hMailServer
2012-07-01 00:47 . 2012-07-01 00:47 -------- d-----w- c:\users\Egis\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 08:11 . 2012-06-28 05:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 12:46 . 2012-05-16 19:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-20 08:44 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 06:01 . 2012-05-17 06:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-17 06:01 . 2012-05-17 06:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-17 06:01 . 2012-05-17 06:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-17 06:01 . 2012-05-17 06:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-17 06:01 . 2012-05-17 06:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-17 06:01 . 2012-05-17 06:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-17 06:01 . 2012-05-17 06:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-17 06:01 . 2012-05-17 06:01 367104 ----a-w- c:\windows\system32\html.iec
2012-05-17 06:01 . 2012-05-17 06:01 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-17 06:01 . 2012-05-17 06:01 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-17 06:01 . 2012-05-17 06:01 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-17 06:01 . 2012-05-17 06:01 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-17 06:01 . 2012-05-17 06:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-17 06:01 . 2012-05-17 06:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 06:01 . 2012-05-17 06:01 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-17 06:01 . 2012-05-17 06:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-17 06:01 . 2012-05-17 06:01 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-15 08:43 . 2012-06-10 16:28 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E329CC0-DFD7-45D3-9711-31805A281AE0}\mpengine.dll
2012-06-19 03:05 . 2012-05-16 05:57 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Egis\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
.
c:\users\Egis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mIRC.lnk - c:\program files\mIRC\mirc.exe [2012-5-17 1087070]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 08:11]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-19 04:57]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-19 04:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=3012_6&babsrc=HP_ss&mntrId=aeb6b64b00000000000020cf306ab1db
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Egis\AppData\Roaming\Mozilla\Firefox\Profiles\ivuwu29v.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=3012_6&babsrc=KW_ss&mntrId=aeb6b64b00000000000020cf306ab1db&q=
FF - user.js: extensions.BabylonToolbar_i.id - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar_i.hardId - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar.instlDay - 15547
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.12:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-43936698.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-28 11:35:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 10:35
.
Pre-Run: 104,631,861,248 bytes free
Post-Run: 104,593,256,448 bytes free
.
- - End Of File - - 4A35127D495405967798E168F8B771D4

Attached Files

  • Attached File  log.txt   13.16KB   0 downloads


#6 egydos

egydos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 28 July 2012 - 08:01 AM

no more virus, ty for help

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 28 July 2012 - 12:05 PM

Hello


we are not done yet so do not leave.



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 30 July 2012 - 11:25 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 egydos

egydos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 31 July 2012 - 03:51 AM

