Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rocketnews redirect virus


  • This topic is locked This topic is locked
54 replies to this topic

#1 viral_1212

viral_1212

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 11 July 2012 - 10:00 AM

plzzz help me..whenever i click on a website from google search,it redirects me to rocketnews.com which directs me to some other website or it redirects me to google again or it says that the site is dangerous .i have tried everything..plzz tell me what should i do..i need your help asap....as i have to research something really important related to my class project.if you want me to run any scans or any software,do let me know...i will do it

Edited by viral_1212, 11 July 2012 - 10:42 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 12 July 2012 - 01:12 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 12 July 2012 - 02:16 AM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Payal at 12:28:14 on 2012-07-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.3001.1284 [GMT 5.5:30]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Payal\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\IS3Updater.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\payal\appdata\roaming\micros~1\windows\startm~1\programs\startup\_unins~1.lnk - c:\users\payal\appdata\local\temp\_uninst_49762599.bat
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 202.149.208.92 202.149.208.91
TCP: Interfaces\{2AAA3E14-8DB0-4837-8445-B9782F0E2168} : DhcpNameServer = 202.149.208.92 202.149.208.91
TCP: Interfaces\{57DEA977-C971-4568-8A49-2515E04E9047} : DhcpNameServer = 172.20.10.5 202.149.208.92 202.149.208.91
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\payal\appdata\roaming\mozilla\firefox\profiles\8xnpv8op.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.40115.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\payal\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\payal\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\payal\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\gridvista\DPMemGridVista.sys [2009-7-25 10504]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-5 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-5 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-5 59952]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-4-11 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-7-25 707104]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-15 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-7-2 62208]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2009-6-18 144640]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-25 112128]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-22 50176]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-7-25 3664384]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2012-7-11 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 135664]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-11 29472]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-25 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-11 135664]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-7-25 112992]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-1 113120]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2009-6-18 50432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2012-07-11 13:41:34 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-11 13:41:27 -------- d-----w- c:\program files\common files\iS3
2012-07-11 13:41:26 -------- d-----w- c:\programdata\STOPzilla!
2012-07-11 13:14:51 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-08 10:26:36 -------- d-----w- c:\users\payal\jagexcache
2012-07-08 10:04:40 -------- d-----w- c:\windows\system32\Adobe
2012-06-30 11:40:48 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-30 09:07:46 -------- d-----w- c:\users\payal\appdata\roaming\PC Cleaners
2012-06-30 08:50:53 4448056 ----a-w- c:\windows\uninst.exe
2012-06-30 08:50:53 -------- d-----w- c:\users\payal\appdata\roaming\PCPro
2012-06-30 08:50:52 -------- d-----w- c:\programdata\PC1Data
2012-06-29 13:09:11 -------- d-----w- c:\programdata\Ask
2012-06-29 13:08:28 -------- d-----w- c:\program files\Oracle
2012-06-29 13:08:21 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-29 09:22:28 -------- d-----w- c:\program files\PC Tools
2012-06-29 06:56:32 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-29 06:56:32 -------- d-----w- c:\program files\common files\PC Tools
2012-06-29 06:51:34 -------- d-----w- c:\programdata\PC Tools
2012-06-29 06:51:33 -------- d-----w- c:\users\payal\appdata\roaming\TestApp
2012-06-25 11:50:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 11:50:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 11:50:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 11:50:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 11:23:05 -------- d-----w- c:\users\payal\appdata\roaming\Malwarebytes
2012-06-25 11:23:01 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 10:00:48 98816 ----a-w- c:\windows\sed.exe
2012-06-25 10:00:48 518144 ----a-w- c:\windows\SWREG.exe
2012-06-25 10:00:48 256000 ----a-w- c:\windows\PEV.exe
2012-06-25 10:00:48 208896 ----a-w- c:\windows\MBR.exe
2012-06-13 10:43:44 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-13 10:43:44 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-13 09:15:09 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 09:15:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:15:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 09:11:17 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:11:15 2045440 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-06-09 11:29:23 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-06-09 11:28:38 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-09 11:28:38 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-09 11:28:38 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2012-06-09 11:28:38 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-09 11:28:38 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-09 11:28:38 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-09 11:28:38 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-09 11:28:38 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-30 12:28:14 200704 --sha-r- c:\windows\system32\msswchs.dll
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-04 13:59:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:28:53.53 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12-04-2010 02:07:57
System Uptime: 11-07-2012 20:12:15 (16 hours ago)
.
Motherboard: Acer | | Aspire 4736
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 188 GiB total, 51.223 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 98 GiB total, 4.201 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
A-PDF Password Security 2.4
Acer Arcade Deluxe
Acer Backup Manager
Acer Bio Protection
Acer Crystal Eye webcam Ver:1.1.87.603
Acer eRecovery Management
Acer PowerSmart Manager
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.1
Adobe Shockwave Player 11.6
Airport Mania First Flight
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AuthenTec Fingerprint Sensor Minimum Install
Backup Manager Basic
C:\Program Files\Acer GameZone\GameConsole
Cake Mania 2
Choice Guard
Compatibility Pack for the 2007 Office system
Cooking Dash
Cradle of Rome
Dairy Dash
dj_sf_software
Dream Day Honeymoon
eSobi v2
Fingerprint Solution
Galapago
Google Desktop
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GridVista
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Jewel Quest Solitaire
Junk Mail filter update
Launch Manager
Luxor 2
Mahjong Escape Ancient China
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Cutter Joiner 3.00
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
Ocean Express
Orion
Parking Dash
PC Connectivity Solution
PhotoScape
Picasa 3
POWERPREP II
Puzzle Express
Rainbow Web
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Toolbars
Skype™ 4.2
swMSM
Synaptics Pointing Device Driver
Tradewinds 2
Tri-Peaks Solitaire To Go
TSS Decryption Utility
Turbo Pizza
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.0.5
Wedding Dash
WIDCOMM Bluetooth Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
WordWeb
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12-07-2012 11:59:03, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 001E658DCAC8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11-07-2012 20:14:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
11-07-2012 18:54:21, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11-07-2012 18:41:53, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11-07-2012 14:19:48, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
09-07-2012 12:23:00, Error: EventLog [6008] - The previous system shutdown at 12:21:14 on 09-07-2012 was unexpected.
05-07-2012 20:11:24, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
05-07-2012 20:11:24, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05-07-2012 20:11:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================


Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.26 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

Edited by viral_1212, 12 July 2012 - 02:23 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 12 July 2012 - 02:22 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 12 July 2012 - 02:55 AM

here is my gmer log

Attached Files

  • Attached File  ark.txt   12.31KB   1 downloads


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 12 July 2012 - 03:10 AM

thank you for that report - now let me have the combofix report when it is ready




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 12 July 2012 - 03:27 AM

ComboFix 12-07-11.03 - Payal 12-07-2012 13:47:44.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.3001.1148 [GMT 5.5:30]
Running from: c:\users\Payal\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 08:23 . 2012-07-12 08:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 13:41 . 2012-01-12 03:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-11 13:41 . 2012-07-11 13:41 -------- d-----w- c:\program files\Common Files\iS3
2012-07-11 13:41 . 2012-07-12 06:53 -------- d-----w- c:\programdata\STOPzilla!
2012-07-08 10:26 . 2012-07-08 10:26 -------- d-----w- c:\users\Payal\jagexcache
2012-07-08 10:04 . 2012-07-08 10:04 -------- d-----w- c:\windows\system32\Adobe
2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-30 09:07 . 2012-06-30 09:07 -------- d-----w- c:\users\Payal\AppData\Roaming\PC Cleaners
2012-06-30 08:50 . 2012-06-30 09:07 -------- d-----w- c:\users\Payal\AppData\Roaming\PCPro
2012-06-30 08:50 . 2012-06-30 08:50 4448056 ----a-w- c:\windows\uninst.exe
2012-06-30 08:50 . 2012-06-30 08:50 -------- d-----w- c:\programdata\PC1Data
2012-06-29 13:09 . 2012-06-29 13:09 -------- d-----w- c:\programdata\Ask
2012-06-29 13:08 . 2012-06-29 13:08 -------- d-----w- c:\program files\Common Files\Java
2012-06-29 13:08 . 2012-06-29 13:08 -------- d-----w- c:\program files\Oracle
2012-06-29 13:08 . 2012-05-04 13:59 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-29 13:07 . 2012-06-29 13:07 -------- d-----w- c:\program files\Java
2012-06-29 09:22 . 2012-06-29 12:19 -------- d-----w- c:\program files\PC Tools
2012-06-29 06:56 . 2012-06-29 12:19 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-29 06:56 . 2012-05-11 05:44 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-29 06:51 . 2012-06-29 12:17 -------- d-----w- c:\programdata\PC Tools
2012-06-29 06:51 . 2012-06-29 06:51 -------- d-----w- c:\users\Payal\AppData\Roaming\TestApp
2012-06-25 11:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 11:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 11:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 11:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 11:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-25 11:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 11:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 11:50 . 2012-06-02 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 11:50 . 2012-06-02 09:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 11:23 . 2012-06-25 11:23 -------- d-----w- c:\users\Payal\AppData\Roaming\Malwarebytes
2012-06-25 11:23 . 2012-06-25 11:23 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 10:43 . 2012-06-13 10:43 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-13 10:43 . 2012-06-13 10:43 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-13 09:15 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 09:15 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:15 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 09:11 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 09:11 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 11:50 . 2012-06-09 11:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-09 11:50 . 2012-06-09 11:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-09 11:50 . 2012-06-09 11:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-09 11:50 . 2012-06-09 11:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-09 11:50 . 2012-06-09 11:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-09 11:50 . 2012-06-09 11:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-09 11:50 . 2012-06-09 11:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-09 11:50 . 2012-06-09 11:50 367104 ----a-w- c:\windows\system32\html.iec
2012-06-09 11:50 . 2012-06-09 11:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-09 11:50 . 2012-06-09 11:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-09 11:50 . 2012-06-09 11:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-09 11:50 . 2012-06-09 11:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-09 11:50 . 2012-06-09 11:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-09 11:50 . 2012-06-09 11:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-09 11:50 . 2012-06-09 11:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-09 11:50 . 2012-06-09 11:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-09 11:29 . 2012-06-09 11:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-06-09 11:29 . 2012-06-09 11:29 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-09 11:29 . 2012-06-09 11:29 586240 ----a-w- c:\windows\system32\stobject.dll
2012-06-09 11:29 . 2012-06-09 11:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-06-09 11:29 . 2012-06-09 11:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-06-09 11:29 . 2012-06-09 11:29 2873344 ----a-w- c:\windows\system32\mf.dll
2012-06-09 11:29 . 2012-06-09 11:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-06-09 11:29 . 2012-06-09 11:29 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-06-09 11:29 . 2012-06-09 11:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-06-09 11:29 . 2012-06-09 11:29 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-06-09 11:29 . 2012-06-09 11:29 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-06-09 11:29 . 2012-06-09 11:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-06-09 11:29 . 2012-06-09 11:29 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-06-09 11:29 . 2012-06-09 11:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-06-09 11:29 . 2012-06-09 11:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-06-09 11:29 . 2012-06-09 11:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-06-09 11:29 . 2012-06-09 11:29 37376 ----a-w- c:\windows\system32\cdd.dll
2012-06-09 11:29 . 2012-06-09 11:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-06-09 11:29 . 2012-06-09 11:29 258048 ----a-w- c:\windows\system32\winspool.drv
2012-06-09 11:29 . 2012-06-09 11:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-06-09 11:28 . 2012-06-09 11:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-09 11:28 . 2012-06-09 11:28 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-09 11:28 . 2012-06-09 11:28 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-06-09 11:28 . 2012-06-09 11:28 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-09 11:28 . 2012-06-09 11:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-09 11:28 . 2012-06-09 11:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-09 11:28 . 2012-06-09 11:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-09 11:28 . 2012-06-09 11:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-04 13:59 . 2010-08-17 04:45 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-18 11:39 . 2011-05-07 09:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-12 18:53 . 2010-07-12 18:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-14 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-15 345384]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-07-09 440864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-11 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-06-18 3559936]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-05-05 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-05-05 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-04 173288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Payal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_49762599.lnk - c:\users\Payal\AppData\Local\Temp\_uninst_49762599.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UWTDAPOW
*Deregistered* - uwtdapow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 09:56]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 09:56]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-465328401-2053620946-3148916402-1000Core.job
- c:\users\Payal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 10:02]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-465328401-2053620946-3148916402-1000UA.job
- c:\users\Payal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 10:02]
.
2012-07-11 c:\windows\Tasks\pjvuqunmp.job
- c:\windows\system32\msswchs.dll [2012-05-30 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.149.208.92 202.149.208.91
FF - ProfilePath - c:\users\Payal\AppData\Roaming\Mozilla\Firefox\Profiles\8xnpv8op.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 13:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x5EE2C35F
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-465328401-2053620946-3148916402-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29D64A71-9AF6-3F56-2D51-121F139BD91E}*]
"hampogpbdfdeianf"=hex:6b,61,61,63,66,62,65,6a,69,64,64,65,66,67,6e,6a,6f,70,
63,70,64,70,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
- - - - - - - > 'Explorer.exe'(5700)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Completion time: 2012-07-12 13:56:16
ComboFix-quarantined-files.txt 2012-07-12 08:26
.
Pre-Run: 54,961,360,896 bytes free
Post-Run: 54,943,494,144 bytes free
.
- - End Of File - - 89F068253EDE00E32B2E90768347C9B1