09:15:04.0024 2920 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:15:04.0249 2920 ============================================================
09:15:04.0249 2920 Current date / time: 2012/07/31 09:15:04.0248
09:15:04.0249 2920 SystemInfo:
09:15:04.0249 2920
09:15:04.0249 2920 OS Version: 6.1.7601 ServicePack: 1.0
09:15:04.0249 2920 Product type: Workstation
09:15:04.0249 2920 ComputerName: EGIS-PC
09:15:04.0249 2920 UserName: Egis
09:15:04.0249 2920 Windows directory: C:\Windows
09:15:04.0249 2920 System windows directory: C:\Windows
09:15:04.0249 2920 Processor architecture: Intel x86
09:15:04.0249 2920 Number of processors: 2
09:15:04.0249 2920 Page size: 0x1000
09:15:04.0249 2920 Boot type: Normal boot
09:15:04.0249 2920 ============================================================
09:15:05.0374 2920 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:15:05.0376 2920 ============================================================
09:15:05.0376 2920 \Device\Harddisk0\DR0:
09:15:05.0377 2920 MBR partitions:
09:15:05.0377 2920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2743800, BlocksNum 0xE8AE000
09:15:05.0394 2920 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10FF2000, BlocksNum 0x29393800
09:15:05.0394 2920 ============================================================
09:15:05.0428 2920 C: <-> \Device\Harddisk0\DR0\Partition0
09:15:05.0458 2920 D: <-> \Device\Harddisk0\DR0\Partition1
09:15:05.0458 2920 ============================================================
09:15:05.0458 2920 Initialize success
09:15:05.0458 2920 ============================================================
09:15:12.0785 1088 ============================================================
09:15:12.0785 1088 Scan started
09:15:12.0785 1088 Mode: Manual;
09:15:12.0785 1088 ============================================================
09:15:13.0498 1088 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:15:13.0514 1088 1394ohci - ok
09:15:13.0571 1088 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:15:13.0575 1088 ACPI - ok
09:15:13.0625 1088 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:15:13.0629 1088 AcpiPmi - ok
09:15:13.0699 1088 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:15:13.0740 1088 adp94xx - ok
09:15:13.0772 1088 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:15:13.0780 1088 adpahci - ok
09:15:13.0805 1088 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:15:13.0822 1088 adpu320 - ok
09:15:13.0857 1088 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:15:13.0858 1088 AeLookupSvc - ok
09:15:13.0912 1088 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:15:13.0944 1088 AFD - ok
09:15:13.0980 1088 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:15:13.0984 1088 agp440 - ok
09:15:14.0012 1088 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:15:14.0025 1088 aic78xx - ok
09:15:14.0078 1088 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:15:14.0094 1088 ALG - ok
09:15:14.0142 1088 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:15:14.0158 1088 aliide - ok
09:15:14.0193 1088 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:15:14.0207 1088 amdagp - ok
09:15:14.0220 1088 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:15:14.0236 1088 amdide - ok
09:15:14.0270 1088 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:15:14.0285 1088 AmdK8 - ok
09:15:14.0309 1088 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:15:14.0318 1088 AmdPPM - ok
09:15:14.0353 1088 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:15:14.0358 1088 amdsata - ok
09:15:14.0376 1088 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:15:14.0388 1088 amdsbs - ok
09:15:14.0403 1088 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:15:14.0416 1088 amdxata - ok
09:15:14.0458 1088 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:15:14.0471 1088 AppID - ok
09:15:14.0518 1088 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:15:14.0534 1088 AppIDSvc - ok
09:15:14.0586 1088 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:15:14.0587 1088 Appinfo - ok
09:15:14.0622 1088 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
09:15:14.0628 1088 AppMgmt - ok
09:15:14.0669 1088 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:15:14.0681 1088 arc - ok
09:15:14.0695 1088 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:15:14.0711 1088 arcsas - ok
09:15:14.0770 1088 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\Windows\system32\drivers\AsIO.sys
09:15:14.0783 1088 AsIO - ok
09:15:14.0816 1088 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys
09:15:14.0828 1088 AsUpIO - ok
09:15:14.0858 1088 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:15:14.0874 1088 AsyncMac - ok
09:15:14.0914 1088 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:15:14.0915 1088 atapi - ok
09:15:15.0039 1088 athr (31cb2740bfdbac1e48e2b7ead38f0d27) C:\Windows\system32\DRIVERS\athr.sys
09:15:15.0454 1088 athr - ok
09:15:15.0733 1088 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:15:15.0752 1088 AudioEndpointBuilder - ok
09:15:15.0760 1088 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:15:15.0764 1088 Audiosrv - ok
09:15:15.0811 1088 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:15:15.0827 1088 AxInstSV - ok
09:15:15.0911 1088 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:15:15.0947 1088 b06bdrv - ok
09:15:15.0980 1088 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:15:16.0007 1088 b57nd60x - ok
09:15:16.0048 1088 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:15:16.0066 1088 BDESVC - ok
09:15:16.0091 1088 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:15:16.0101 1088 Beep - ok
09:15:16.0168 1088 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:15:16.0189 1088 BFE - ok
09:15:16.0230 1088 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:15:16.0246 1088 blbdrive - ok
09:15:16.0285 1088 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:15:16.0295 1088 bowser - ok
09:15:16.0306 1088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:15:16.0311 1088 BrFiltLo - ok
09:15:16.0316 1088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:15:16.0326 1088 BrFiltUp - ok
09:15:16.0356 1088 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:15:16.0375 1088 BridgeMP - ok
09:15:16.0422 1088 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:15:16.0424 1088 Browser - ok
09:15:16.0456 1088 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:15:16.0481 1088 Brserid - ok
09:15:16.0493 1088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:15:16.0503 1088 BrSerWdm - ok
09:15:16.0567 1088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:15:16.0577 1088 BrUsbMdm - ok
09:15:16.0618 1088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:15:16.0674 1088 BrUsbSer - ok
09:15:16.0700 1088 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:15:16.0703 1088 BTHMODEM - ok
09:15:16.0752 1088 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:15:16.0766 1088 bthserv - ok
09:15:16.0868 1088 catchme - ok
09:15:16.0901 1088 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:15:16.0914 1088 cdfs - ok
09:15:16.0964 1088 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:15:16.0969 1088 cdrom - ok
09:15:17.0011 1088 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:15:17.0012 1088 CertPropSvc - ok
09:15:17.0028 1088 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:15:17.0042 1088 circlass - ok
09:15:17.0080 1088 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:15:17.0084 1088 CLFS - ok
09:15:17.0149 1088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:15:17.0169 1088 clr_optimization_v2.0.50727_32 - ok
09:15:17.0189 1088 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:15:17.0198 1088 CmBatt - ok
09:15:17.0229 1088 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:15:17.0233 1088 cmdide - ok
09:15:17.0281 1088 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:15:17.0327 1088 CNG - ok
09:15:17.0358 1088 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:15:17.0368 1088 Compbatt - ok
09:15:17.0409 1088 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:15:17.0427 1088 CompositeBus - ok
09:15:17.0438 1088 COMSysApp - ok
09:15:17.0539 1088 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
09:15:17.0566 1088 cpudrv - ok
09:15:17.0581 1088 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:15:17.0599 1088 crcdisk - ok
09:15:17.0659 1088 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:15:17.0661 1088 CryptSvc - ok
09:15:17.0689 1088 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:15:17.0727 1088 CSC - ok
09:15:17.0768 1088 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
09:15:17.0788 1088 CscService - ok
09:15:17.0831 1088 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:15:17.0851 1088 DcomLaunch - ok
09:15:17.0889 1088 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:15:17.0908 1088 defragsvc - ok
09:15:17.0980 1088 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:15:17.0993 1088 DfsC - ok