#8 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 12 July 2012 - 04:04 AM

i can see that the websites that i am redirected by rocketnews.com are stored in the cookies..i tried deleting them,but they store themselves again..

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 12 July 2012 - 12:18 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 13 July 2012 - 01:19 AM

11:20:16.0782 0976 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:20:17.0281 0976 ============================================================
11:20:17.0281 0976 Current date / time: 2012/07/13 11:20:17.0281
11:20:17.0281 0976 SystemInfo:
11:20:17.0281 0976
11:20:17.0281 0976 OS Version: 6.0.6002 ServicePack: 2.0
11:20:17.0281 0976 Product type: Workstation
11:20:17.0281 0976 ComputerName: PAYAL-
11:20:17.0281 0976 UserName: Payal
11:20:17.0281 0976 Windows directory: C:\Windows
11:20:17.0281 0976 System windows directory: C:\Windows
11:20:17.0281 0976 Processor architecture: Intel x86
11:20:17.0281 0976 Number of processors: 2
11:20:17.0281 0976 Page size: 0x1000
11:20:17.0281 0976 Boot type: Normal boot
11:20:17.0281 0976 ============================================================
11:20:17.0734 0976 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:20:17.0734 0976 ============================================================
11:20:17.0734 0976 \Device\Harddisk0\DR0:
11:20:17.0734 0976 MBR partitions:
11:20:17.0734 0976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1802000, BlocksNum 0x178D97F8
11:20:17.0734 0976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x190DB800, BlocksNum 0xC352000
11:20:17.0734 0976 ============================================================
11:20:17.0905 0976 C: <-> \Device\Harddisk0\DR0\Partition0
11:20:18.0077 0976 E: <-> \Device\Harddisk0\DR0\Partition1
11:20:18.0077 0976 ============================================================
11:20:18.0077 0976 Initialize success
11:20:18.0077 0976 ============================================================
11:21:32.0030 2956 ============================================================
11:21:32.0030 2956 Scan started
11:21:32.0030 2956 Mode: Manual;
11:21:32.0030 2956 ============================================================
11:21:33.0156 2956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:21:33.0159 2956 ACPI - ok
11:21:33.0248 2956 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:21:33.0252 2956 adp94xx - ok
11:21:33.0292 2956 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:21:33.0296 2956 adpahci - ok
11:21:33.0321 2956 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:21:33.0323 2956 adpu160m - ok
11:21:33.0365 2956 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:21:33.0379 2956 adpu320 - ok
11:21:33.0444 2956 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:21:33.0445 2956 AeLookupSvc - ok
11:21:33.0524 2956 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:21:33.0528 2956 AFD - ok
11:21:33.0629 2956 AgereModemAudio (9c9d3b7a05445b1ab2df4d0c4d6b77e8) C:\Program Files\LSI SoftModem\agrsmsvc.exe
11:21:33.0630 2956 AgereModemAudio - ok
11:21:33.0716 2956 AgereSoftModem (724262247645120a28c2743b7278a91a) C:\Windows\system32\DRIVERS\AGRSM.sys
11:21:33.0731 2956 AgereSoftModem - ok
11:21:33.0910 2956 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:21:33.0911 2956 agp440 - ok
11:21:33.0942 2956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:21:33.0944 2956 aic78xx - ok
11:21:33.0990 2956 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:21:33.0991 2956 ALG - ok
11:21:34.0049 2956 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:21:34.0049 2956 aliide - ok
11:21:34.0098 2956 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:21:34.0099 2956 amdagp - ok
11:21:34.0132 2956 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:21:34.0133 2956 amdide - ok
11:21:34.0201 2956 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:21:34.0202 2956 AmdK7 - ok
11:21:34.0251 2956 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:21:34.0252 2956 AmdK8 - ok
11:21:34.0315 2956 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:21:34.0316 2956 Appinfo - ok
11:21:34.0407 2956 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:21:34.0408 2956 arc - ok
11:21:34.0483 2956 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:21:34.0484 2956 arcsas - ok
11:21:34.0539 2956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:21:34.0539 2956 AsyncMac - ok
11:21:34.0591 2956 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
11:21:34.0592 2956 atapi - ok
11:21:34.0730 2956 athr (d6ed40129c5f70a7485185bab27b8330) C:\Windows\system32\DRIVERS\athr.sys
11:21:34.0746 2956 athr - ok
11:21:34.0811 2956 ATSWPDRV (73742099982cf514512e1941f2862c33) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
11:21:34.0812 2956 ATSWPDRV - ok
11:21:34.0938 2956 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:21:34.0958 2956 AudioEndpointBuilder - ok
11:21:34.0965 2956 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:21:34.0968 2956 Audiosrv - ok
11:21:35.0029 2956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:21:35.0030 2956 Beep - ok
11:21:35.0121 2956 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:21:35.0125 2956 BFE - ok
11:21:35.0186 2956 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
11:21:35.0197 2956 BITS - ok
11:21:35.0226 2956 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:21:35.0227 2956 blbdrive - ok
11:21:35.0303 2956 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:21:35.0304 2956 bowser - ok
11:21:35.0355 2956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:21:35.0356 2956 BrFiltLo - ok
11:21:35.0376 2956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:21:35.0376 2956 BrFiltUp - ok
11:21:35.0409 2956 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:21:35.0410 2956 Browser - ok
11:21:35.0466 2956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:21:35.0467 2956 Brserid - ok
11:21:35.0491 2956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:21:35.0492 2956 BrSerWdm - ok
11:21:35.0507 2956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:21:35.0508 2956 BrUsbMdm - ok
11:21:35.0533 2956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:21:35.0534 2956 BrUsbSer - ok
11:21:35.0618 2956 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
11:21:35.0619 2956 BthEnum - ok
11:21:35.0637 2956 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
11:21:35.0638 2956 BTHMODEM - ok
11:21:35.0662 2956 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:21:35.0664 2956 BthPan - ok
11:21:35.0715 2956 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
11:21:35.0722 2956 BTHPORT - ok
11:21:35.0834 2956 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
11:21:35.0835 2956 BthServ - ok
11:21:35.0864 2956 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
11:21:35.0865 2956 BTHUSB - ok
11:21:35.0913 2956 btwaudio (f97a9c093e79bf117d9f26f2d31dca5e) C:\Windows\system32\drivers\btwaudio.sys
11:21:35.0914 2956 btwaudio - ok
11:21:35.0965 2956 btwavdt (143c4c1ee6d131eca8b4ab5f80b3f910) C:\Windows\system32\drivers\btwavdt.sys
11:21:35.0967 2956 btwavdt - ok
11:21:36.0167 2956 btwdins (b6c870ee321aa8678198ea003dcfbb02) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:21:36.0174 2956 btwdins - ok
11:21:36.0230 2956 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:21:36.0255 2956 btwl2cap - ok
11:21:36.0298 2956 btwrchid (97cf6c5d3b443344497f1f53e5d0ed50) C:\Windows\system32\DRIVERS\btwrchid.sys
11:21:36.0299 2956 btwrchid - ok
11:21:36.0444 2956 catchme - ok
11:21:36.0523 2956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:21:36.0524 2956 cdfs - ok
11:21:36.0581 2956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:21:36.0582 2956 cdrom - ok
11:21:36.0653 2956 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:21:36.0654 2956 CertPropSvc - ok
11:21:36.0673 2956 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:21:36.0674 2956 circlass - ok
11:21:36.0745 2956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:21:36.0748 2956 CLFS - ok
11:21:36.0860 2956 CLHNService (d8e2af3d5baa4c683f14c5774b2cd99a) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
11:21:36.0861 2956 CLHNService - ok
11:21:36.0987 2956 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:36.0988 2956 clr_optimization_v2.0.50727_32 - ok
11:21:37.0082 2956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:21:37.0084 2956 clr_optimization_v4.0.30319_32 - ok
11:21:37.0153 2956 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:21:37.0154 2956 CmBatt - ok
11:21:37.0173 2956 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:21:37.0173 2956 cmdide - ok
11:21:37.0195 2956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:21:37.0195 2956 Compbatt - ok
11:21:37.0204 2956 COMSysApp - ok
11:21:37.0214 2956 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:21:37.0215 2956 crcdisk - ok
11:21:37.0248 2956 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:21:37.0249 2956 Crusoe - ok
11:21:37.0308 2956 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
11:21:37.0310 2956 CryptSvc - ok
11:21:37.0427 2956 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:21:37.0435 2956 DcomLaunch - ok
11:21:37.0478 2956 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:21:37.0479 2956 DfsC - ok
11:21:37.0660 2956 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:21:37.0684 2956 DFSR - ok
11:21:37.0844 2956 dgderdrv - ok
11:21:37.0959 2956 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:21:37.0962 2956 Dhcp - ok
11:21:37.0998 2956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:21:37.0999 2956 disk - ok
11:21:38.0078 2956 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
11:21:38.0078 2956 DKbFltr - ok
11:21:38.0138 2956 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:21:38.0139 2956 Dnscache - ok
11:21:38.0210 2956 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:21:38.0212 2956 dot3svc - ok
11:21:38.0408 2956 DPMemGridVista (2b3d2909393a3e35f930b78c5f260a2a) C:\Program Files\GridVista\DPMemGridVista.sys
11:21:38.0409 2956 DPMemGridVista - ok
11:21:38.0471 2956 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:21:38.0473 2956 DPS - ok
11:21:38.0512 2956 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
11:21:38.0513 2956 DritekPortIO - ok
11:21:38.0599 2956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:21:38.0599 2956 drmkaud - ok
11:21:38.0659 2956 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:21:38.0663 2956 DXGKrnl - ok
11:21:38.0693 2956 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:21:38.0696 2956 E1G60 - ok
11:21:38.0739 2956 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:21:38.0741 2956 EapHost - ok
11:21:38.0823 2956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:21:38.0825 2956 Ecache - ok
11:21:38.0967 2956 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:21:38.0972 2956 ehRecvr - ok
11:21:38.0991 2956 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:21:38.0993 2956 ehSched - ok
11:21:39.0028 2956 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:21:39.0029 2956 ehstart - ok
11:21:39.0135 2956 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:21:39.0140 2956 elxstor - ok
11:21:39.0240 2956 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:21:39.0247 2956 EMDMgmt - ok
11:21:39.0456 2956 ePowerSvc (21799b5a94d734e199eb23354df9eab0) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
11:21:39.0485 2956 ePowerSvc - ok
11:21:39.0658 2956 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:21:39.0659 2956 ErrDev - ok
11:21:39.0711 2956 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:21:39.0715 2956 EventSystem - ok
11:21:39.0798 2956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:21:39.0800 2956 exfat - ok
11:21:39.0845 2956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:21:39.0847 2956 fastfat - ok
11:21:39.0913 2956 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:21:39.0914 2956 fdc - ok
11:21:39.0944 2956 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:21:39.0945 2956 fdPHost - ok
11:21:39.0955 2956 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:21:39.0957 2956 FDResPub - ok
11:21:39.0975 2956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:21:39.0976 2956 FileInfo - ok
11:21:40.0030 2956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:21:40.0031 2956 Filetrace - ok
11:21:40.0050 2956 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:21:40.0052 2956 flpydisk - ok
11:21:40.0086 2956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:21:40.0094 2956 FltMgr - ok
11:21:40.0164 2956 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:21:40.0175 2956 FontCache - ok
11:21:40.0240 2956 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:40.0241 2956 FontCache3.0.0.0 - ok
11:21:40.0270 2956 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:21:40.0271 2956 Fs_Rec - ok
11:21:40.0354 2956 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:21:40.0355 2956 gagp30kx - ok
11:21:40.0495 2956 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:21:40.0497 2956 GoogleDesktopManager-051210-111108 - ok
11:21:40.0597 2956 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:21:40.0605 2956 gpsvc - ok
11:21:40.0665 2956 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:40.0667 2956 gupdate - ok
11:21:40.0716 2956 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:21:40.0717 2956 gupdatem - ok
11:21:40.0805 2956 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:21:40.0807 2956 gusvc - ok
11:21:40.0912 2956 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:21:40.0915 2956 HdAudAddService - ok
11:21:40.0972 2956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:21:40.0978 2956 HDAudBus - ok
11:21:41.0014 2956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:21:41.0015 2956 HidBth - ok
11:21:41.0072 2956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:21:41.0073 2956 HidIr - ok
11:21:41.0136 2956 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
11:21:41.0138 2956 hidserv - ok
11:21:41.0179 2956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:21:41.0179 2956 HidUsb - ok