09:15:18.0045 1088 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:15:18.0049 1088 Dhcp - ok
09:15:18.0069 1088 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:15:18.0083 1088 discache - ok
09:15:18.0138 1088 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:15:18.0149 1088 Disk - ok
09:15:18.0185 1088 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:15:18.0187 1088 Dnscache - ok
09:15:18.0235 1088 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:15:18.0243 1088 dot3svc - ok
09:15:18.0286 1088 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
09:15:18.0305 1088 Dot4 - ok
09:15:18.0348 1088 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
09:15:18.0357 1088 Dot4Print - ok
09:15:18.0380 1088 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
09:15:18.0396 1088 dot4usb - ok
09:15:18.0443 1088 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:15:18.0445 1088 DPS - ok
09:15:18.0486 1088 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:15:18.0496 1088 drmkaud - ok
09:15:18.0557 1088 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:15:18.0590 1088 DXGKrnl - ok
09:15:18.0622 1088 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:15:18.0623 1088 EapHost - ok
09:15:18.0780 1088 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:15:18.0899 1088 ebdrv - ok
09:15:18.0984 1088 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:15:18.0986 1088 EFS - ok
09:15:19.0075 1088 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:15:19.0110 1088 ehRecvr - ok
09:15:19.0137 1088 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:15:19.0152 1088 ehSched - ok
09:15:19.0234 1088 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:15:19.0262 1088 elxstor - ok
09:15:19.0296 1088 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:15:19.0300 1088 ErrDev - ok
09:15:19.0340 1088 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:15:19.0345 1088 EventSystem - ok
09:15:19.0369 1088 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:15:19.0380 1088 exfat - ok
09:15:19.0407 1088 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:15:19.0423 1088 fastfat - ok
09:15:19.0490 1088 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:15:19.0508 1088 Fax - ok
09:15:19.0524 1088 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:15:19.0535 1088 fdc - ok
09:15:19.0561 1088 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:15:19.0562 1088 fdPHost - ok
09:15:19.0581 1088 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:15:19.0582 1088 FDResPub - ok
09:15:19.0609 1088 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:15:19.0620 1088 FileInfo - ok
09:15:19.0641 1088 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:15:19.0645 1088 Filetrace - ok
09:15:19.0656 1088 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:15:19.0670 1088 flpydisk - ok
09:15:19.0699 1088 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:15:19.0718 1088 FltMgr - ok
09:15:19.0788 1088 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
09:15:19.0815 1088 FontCache - ok
09:15:19.0872 1088 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:15:19.0882 1088 FontCache3.0.0.0 - ok
09:15:19.0900 1088 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:15:19.0916 1088 FsDepends - ok
09:15:19.0943 1088 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
09:15:19.0952 1088 Fs_Rec - ok
09:15:20.0009 1088 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:15:20.0027 1088 fvevol - ok
09:15:20.0065 1088 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:15:20.0082 1088 gagp30kx - ok
09:15:20.0125 1088 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:15:20.0143 1088 gpsvc - ok
09:15:20.0265 1088 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:15:20.0266 1088 gupdate - ok
09:15:20.0272 1088 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
09:15:20.0274 1088 gupdatem - ok
09:15:20.0306 1088 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:15:20.0316 1088 hcw85cir - ok
09:15:20.0380 1088 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:15:20.0414 1088 HdAudAddService - ok
09:15:20.0448 1088 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:15:20.0449 1088 HDAudBus - ok
09:15:20.0471 1088 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:15:20.0481 1088 HidBatt - ok
09:15:20.0495 1088 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:15:20.0505 1088 HidBth - ok
09:15:20.0525 1088 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:15:20.0529 1088 HidIr - ok
09:15:20.0552 1088 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:15:20.0554 1088 hidserv - ok
09:15:20.0607 1088 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:15:20.0625 1088 HidUsb - ok
09:15:20.0664 1088 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:15:20.0666 1088 hkmsvc - ok
09:15:20.0701 1088 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:15:20.0703 1088 HomeGroupListener - ok
09:15:20.0752 1088 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:15:20.0755 1088 HomeGroupProvider - ok
09:15:20.0808 1088 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:15:20.0823 1088 HpSAMD - ok
09:15:20.0888 1088 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:15:20.0917 1088 HTTP - ok
09:15:20.0931 1088 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:15:20.0939 1088 hwpolicy - ok
09:15:20.0986 1088 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:15:20.0990 1088 i8042prt - ok
09:15:21.0064 1088 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:15:21.0093 1088 iaStorV - ok
09:15:21.0209 1088 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:15:21.0298 1088 idsvc - ok
09:15:21.0895 1088 igfx (aa1636107c0c05a881bfbce41142c70f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:15:22.0696 1088 igfx - ok
09:15:22.0859 1088 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:15:22.0873 1088 iirsp - ok
09:15:22.0950 1088 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:15:22.0968 1088 IKEEXT - ok
09:15:22.0996 1088 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:15:23.0012 1088 intelide - ok
09:15:23.0043 1088 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:15:23.0044 1088 intelppm - ok
09:15:23.0074 1088 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:15:23.0085 1088 IPBusEnum - ok
09:15:23.0105 1088 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:15:23.0115 1088 IpFilterDriver - ok
09:15:23.0206 1088 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:15:23.0225 1088 iphlpsvc - ok
09:15:23.0263 1088 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:15:23.0274 1088 IPMIDRV - ok
09:15:23.0303 1088 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:15:23.0314 1088 IPNAT - ok
09:15:23.0339 1088 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:15:23.0354 1088 IRENUM - ok
09:15:23.0385 1088 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:15:23.0399 1088 isapnp - ok
09:15:23.0450 1088 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:15:23.0463 1088 iScsiPrt - ok
09:15:23.0494 1088 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:15:23.0511 1088 kbdclass - ok
09:15:23.0537 1088 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:15:23.0541 1088 kbdhid - ok
09:15:23.0573 1088 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:15:23.0576 1088 KeyIso - ok
09:15:23.0626 1088 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:15:23.0640 1088 KSecDD - ok
09:15:23.0678 1088 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:15:23.0694 1088 KSecPkg - ok
09:15:23.0736 1088 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:15:23.0758 1088 KtmRm - ok
09:15:23.0805 1088 L1E (f7cdaba15c7e853f0a11af6d77fca990) C:\Windows\system32\DRIVERS\L1E62x86.sys
09:15:23.0814 1088 L1E - ok
09:15:23.0868 1088 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
09:15:23.0872 1088 LanmanServer - ok
09:15:23.0911 1088 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:15:23.0914 1088 LanmanWorkstation - ok
09:15:23.0957 1088 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:15:23.0974 1088 lltdio - ok
09:15:24.0003 1088 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:15:24.0026 1088 lltdsvc - ok
09:15:24.0038 1088 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:15:24.0054 1088 lmhosts - ok
09:15:24.0091 1088 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:15:24.0102 1088 LSI_FC - ok
09:15:24.0144 1088 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:15:24.0164 1088 LSI_SAS - ok
09:15:24.0179 1088 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:15:24.0190 1088 LSI_SAS2 - ok
09:15:24.0205 1088 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:15:24.0210 1088 LSI_SCSI - ok
09:15:24.0228 1088 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:15:24.0239 1088 luafv - ok
09:15:24.0273 1088 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:15:24.0278 1088 Mcx2Svc - ok
09:15:24.0299 1088 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:15:24.0318 1088 megasas - ok