11:21:41.0249 2956 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:21:41.0251 2956 hkmsvc - ok
11:21:41.0289 2956 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:21:41.0290 2956 HpCISSs - ok
11:21:41.0333 2956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:21:41.0338 2956 HTTP - ok
11:21:41.0364 2956 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:21:41.0365 2956 i2omp - ok
11:21:41.0427 2956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:21:41.0428 2956 i8042prt - ok
11:21:41.0590 2956 IAANTMON (52e8a3cc8269adb27d25182284c5e650) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:21:41.0596 2956 IAANTMON - ok
11:21:41.0619 2956 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
11:21:41.0621 2956 iaStor - ok
11:21:41.0659 2956 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:21:41.0662 2956 iaStorV - ok
11:21:41.0820 2956 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:41.0832 2956 idsvc - ok
11:21:42.0412 2956 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:21:42.0583 2956 igfx - ok
11:21:42.0786 2956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:21:42.0787 2956 iirsp - ok
11:21:42.0882 2956 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:21:42.0888 2956 IKEEXT - ok
11:21:43.0130 2956 IntcAzAudAddService (02e184ddf8285021c3ae30dd3e5858ed) C:\Windows\system32\drivers\RTKVHDA.sys
11:21:43.0145 2956 IntcAzAudAddService - ok
11:21:43.0320 2956 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
11:21:43.0321 2956 IntcHdmiAddService - ok
11:21:43.0431 2956 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:21:43.0432 2956 intelide - ok
11:21:43.0471 2956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:21:43.0472 2956 intelppm - ok
11:21:43.0549 2956 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:21:43.0551 2956 IPBusEnum - ok
11:21:43.0589 2956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:21:43.0590 2956 IpFilterDriver - ok
11:21:43.0682 2956 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:21:43.0686 2956 iphlpsvc - ok
11:21:43.0725 2956 IpInIp - ok
11:21:43.0788 2956 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:21:43.0790 2956 IPMIDRV - ok
11:21:43.0824 2956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:21:43.0826 2956 IPNAT - ok
11:21:43.0920 2956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:21:43.0920 2956 IRENUM - ok
11:21:43.0947 2956 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:21:43.0948 2956 isapnp - ok
11:21:44.0012 2956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:21:44.0013 2956 iScsiPrt - ok
11:21:44.0050 2956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:21:44.0052 2956 iteatapi - ok
11:21:44.0084 2956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:21:44.0085 2956 iteraid - ok
11:21:44.0126 2956 JMCR (ddc2f92e0b24999d69b75307e2499095) C:\Windows\system32\DRIVERS\jmcr.sys
11:21:44.0128 2956 JMCR - ok
11:21:44.0154 2956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:21:44.0155 2956 kbdclass - ok
11:21:44.0178 2956 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:21:44.0179 2956 kbdhid - ok
11:21:44.0228 2956 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:21:44.0230 2956 KeyIso - ok
11:21:44.0288 2956 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
11:21:44.0293 2956 KSecDD - ok
11:21:44.0360 2956 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:21:44.0365 2956 KtmRm - ok
11:21:44.0407 2956 L1C (d2862bf2e43718dbdd24664ef4b6c0f0) C:\Windows\system32\DRIVERS\L1C60x86.sys
11:21:44.0408 2956 L1C - ok
11:21:44.0454 2956 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:21:44.0458 2956 LanmanServer - ok
11:21:44.0494 2956 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:21:44.0499 2956 LanmanWorkstation - ok
11:21:44.0550 2956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:21:44.0551 2956 lltdio - ok
11:21:44.0577 2956 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:21:44.0581 2956 lltdsvc - ok
11:21:44.0603 2956 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:21:44.0605 2956 lmhosts - ok
11:21:44.0642 2956 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:21:44.0644 2956 LSI_FC - ok
11:21:44.0667 2956 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:21:44.0669 2956 LSI_SAS - ok
11:21:44.0764 2956 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:21:44.0765 2956 LSI_SCSI - ok
11:21:44.0788 2956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:21:44.0790 2956 luafv - ok
11:21:44.0834 2956 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:21:44.0836 2956 Mcx2Svc - ok
11:21:44.0886 2956 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:21:44.0887 2956 megasas - ok
11:21:44.0943 2956 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:21:44.0948 2956 MegaSR - ok
11:21:45.0034 2956 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:21:45.0036 2956 Microsoft Office Groove Audit Service - ok
11:21:45.0113 2956 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:21:45.0115 2956 MMCSS - ok
11:21:45.0146 2956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:21:45.0146 2956 Modem - ok
11:21:45.0160 2956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:21:45.0161 2956 monitor - ok
11:21:45.0178 2956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:21:45.0178 2956 mouclass - ok
11:21:45.0197 2956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:21:45.0198 2956 mouhid - ok
11:21:45.0212 2956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:21:45.0213 2956 MountMgr - ok
11:21:45.0297 2956 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:21:45.0299 2956 MozillaMaintenance - ok
11:21:45.0330 2956 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:21:45.0332 2956 mpio - ok
11:21:45.0365 2956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:21:45.0366 2956 mpsdrv - ok
11:21:45.0416 2956 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:21:45.0432 2956 MpsSvc - ok
11:21:45.0491 2956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:21:45.0492 2956 Mraid35x - ok
11:21:45.0585 2956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:21:45.0587 2956 MRxDAV - ok
11:21:45.0649 2956 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:21:45.0651 2956 mrxsmb - ok
11:21:45.0768 2956 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:21:45.0771 2956 mrxsmb10 - ok
11:21:45.0800 2956 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:21:45.0802 2956 mrxsmb20 - ok
11:21:45.0839 2956 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
11:21:45.0840 2956 msahci - ok
11:21:45.0866 2956 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:21:45.0867 2956 msdsm - ok
11:21:45.0914 2956 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:21:45.0916 2956 MSDTC - ok
11:21:45.0936 2956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:21:45.0936 2956 Msfs - ok
11:21:45.0954 2956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:21:45.0955 2956 msisadrv - ok
11:21:46.0019 2956 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:21:46.0022 2956 MSiSCSI - ok
11:21:46.0027 2956 msiserver - ok
11:21:46.0058 2956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:21:46.0059 2956 MSKSSRV - ok
11:21:46.0122 2956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:21:46.0123 2956 MSPCLOCK - ok
11:21:46.0179 2956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:21:46.0180 2956 MSPQM - ok
11:21:46.0343 2956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:21:46.0345 2956 MsRPC - ok
11:21:46.0385 2956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:21:46.0386 2956 mssmbios - ok
11:21:46.0402 2956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:21:46.0403 2956 MSTEE - ok
11:21:46.0434 2956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:21:46.0435 2956 Mup - ok
11:21:46.0469 2956 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:21:46.0470 2956 mwlPSDFilter - ok
11:21:46.0530 2956 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:21:46.0531 2956 mwlPSDNServ - ok
11:21:46.0575 2956 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:21:46.0576 2956 mwlPSDVDisk - ok
11:21:46.0711 2956 MWLService (fd257cd94057d02108b954156d7b2770) C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
11:21:46.0714 2956 MWLService - ok
11:21:46.0760 2956 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:21:46.0765 2956 napagent - ok
11:21:46.0837 2956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:21:46.0839 2956 NativeWifiP - ok
11:21:46.0911 2956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:21:46.0919 2956 NDIS - ok
11:21:46.0957 2956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:21:46.0958 2956 NdisTapi - ok
11:21:46.0969 2956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:21:46.0970 2956 Ndisuio - ok
11:21:47.0013 2956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:21:47.0015 2956 NdisWan - ok
11:21:47.0037 2956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:21:47.0038 2956 NDProxy - ok
11:21:47.0048 2956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:21:47.0049 2956 NetBIOS - ok
11:21:47.0087 2956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:21:47.0090 2956 netbt - ok
11:21:47.0129 2956 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:21:47.0130 2956 Netlogon - ok
11:21:47.0216 2956 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:21:47.0230 2956 Netman - ok
11:21:47.0257 2956 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:21:47.0262 2956 netprofm - ok
11:21:47.0400 2956 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:47.0402 2956 NetTcpPortSharing - ok
11:21:47.0786 2956 NETw5v32 (ba420e8ebfcad35581fe8e4c64f71469) C:\Windows\system32\DRIVERS\NETw5v32.sys
11:21:47.0853 2956 NETw5v32 - ok
11:21:48.0015 2956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:21:48.0016 2956 nfrd960 - ok
11:21:48.0104 2956 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:21:48.0107 2956 NlaSvc - ok
11:21:48.0262 2956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:21:48.0263 2956 Npfs - ok
11:21:48.0334 2956 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:21:48.0337 2956 nsi - ok
11:21:48.0361 2956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:21:48.0362 2956 nsiproxy - ok
11:21:48.0661 2956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:21:48.0695 2956 Ntfs - ok
11:21:48.0885 2956 NTI IScheduleSvc (e4b2084dff97db30fc8d6577ebcd7006) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
11:21:48.0899 2956 NTI IScheduleSvc - ok
11:21:48.0995 2956 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:21:48.0997 2956 NTIBackupSvc - ok
11:21:49.0167 2956 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
11:21:49.0168 2956 NTIDrvr - ok
11:21:49.0325 2956 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:21:49.0368 2956 NTISchedulerSvc - ok
11:21:49.0449 2956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:21:49.0450 2956 ntrigdigi - ok
11:21:49.0503 2956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:21:49.0504 2956 Null - ok
11:21:49.0606 2956 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:21:49.0607 2956 nvraid - ok
11:21:49.0705 2956 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:21:49.0706 2956 nvstor - ok
11:21:49.0738 2956 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:21:49.0740 2956 nv_agp - ok
11:21:49.0762 2956 NwlnkFlt - ok
11:21:49.0771 2956 NwlnkFwd - ok
11:21:49.0935 2956 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:21:49.0941 2956 odserv - ok
11:21:50.0034 2956 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:21:50.0036 2956 ohci1394 - ok
11:21:50.0175 2956 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:50.0177 2956 ose - ok
11:21:50.0346 2956 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:21:50.0355 2956 p2pimsvc - ok
11:21:50.0451 2956 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:21:50.0457 2956 p2psvc - ok
11:21:50.0515 2956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:21:50.0516 2956 Parport - ok
11:21:50.0612 2956 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:21:50.0613 2956 partmgr - ok
11:21:50.0720 2956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:21:50.0721 2956 Parvdm - ok
11:21:50.0801 2956 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:21:50.0803 2956 PcaSvc - ok
11:21:50.0901 2956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:21:50.0902 2956 pci - ok
11:21:50.0954 2956 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:21:50.0954 2956 pciide - ok
11:21:51.0096 2956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:21:51.0099 2956 pcmcia - ok
11:21:51.0265 2956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:21:51.0296 2956 PEAUTH - ok
11:21:51.0455 2956 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:21:51.0486 2956 pla - ok
11:21:51.0725 2956 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:21:51.0730 2956 PlugPlay - ok
11:21:51.0888 2956 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:21:51.0894 2956 PNRPAutoReg - ok
11:21:51.0948 2956 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:21:51.0954 2956 PNRPsvc - ok
11:21:52.0090 2956 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:21:52.0095 2956 PolicyAgent - ok
11:21:52.0205 2956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:21:52.0206 2956 PptpMiniport - ok
11:21:52.0286 2956 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:21:52.0288 2956 Processor - ok
11:21:52.0482 2956 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:21:52.0486 2956 ProfSvc - ok
11:21:52.0573 2956 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:21:52.0575 2956 ProtectedStorage - ok
11:21:52.0729 2956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:21:52.0730 2956 PSched - ok
11:21:52.0911 2956 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:21:52.0925 2956 ql2300 - ok
11:21:52.0982 2956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:21:52.0984 2956 ql40xx - ok
11:21:53.0084 2956 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:21:53.0090 2956 QWAVE - ok
11:21:53.0167 2956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:21:53.0168 2956 QWAVEdrv - ok
11:21:53.0221 2956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:21:53.0222 2956 RasAcd - ok