09:15:24.0364 1088 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:15:24.0393 1088 MegaSR - ok
09:15:24.0414 1088 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:15:24.0416 1088 MMCSS - ok
09:15:24.0447 1088 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:15:24.0487 1088 Modem - ok
09:15:24.0511 1088 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:15:24.0512 1088 monitor - ok
09:15:24.0547 1088 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:15:24.0566 1088 mouclass - ok
09:15:24.0606 1088 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:15:24.0616 1088 mouhid - ok
09:15:24.0663 1088 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:15:24.0681 1088 mountmgr - ok
09:15:24.0773 1088 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:15:24.0778 1088 MozillaMaintenance - ok
09:15:24.0813 1088 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:15:24.0828 1088 mpio - ok
09:15:24.0859 1088 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:15:24.0875 1088 mpsdrv - ok
09:15:24.0940 1088 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:15:24.0960 1088 MpsSvc - ok
09:15:24.0977 1088 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:15:24.0997 1088 MRxDAV - ok
09:15:25.0041 1088 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:15:25.0061 1088 mrxsmb - ok
09:15:25.0084 1088 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:15:25.0092 1088 mrxsmb10 - ok
09:15:25.0108 1088 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:15:25.0122 1088 mrxsmb20 - ok
09:15:25.0160 1088 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:15:25.0173 1088 msahci - ok
09:15:25.0282 1088 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
09:15:25.0307 1088 MSCamSvc - ok
09:15:25.0351 1088 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:15:25.0371 1088 msdsm - ok
09:15:25.0400 1088 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:15:25.0419 1088 MSDTC - ok
09:15:25.0443 1088 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:15:25.0457 1088 Msfs - ok
09:15:25.0473 1088 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:15:25.0491 1088 mshidkmdf - ok
09:15:25.0535 1088 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
09:15:25.0560 1088 MSHUSBVideo - ok
09:15:25.0594 1088 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:15:25.0610 1088 msisadrv - ok
09:15:25.0649 1088 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:15:25.0662 1088 MSiSCSI - ok
09:15:25.0672 1088 msiserver - ok
09:15:25.0720 1088 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:15:25.0730 1088 MSKSSRV - ok
09:15:25.0757 1088 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:15:25.0770 1088 MSPCLOCK - ok
09:15:25.0784 1088 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:15:25.0793 1088 MSPQM - ok
09:15:25.0811 1088 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:15:25.0828 1088 MsRPC - ok
09:15:25.0862 1088 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:15:25.0863 1088 mssmbios - ok
09:15:25.0891 1088 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:15:25.0906 1088 MSTEE - ok
09:15:25.0916 1088 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:15:25.0920 1088 MTConfig - ok
09:15:25.0967 1088 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
09:15:25.0970 1088 MTsensor - ok
09:15:25.0986 1088 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:15:26.0003 1088 Mup - ok
09:15:26.0059 1088 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:15:26.0073 1088 napagent - ok
09:15:26.0126 1088 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:15:26.0141 1088 NativeWifiP - ok
09:15:26.0219 1088 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:15:26.0243 1088 NDIS - ok
09:15:26.0275 1088 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:15:26.0293 1088 NdisCap - ok
09:15:26.0313 1088 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:15:26.0322 1088 NdisTapi - ok
09:15:26.0365 1088 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:15:26.0382 1088 Ndisuio - ok
09:15:26.0412 1088 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:15:26.0424 1088 NdisWan - ok
09:15:26.0442 1088 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:15:26.0454 1088 NDProxy - ok
09:15:26.0481 1088 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:15:26.0490 1088 NetBIOS - ok
09:15:26.0533 1088 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:15:26.0553 1088 NetBT - ok
09:15:26.0579 1088 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:15:26.0581 1088 Netlogon - ok
09:15:26.0627 1088 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:15:26.0632 1088 Netman - ok
09:15:26.0660 1088 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:15:26.0673 1088 netprofm - ok
09:15:26.0752 1088 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:15:26.0764 1088 NetTcpPortSharing - ok
09:15:26.0794 1088 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:15:26.0810 1088 nfrd960 - ok
09:15:26.0853 1088 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:15:26.0857 1088 NlaSvc - ok
09:15:26.0871 1088 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:15:26.0886 1088 Npfs - ok
09:15:26.0918 1088 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:15:26.0937 1088 nsi - ok
09:15:26.0958 1088 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:15:26.0975 1088 nsiproxy - ok
09:15:27.0081 1088 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:15:27.0186 1088 Ntfs - ok
09:15:27.0285 1088 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:15:27.0289 1088 Null - ok
09:15:27.0329 1088 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:15:27.0339 1088 nvraid - ok
09:15:27.0363 1088 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:15:27.0382 1088 nvstor - ok
09:15:27.0408 1088 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:15:27.0413 1088 nv_agp - ok
09:15:27.0459 1088 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:15:27.0471 1088 ohci1394 - ok
09:15:27.0533 1088 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:15:27.0548 1088 ose - ok
09:15:27.0578 1088 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:15:27.0584 1088 p2pimsvc - ok
09:15:27.0627 1088 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:15:27.0641 1088 p2psvc - ok
09:15:27.0676 1088 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:15:27.0692 1088 Parport - ok
09:15:27.0734 1088 Partizan - ok
09:15:27.0763 1088 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
09:15:27.0782 1088 partmgr - ok
09:15:27.0817 1088 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:15:27.0827 1088 Parvdm - ok
09:15:27.0866 1088 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:15:27.0869 1088 PcaSvc - ok
09:15:27.0902 1088 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:15:27.0921 1088 pci - ok
09:15:27.0940 1088 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:15:27.0949 1088 pciide - ok
09:15:27.0987 1088 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:15:28.0007 1088 pcmcia - ok
09:15:28.0020 1088 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:15:28.0039 1088 pcw - ok
09:15:28.0084 1088 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:15:28.0124 1088 PEAUTH - ok
09:15:28.0189 1088 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
09:15:28.0232 1088 PeerDistSvc - ok
09:15:28.0345 1088 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:15:28.0455 1088 pla - ok
09:15:28.0572 1088 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:15:28.0585 1088 PlugPlay - ok
09:15:28.0615 1088 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:15:28.0628 1088 PNRPAutoReg - ok
09:15:28.0657 1088 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:15:28.0660 1088 PNRPsvc - ok
09:15:28.0720 1088 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:15:28.0734 1088 PolicyAgent - ok
09:15:28.0777 1088 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:15:28.0782 1088 Power - ok
09:15:28.0829 1088 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:15:28.0846 1088 PptpMiniport - ok
09:15:28.0862 1088 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:15:28.0866 1088 Processor - ok
09:15:28.0909 1088 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:15:28.0912 1088 ProfSvc - ok
09:15:28.0934 1088 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:15:28.0936 1088 ProtectedStorage - ok
09:15:28.0974 1088 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:15:28.0984 1088 Psched - ok
09:15:29.0074 1088 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:15:29.0189 1088 ql2300 - ok
09:15:29.0290 1088 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:15:29.0295 1088 ql40xx - ok
09:15:29.0332 1088 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:15:29.0341 1088 QWAVE - ok
09:15:29.0353 1088 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:15:29.0366 1088 QWAVEdrv - ok
09:15:29.0385 1088 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:15:29.0394 1088 RasAcd - ok
09:15:29.0429 1088 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:15:29.0440 1088 RasAgileVpn - ok
09:15:29.0465 1088 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:15:29.0483 1088 RasAuto - ok
09:15:29.0504 1088 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:15:29.0514 1088 Rasl2tp - ok
09:15:29.0559 1088 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:15:29.0564 1088 RasMan - ok
09:15:29.0583 1088 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:15:29.0594 1088 RasPppoe - ok
09:15:29.0619 1088 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:15:29.0635 1088 RasSstp - ok
09:15:29.0662 1088 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:15:29.0696 1088 rdbss - ok
09:15:29.0715 1088 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:15:29.0724 1088 rdpbus - ok
09:15:29.0759 1088 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:15:29.0771 1088 RDPCDD - ok
09:15:29.0817 1088 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:15:29.0836 1088 RDPDR - ok
09:15:29.0866 1088 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:15:29.0869 1088 RDPENCDD - ok
09:15:29.0894 1088 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:15:29.0907 1088 RDPREFMP - ok
09:15:29.0963 1088 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
09:15:29.0988 1088 RdpVideoMiniport - ok
09:15:30.0009 1088 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
09:15:30.0032 1088 RDPWD - ok
09:15:30.0078 1088 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:15:30.0085 1088 rdyboost - ok
09:15:30.0120 1088 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:15:30.0134 1088 RemoteAccess - ok
09:15:30.0158 1088 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:15:30.0172 1088 RemoteRegistry - ok
09:15:30.0193 1088 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:15:30.0195 1088 RpcEptMapper - ok
09:15:30.0211 1088 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:15:30.0232 1088 RpcLocator - ok
09:15:30.0279 1088 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:15:30.0284 1088 RpcSs - ok
09:15:30.0310 1088 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:15:30.0327 1088 rspndr - ok
09:15:30.0363 1088 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:15:30.0367 1088 s3cap - ok
09:15:30.0387 1088 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:15:30.0388 1088 SamSs - ok
09:15:30.0586 1088 SBAMSvc (ad720d4d463b72c58da9ff5933723a66) C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
09:15:30.0662 1088 SBAMSvc - ok
09:15:30.0779 1088 sbapifs (29658f5353d5b73ca514a784e6aac54e) C:\Windows\system32\DRIVERS\sbapifs.sys
09:15:30.0799 1088 sbapifs - ok
09:15:30.0857 1088 SbFw (5ebf9e7158b700f6af481274e05e782e) C:\Windows\system32\drivers\SbFw.sys
09:15:30.0878 1088 SbFw - ok
09:15:30.0928 1088 SBFWIMCL (12148d9ea75ff7905d973711b2b24e53) C:\Windows\system32\DRIVERS\sbfwim.sys
09:15:30.0929 1088 SBFWIMCL - ok
09:15:30.0963 1088 SBFWIMCLMP (12148d9ea75ff7905d973711b2b24e53) C:\Windows\system32\DRIVERS\SBFWIM.sys
09:15:30.0964 1088 SBFWIMCLMP - ok
09:15:30.0993 1088 sbhips (f4611243fe224e59e8052a3bad8bc4c7) C:\Windows\system32\drivers\sbhips.sys
09:15:31.0008 1088 sbhips - ok
09:15:31.0061 1088 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:15:31.0072 1088 sbp2port - ok
09:15:31.0159 1088 SBPIMSvc (9ffbe1a6d3a919d83ad7984dbc012f8c) C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
09:15:31.0184 1088 SBPIMSvc - ok
09:15:31.0237 1088 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
09:15:31.0255 1088 SBRE - ok
09:15:31.0292 1088 SbTis (5aa20102504a98f8c3653d99a0923e8b) C:\Windows\system32\drivers\sbtis.sys
09:15:31.0307 1088 SbTis - ok
09:15:31.0340 1088 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:15:31.0359 1088 SCardSvr - ok
09:15:31.0392 1088 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:15:31.0407 1088 scfilter - ok
09:15:31.0471 1088 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:15:31.0499 1088 Schedule - ok
09:15:31.0528 1088 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:15:31.0529 1088 SCPolicySvc - ok
09:15:31.0560 1088 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:15:31.0578 1088 SDRSVC - ok
09:15:31.0611 1088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:15:31.0622 1088 secdrv - ok
09:15:31.0658 1088 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:15:31.0664 1088 seclogon - ok
09:15:31.0683 1088 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
09:15:31.0686 1088 SENS - ok
09:15:31.0705 1088 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:15:31.0717 1088 SensrSvc - ok
09:15:31.0729 1088 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:15:31.0748 1088 Serenum - ok
09:15:31.0777 1088 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:15:31.0807 1088 Serial - ok
09:15:31.0862 1088 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:15:31.0867 1088 sermouse - ok
09:15:31.0909 1088 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:15:31.0912 1088 SessionEnv - ok
09:15:31.0941 1088 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:15:31.0946 1088 sffdisk - ok
09:15:31.0959 1088 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:15:31.0968 1088 sffp_mmc - ok
09:15:31.0992 1088 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:15:31.0996 1088 sffp_sd - ok
09:15:32.0020 1088 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:15:32.0051 1088 sfloppy - ok
09:15:32.0113 1088 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:15:32.0141 1088 SharedAccess - ok
09:15:32.0195 1088 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:15:32.0208 1088 ShellHWDetection - ok
09:15:32.0253 1088 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:15:32.0266 1088 sisagp - ok
09:15:32.0298 1088 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:15:32.0318 1088 SiSRaid2 - ok
09:15:32.0333 1088 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:15:32.0344 1088 SiSRaid4 - ok
09:15:32.0428 1088 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
09:15:32.0446 1088 SkypeUpdate - ok
09:15:32.0478 1088 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:15:32.0491 1088 Smb - ok
09:15:32.0542 1088 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:15:32.0563 1088 SNMPTRAP - ok
09:15:32.0589 1088 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:15:32.0607 1088 spldr - ok
09:15:32.0669 1088 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:15:32.0691 1088 Spooler - ok
09:15:32.0856 1088 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:15:32.0947 1088 sppsvc - ok
09:15:33.0076 1088 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:15:33.0079 1088 sppuinotify - ok
09:15:33.0125 1088 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:15:33.0159 1088 srv - ok
09:15:33.0191 1088 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:15:33.0216 1088 srv2 - ok
09:15:33.0244 1088 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:15:33.0260 1088 srvnet - ok
09:15:33.0294 1088 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:15:33.0298 1088 SSDPSRV - ok
09:15:33.0343 1088 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:15:33.0355 1088 SstpSvc - ok
09:15:33.0384 1088 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:15:33.0393 1088 stexstor - ok
09:15:33.0447 1088 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:15:33.0467 1088 StiSvc - ok
09:15:33.0499 1088 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:15:33.0513 1088 storflt - ok
09:15:33.0540 1088 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:15:33.0544 1088 storvsc - ok
09:15:33.0558 1088 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:15:33.0560 1088 swenum - ok
09:15:33.0595 1088 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:15:33.0608 1088 swprv - ok
09:15:33.0616 1088 Synth3dVsc - ok
09:15:33.0708 1088 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:15:33.0762 1088 SysMain - ok
09:15:33.0795 1088 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:15:33.0817 1088 TabletInputService - ok
09:15:33.0870 1088 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:15:33.0875 1088 TapiSrv - ok
09:15:33.0912 1088 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:15:33.0927 1088 TBS - ok
09:15:34.0033 1088 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
09:15:34.0112 1088 Tcpip - ok
09:15:34.0286 1088 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
09:15:34.0296 1088 TCPIP6 - ok
09:15:34.0379 1088 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:15:34.0393 1088 tcpipreg - ok
09:15:34.0421 1088 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:15:34.0436 1088 TDPIPE - ok
09:15:34.0442 1088 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
09:15:34.0450 1088 TDTCP - ok
09:15:34.0505 1088 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:15:34.0519 1088 tdx - ok
09:15:34.0555 1088 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:15:34.0557 1088 TermDD - ok
09:15:34.0621 1088 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:15:34.0640 1088 TermService - ok
09:15:34.0663 1088 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:15:34.0666 1088 Themes - ok