11:21:53.0302 2956 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:21:53.0305 2956 RasAuto - ok
11:21:53.0340 2956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:21:53.0342 2956 Rasl2tp - ok
11:21:53.0455 2956 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:21:53.0460 2956 RasMan - ok
11:21:53.0541 2956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:21:53.0542 2956 RasPppoe - ok
11:21:53.0667 2956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:21:53.0668 2956 RasSstp - ok
11:21:53.0872 2956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:21:53.0876 2956 rdbss - ok
11:21:53.0969 2956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:21:53.0970 2956 RDPCDD - ok
11:21:54.0067 2956 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:21:54.0070 2956 rdpdr - ok
11:21:54.0109 2956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:21:54.0110 2956 RDPENCDD - ok
11:21:54.0195 2956 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
11:21:54.0210 2956 RDPWD - ok
11:21:54.0294 2956 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:21:54.0296 2956 RemoteAccess - ok
11:21:54.0400 2956 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:21:54.0403 2956 RemoteRegistry - ok
11:21:54.0489 2956 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
11:21:54.0492 2956 RFCOMM - ok
11:21:54.0590 2956 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
11:21:54.0591 2956 RimUsb - ok
11:21:54.0663 2956 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:21:54.0664 2956 RpcLocator - ok
11:21:54.0791 2956 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:21:54.0797 2956 RpcSs - ok
11:21:54.0888 2956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:21:54.0889 2956 rspndr - ok
11:21:54.0983 2956 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:21:54.0984 2956 SamSs - ok
11:21:55.0056 2956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:21:55.0057 2956 sbp2port - ok
11:21:55.0116 2956 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
11:21:55.0117 2956 SBRE - ok
11:21:55.0208 2956 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:21:55.0236 2956 SCardSvr - ok
11:21:55.0406 2956 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:21:55.0432 2956 Schedule - ok
11:21:55.0487 2956 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:21:55.0488 2956 SCPolicySvc - ok
11:21:55.0606 2956 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
11:21:55.0608 2956 sdbus - ok
11:21:55.0688 2956 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:21:55.0691 2956 SDRSVC - ok
11:21:55.0768 2956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:21:55.0769 2956 secdrv - ok
11:21:55.0876 2956 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:21:55.0879 2956 seclogon - ok
11:21:55.0980 2956 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:21:55.0982 2956 SENS - ok
11:21:56.0037 2956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:21:56.0038 2956 Serenum - ok
11:21:56.0091 2956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:21:56.0093 2956 Serial - ok
11:21:56.0169 2956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:21:56.0170 2956 sermouse - ok
11:21:56.0270 2956 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:21:56.0273 2956 SessionEnv - ok
11:21:56.0376 2956 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:21:56.0377 2956 sffdisk - ok
11:21:56.0448 2956 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:21:56.0449 2956 sffp_mmc - ok
11:21:56.0497 2956 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:21:56.0498 2956 sffp_sd - ok
11:21:56.0577 2956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:21:56.0578 2956 sfloppy - ok
11:21:56.0700 2956 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:21:56.0704 2956 SharedAccess - ok
11:21:56.0747 2956 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:21:56.0752 2956 ShellHWDetection - ok
11:21:56.0877 2956 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:21:56.0878 2956 sisagp - ok
11:21:56.0921 2956 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:21:56.0923 2956 SiSRaid2 - ok
11:21:57.0051 2956 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:21:57.0053 2956 SiSRaid4 - ok
11:21:57.0659 2956 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:21:57.0756 2956 slsvc - ok
11:21:58.0041 2956 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:21:58.0044 2956 SLUINotify - ok
11:21:58.0175 2956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:21:58.0176 2956 Smb - ok
11:21:58.0262 2956 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:21:58.0265 2956 SNMPTRAP - ok
11:21:58.0296 2956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:21:58.0296 2956 spldr - ok
11:21:58.0358 2956 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:21:58.0371 2956 Spooler - ok
11:21:58.0409 2956 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:21:58.0413 2956 srv - ok
11:21:58.0476 2956 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:21:58.0478 2956 srv2 - ok
11:21:58.0510 2956 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:21:58.0512 2956 srvnet - ok
11:21:58.0582 2956 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:21:58.0586 2956 SSDPSRV - ok
11:21:58.0651 2956 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:21:58.0655 2956 SstpSvc - ok
11:21:58.0946 2956 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:21:58.0954 2956 stisvc - ok
11:21:58.0995 2956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:21:58.0996 2956 swenum - ok
11:21:59.0049 2956 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:21:59.0055 2956 swprv - ok
11:21:59.0089 2956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:21:59.0090 2956 Symc8xx - ok
11:21:59.0108 2956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:21:59.0109 2956 Sym_hi - ok
11:21:59.0125 2956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:21:59.0126 2956 Sym_u3 - ok
11:21:59.0158 2956 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
11:21:59.0160 2956 SynTP - ok
11:21:59.0222 2956 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:21:59.0244 2956 SysMain - ok
11:21:59.0287 2956 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:21:59.0290 2956 TabletInputService - ok
11:21:59.0509 2956 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:21:59.0528 2956 TapiSrv - ok
11:21:59.0567 2956 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:21:59.0570 2956 TBS - ok
11:21:59.0685 2956 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:21:59.0697 2956 Tcpip - ok
11:21:59.0709 2956 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:21:59.0715 2956 Tcpip6 - ok
11:21:59.0758 2956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:21:59.0759 2956 tcpipreg - ok
11:21:59.0793 2956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:21:59.0794 2956 TDPIPE - ok
11:21:59.0817 2956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:21:59.0818 2956 TDTCP - ok
11:21:59.0856 2956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:21:59.0858 2956 tdx - ok