09:15:34.0694 1088 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:15:34.0696 1088 THREADORDER - ok
09:15:34.0717 1088 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:15:34.0720 1088 TrkWks - ok
09:15:34.0769 1088 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:15:34.0776 1088 TrustedInstaller - ok
09:15:34.0799 1088 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:15:34.0811 1088 tssecsrv - ok
09:15:34.0846 1088 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:15:34.0851 1088 TsUsbFlt - ok
09:15:34.0855 1088 tsusbhub - ok
09:15:34.0917 1088 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:15:34.0919 1088 tunnel - ok
09:15:34.0948 1088 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:15:34.0967 1088 uagp35 - ok
09:15:35.0019 1088 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:15:35.0034 1088 udfs - ok
09:15:35.0068 1088 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:15:35.0087 1088 UI0Detect - ok
09:15:35.0145 1088 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:15:35.0159 1088 uliagpkx - ok
09:15:35.0198 1088 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:15:35.0207 1088 umbus - ok
09:15:35.0231 1088 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:15:35.0244 1088 UmPass - ok
09:15:35.0299 1088 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
09:15:35.0303 1088 UmRdpService - ok
09:15:35.0332 1088 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:15:35.0347 1088 upnphost - ok
09:15:35.0380 1088 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
09:15:35.0394 1088 usbaudio - ok
09:15:35.0411 1088 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:15:35.0430 1088 usbccgp - ok
09:15:35.0466 1088 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:15:35.0482 1088 usbcir - ok
09:15:35.0503 1088 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:15:35.0514 1088 usbehci - ok
09:15:35.0546 1088 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:15:35.0573 1088 usbhub - ok
09:15:35.0586 1088 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
09:15:35.0597 1088 usbohci - ok
09:15:35.0633 1088 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:15:35.0652 1088 usbprint - ok
09:15:35.0692 1088 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:15:35.0702 1088 usbscan - ok
09:15:35.0725 1088 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:15:35.0727 1088 USBSTOR - ok
09:15:35.0768 1088 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
09:15:35.0773 1088 usbuhci - ok
09:15:35.0810 1088 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
09:15:35.0824 1088 usbvideo - ok
09:15:35.0854 1088 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:15:35.0857 1088 UxSms - ok
09:15:35.0878 1088 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:15:35.0880 1088 VaultSvc - ok
09:15:35.0938 1088 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:15:35.0952 1088 vdrvroot - ok
09:15:36.0008 1088 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:15:36.0047 1088 vds - ok
09:15:36.0070 1088 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:15:36.0084 1088 vga - ok
09:15:36.0102 1088 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:15:36.0115 1088 VgaSave - ok
09:15:36.0133 1088 VGPU - ok
09:15:36.0181 1088 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:15:36.0231 1088 vhdmp - ok
09:15:36.0257 1088 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:15:36.0267 1088 viaagp - ok
09:15:36.0293 1088 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:15:36.0307 1088 ViaC7 - ok
09:15:36.0324 1088 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:15:36.0337 1088 viaide - ok
09:15:36.0356 1088 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:15:36.0363 1088 vmbus - ok
09:15:36.0375 1088 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:15:36.0393 1088 VMBusHID - ok
09:15:36.0413 1088 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:15:36.0428 1088 volmgr - ok
09:15:36.0467 1088 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:15:36.0476 1088 volmgrx - ok
09:15:36.0504 1088 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:15:36.0524 1088 volsnap - ok
09:15:36.0555 1088 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:15:36.0569 1088 vsmraid - ok
09:15:36.0650 1088 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:15:36.0684 1088 VSS - ok
09:15:36.0711 1088 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:15:36.0730 1088 vwifibus - ok
09:15:36.0761 1088 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:15:36.0780 1088 vwififlt - ok
09:15:36.0831 1088 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:15:36.0845 1088 W32Time - ok
09:15:36.0872 1088 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:15:36.0886 1088 WacomPen - ok
09:15:36.0932 1088 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:15:36.0954 1088 WANARP - ok
09:15:36.0958 1088 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:15:36.0960 1088 Wanarpv6 - ok
09:15:37.0058 1088 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:15:37.0160 1088 WatAdminSvc - ok
09:15:37.0311 1088 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:15:37.0428 1088 wbengine - ok
09:15:37.0454 1088 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:15:37.0471 1088 WbioSrvc - ok
09:15:37.0514 1088 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:15:37.0543 1088 wcncsvc - ok
09:15:37.0558 1088 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:15:37.0575 1088 WcsPlugInService - ok
09:15:37.0634 1088 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:15:37.0650 1088 Wd - ok
09:15:37.0690 1088 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:15:37.0730 1088 Wdf01000 - ok
09:15:37.0758 1088 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:15:37.0762 1088 WdiServiceHost - ok
09:15:37.0771 1088 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:15:37.0774 1088 WdiSystemHost - ok
09:15:37.0825 1088 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:15:37.0860 1088 WebClient - ok
09:15:37.0887 1088 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:15:37.0907 1088 Wecsvc - ok
09:15:37.0928 1088 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:15:37.0931 1088 wercplsupport - ok
09:15:37.0965 1088 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:15:37.0968 1088 WerSvc - ok
09:15:38.0005 1088 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:15:38.0024 1088 WfpLwf - ok
09:15:38.0050 1088 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:15:38.0071 1088 WIMMount - ok
09:15:38.0161 1088 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:15:38.0406 1088 WinDefend - ok
09:15:38.0414 1088 WinHttpAutoProxySvc - ok
09:15:38.0470 1088 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:15:38.0472 1088 Winmgmt - ok
09:15:38.0699 1088 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:15:38.0730 1088 WinRM - ok
09:15:38.0810 1088 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:15:38.0932 1088 Wlansvc - ok
09:15:38.0982 1088 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:15:38.0999 1088 WmiAcpi - ok
09:15:39.0059 1088 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:15:39.0061 1088 wmiApSrv - ok
09:15:39.0205 1088 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:15:39.0233 1088 WMPNetworkSvc - ok
09:15:39.0329 1088 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:15:39.0346 1088 WPCSvc - ok
09:15:39.0385 1088 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:15:39.0406 1088 WPDBusEnum - ok
09:15:39.0457 1088 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:15:39.0477 1088 ws2ifsl - ok
09:15:39.0524 1088 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
09:15:39.0527 1088 wscsvc - ok
09:15:39.0533 1088 WSearch - ok
09:15:39.0666 1088 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:15:39.0705 1088 wuauserv - ok
09:15:39.0833 1088 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:15:39.0852 1088 WudfPf - ok
09:15:39.0907 1088 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:15:39.0908 1088 WUDFRd - ok
09:15:39.0946 1088 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:15:39.0967 1088 wudfsvc - ok
09:15:40.0009 1088 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:15:40.0013 1088 WwanSvc - ok
09:15:40.0045 1088 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:15:40.0212 1088 \Device\Harddisk0\DR0 - ok
09:15:40.0217 1088 Boot (0x1200) (36991caabf471562ad3682d32b0f62bc) \Device\Harddisk0\DR0\Partition0
09:15:40.0219 1088 \Device\Harddisk0\DR0\Partition0 - ok
09:15:40.0243 1088 Boot (0x1200) (e8fc63cb5c28399f6b775232223c73e4) \Device\Harddisk0\DR0\Partition1
09:15:40.0249 1088 \Device\Harddisk0\DR0\Partition1 - ok
09:15:40.0249 1088 ============================================================
09:15:40.0249 1088 Scan finished
09:15:40.0249 1088 ============================================================
09:15:40.0270 2108 Detected object count: 0
09:15:40.0270 2108 Actual detected object count: 0
09:16:11.0310 4056 Deinitialize success



----------------------------------------------------------------------------------------------------------------------------------------




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-31 09:27:18
-----------------------------
09:27:18.979 OS Version: Windows 6.1.7601 Service Pack 1
09:27:18.979 Number of processors: 2 586 0x170A
09:27:18.979 ComputerName: EGIS-PC UserName: Egis
09:27:19.572 Initialize success
09:27:24.954 AVAST engine defs: 12073100
09:27:28.994 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:27:28.994 Disk 0 Vendor: ST9500325AS 0003SDM1 Size: 476940MB BusType: 11
09:27:29.057 Disk 0 MBR read successfully
09:27:29.057 Disk 0 MBR scan
09:27:29.057 Disk 0 Windows 7 default MBR code
09:27:29.088 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119132 MB offset 41170944
09:27:29.088 Disk 0 Partition - 00 0F Extended LBA 337704 MB offset 285153280
09:27:29.135 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 337703 MB offset 285155328
09:27:29.135 Disk 0 scanning sectors +976771072
09:27:29.228 Disk 0 scanning C:\Windows\system32\drivers
09:27:42.722 Service scanning
09:28:04.328 Modules scanning
09:28:12.331 Disk 0 trace - called modules:
09:28:12.347 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:28:12.363 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d80030]
09:28:12.363 3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> [0x858bf8f0]
09:28:12.378 5 ACPI.sys[8ac8d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858bc908]
09:28:12.955 AVAST engine scan C:\Windows
09:28:16.559 AVAST engine scan C:\Windows\system32
09:31:01.228 AVAST engine scan C:\Windows\system32\drivers
09:31:15.840 AVAST engine scan C:\Users\Egis
09:42:48.953 AVAST engine scan C:\ProgramData
09:43:58.668 Scan finished successfully
09:48:06.758 Disk 0 MBR has been saved successfully to "C:\Users\Egis\Desktop\MBR.dat"
09:48:06.766 The log file has been saved successfully to "C:\Users\Egis\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 31 July 2012 - 04:01 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

DDS::
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=3012_6&babsrc=HP_ss&mntrId=aeb6b64b00000000000020cf306ab1db
uInternet Settings,ProxyOverride = <local>

Firefox::
FF - ProfilePath - c:\users\Egis\AppData\Roaming\Mozilla\Firefox\Profiles\ivuwu29v.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=3012_6&babsrc=KW_ss&mntrId=aeb6b64b00000000000020cf306ab1db&q=
FF - user.js: extensions.BabylonToolbar_i.id - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar_i.hardId - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15476
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=3012_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - aeb6b64b00000000000020cf306ab1db
FF - user.js: extensions.BabylonToolbar.instlDay - 15547
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.12:08
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 egydos

egydos
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 31 July 2012 - 05:17 AM

ComboFix 12-07-30.03 - Egis 1-Jul-2012 10:58:06.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3037.2075 [GMT 1:00]
Running from: c:\users\Egis\Desktop\ComboFix.exe
Command switches used :: c:\users\Egis\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Egis\AppData\Roaming\mIRC\logs\status.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 10:02 . 2012-07-31 10:03 -------- d-----w- c:\users\Egis\AppData\Local\temp
2012-07-31 10:02 . 2012-07-31 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 06:48 . 2012-07-29 06:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 10:40 . 2012-07-28 10:40 -------- d-----w- c:\users\Egis\AppData\Roaming\Sunbelt
2012-07-28 10:40 . 2010-07-27 03:48 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-28 10:40 . 2010-07-27 03:48 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-07-28 10:40 . 2010-07-27 03:48 220760 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-28 10:40 . 2010-04-15 17:35 68696 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-28 10:40 . 2012-07-28 10:40 -------- d-----w- c:\program files\Sunbelt Software
2012-07-26 01:07 . 2012-07-26 01:07 -------- d-----w- c:\users\Egis\AppData\Roaming\YourFileDownloader
2012-07-26 01:00 . 2012-07-26 01:54 -------- d-----w- c:\programdata\RegRun
2012-07-26 00:59 . 2012-07-26 00:59 2 --shatr- c:\windows\winstart.bat
2012-07-26 00:14 . 2012-07-26 01:18 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-26 00:14 . 2012-07-26 00:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-25 22:16 . 2012-07-25 22:16 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2012-07-25 22:16 . 2012-07-25 22:16 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-07-25 22:01 . 2012-07-26 09:23 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-07-25 22:01 . 2012-07-25 22:01 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-25 21:56 . 2012-07-25 22:25 -------- d-----w- c:\programdata\PLAV
2012-07-25 21:55 . 2012-07-25 21:55 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-07-25 21:55 . 2012-07-25 22:45 -------- d-----w- c:\program files\ParetoLogic
2012-07-25 03:59 . 2012-07-25 03:59 -------- d-----w- c:\users\Egis\AppData\Local\Aeria Games
2012-07-25 03:59 . 2012-07-25 22:21 -------- d-----w- c:\programdata\Aeria Games
2012-07-25 03:53 . 2012-07-25 22:21 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-07-24 07:59 . 2012-07-24 07:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-22 21:44 . 2012-07-22 21:50 -------- d-----w- c:\users\Egis\AppData\Roaming\ApexDC++
2012-07-22 21:44 . 2012-07-22 21:50 -------- d-----w- c:\users\Egis\AppData\Local\ApexDC++
2012-07-16 21:55 . 2012-07-16 21:55 -------- d-----w- c:\programdata\AVS4YOU
2012-07-16 21:55 . 2012-07-16 21:55 -------- d-----w- c:\users\Egis\AppData\Roaming\AVS4YOU
2012-07-16 21:53 . 2012-07-16 21:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-07-16 21:53 . 2012-07-16 21:53 -------- d-----w- c:\program files\AVS4YOU
2012-07-16 21:53 . 2010-07-08 19:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-07-16 21:39 . 2012-07-18 21:47 -------- d-----w- c:\programdata\Yahoo!
2012-07-16 21:37 . 2012-07-19 14:24 -------- d-----w- c:\program files\Yahoo!
2012-07-16 21:22 . 2012-07-16 21:22 -------- d-----w- c:\users\Egis\AppData\Local\Halvar Information
2012-07-16 21:22 . 2012-07-16 21:22 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-07-16 21:22 . 2012-07-16 21:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-16 21:22 . 2012-07-17 18:09 -------- d-----w- c:\program files\hMailServer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 12:46 . 2012-05-16 19:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-20 08:44 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-05-17 06:01 . 2012-05-17 06:01 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-17 06:01 . 2012-05-17 06:01 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-17 06:01 . 2012-05-17 06:01 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-17 06:01 . 2012-05-17 06:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-17 06:01 . 2012-05-17 06:01 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-17 06:01 . 2012-05-17 06:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-17 06:01 . 2012-05-17 06:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-17 06:01 . 2012-05-17 06:01 367104 ----a-w- c:\windows\system32\html.iec
2012-05-17 06:01 . 2012-05-17 06:01 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-17 06:01 . 2012-05-17 06:01 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-17 06:01 . 2012-05-17 06:01 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-17 06:01 . 2012-05-17 06:01 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-17 06:01 . 2012-05-17 06:01 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-17 06:01 . 2012-05-17 06:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 06:01 . 2012-05-17 06:01 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-17 06:01 . 2012-05-17 06:01 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-17 06:01 . 2012-05-17 06:01 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-15 08:43 . 2012-06-10 16:28 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E329CC0-DFD7-45D3-9711-31805A281AE0}\mpengine.dll
2012-06-19 03:05 . 2012-05-16 05:57 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 172824]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
.
c:\users\Egis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mIRC.lnk - c:\program files\mIRC\mirc.exe [2012-7-28 1087070]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 SBAMSvc;VIPRE Antivirus Premium;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-19 04:57]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-19 04:57]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Egis\AppData\Roaming\Mozilla\Firefox\Profiles\ivuwu29v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\users\Egis\AppData\Local\Akamai\netsession_win.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-31 11:06:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 10:06
.
Pre-Run: 104,051,359,744 bytes free
Post-Run: 104,170,254,336 bytes free
.
- - End Of File - - C953B20AD3A688A67F82C3C87F8AFDF9

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 01 August 2012 - 06:02 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Adobe Reader 7.0
Java™ 7 Update 4
JavaFX 2.1.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 03 August 2012 - 11:58 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 06 August 2012 - 11:16 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:43 PM

Posted 10 August 2012 - 07:17 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users