11:21:59.0932 2956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:21:59.0933 2956 TermDD - ok
11:22:00.0181 2956 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:22:00.0189 2956 TermService - ok
11:22:00.0257 2956 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:22:00.0261 2956 Themes - ok
11:22:00.0283 2956 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:22:00.0285 2956 THREADORDER - ok
11:22:00.0312 2956 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:22:00.0315 2956 TrkWks - ok
11:22:00.0359 2956 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:22:00.0360 2956 TrustedInstaller - ok
11:22:00.0400 2956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:22:00.0401 2956 tssecsrv - ok
11:22:00.0442 2956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:22:00.0442 2956 tunmp - ok
11:22:00.0492 2956 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:22:00.0493 2956 tunnel - ok
11:22:00.0529 2956 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:22:00.0530 2956 uagp35 - ok
11:22:00.0552 2956 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
11:22:00.0553 2956 UBHelper - ok
11:22:00.0644 2956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:22:00.0654 2956 udfs - ok
11:22:00.0687 2956 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:22:00.0691 2956 UI0Detect - ok
11:22:00.0714 2956 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:22:00.0715 2956 uliagpkx - ok
11:22:00.0848 2956 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:22:00.0851 2956 uliahci - ok
11:22:00.0875 2956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:22:00.0877 2956 UlSata - ok
11:22:00.0900 2956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:22:00.0902 2956 ulsata2 - ok
11:22:00.0930 2956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:22:00.0931 2956 umbus - ok
11:22:00.0992 2956 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:22:00.0997 2956 upnphost - ok
11:22:01.0067 2956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:22:01.0069 2956 usbccgp - ok
11:22:01.0087 2956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:22:01.0089 2956 usbcir - ok
11:22:01.0148 2956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:22:01.0149 2956 usbehci - ok
11:22:01.0173 2956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:22:01.0176 2956 usbhub - ok
11:22:01.0212 2956 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:22:01.0213 2956 usbohci - ok
11:22:01.0241 2956 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:22:01.0242 2956 usbprint - ok
11:22:01.0274 2956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:22:01.0289 2956 USBSTOR - ok
11:22:01.0310 2956 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:22:01.0310 2956 usbuhci - ok
11:22:01.0359 2956 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:22:01.0361 2956 usbvideo - ok
11:22:01.0398 2956 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:22:01.0419 2956 UxSms - ok
11:22:01.0469 2956 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:22:01.0476 2956 vds - ok
11:22:01.0540 2956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:22:01.0541 2956 vga - ok
11:22:01.0626 2956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:22:01.0627 2956 VgaSave - ok
11:22:01.0666 2956 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:22:01.0668 2956 viaagp - ok
11:22:01.0778 2956 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:22:01.0779 2956 ViaC7 - ok
11:22:01.0850 2956 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:22:01.0851 2956 viaide - ok
11:22:01.0919 2956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:22:01.0920 2956 volmgr - ok
11:22:02.0146 2956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:22:02.0156 2956 volmgrx - ok
11:22:02.0256 2956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:22:02.0259 2956 volsnap - ok
11:22:02.0365 2956 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:22:02.0367 2956 vsmraid - ok
11:22:02.0678 2956 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:22:02.0708 2956 VSS - ok
11:22:02.0854 2956 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:22:02.0860 2956 W32Time - ok
11:22:02.0976 2956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:22:02.0977 2956 WacomPen - ok
11:22:03.0020 2956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:03.0022 2956 Wanarp - ok
11:22:03.0051 2956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:22:03.0052 2956 Wanarpv6 - ok
11:22:03.0170 2956 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:22:03.0178 2956 wcncsvc - ok
11:22:03.0267 2956 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:22:03.0270 2956 WcsPlugInService - ok
11:22:03.0349 2956 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:22:03.0363 2956 Wd - ok
11:22:03.0483 2956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:22:03.0489 2956 Wdf01000 - ok
11:22:03.0585 2956 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:22:03.0588 2956 WdiServiceHost - ok
11:22:03.0627 2956 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:22:03.0630 2956 WdiSystemHost - ok
11:22:03.0729 2956 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:22:03.0733 2956 WebClient - ok
11:22:03.0866 2956 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:22:03.0870 2956 Wecsvc - ok
11:22:03.0923 2956 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:22:03.0926 2956 wercplsupport - ok
11:22:04.0073 2956 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:22:04.0076 2956 WerSvc - ok
11:22:04.0225 2956 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:22:04.0229 2956 WinDefend - ok
11:22:04.0249 2956 WinHttpAutoProxySvc - ok
11:22:04.0432 2956 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:22:04.0434 2956 Winmgmt - ok
11:22:05.0125 2956 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:22:05.0172 2956 WinRM - ok
11:22:05.0475 2956 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:22:05.0529 2956 Wlansvc - ok
11:22:05.0625 2956 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:22:05.0625 2956 WmiAcpi - ok
11:22:05.0975 2956 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:22:05.0980 2956 wmiApSrv - ok
11:22:06.0245 2956 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:22:06.0256 2956 WMPNetworkSvc - ok
11:22:06.0492 2956 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:22:06.0524 2956 WPCSvc - ok
11:22:06.0659 2956 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:22:06.0663 2956 WPDBusEnum - ok
11:22:06.0811 2956 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:22:06.0813 2956 WpdUsb - ok
11:22:07.0254 2956 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:22:07.0307 2956 WPFFontCache_v0400 - ok
11:22:07.0377 2956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:22:07.0378 2956 ws2ifsl - ok
11:22:07.0456 2956 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
11:22:07.0459 2956 wscsvc - ok
11:22:07.0478 2956 WSearch - ok
11:22:07.0801 2956 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:22:07.0867 2956 wuauserv - ok
11:22:07.0997 2956 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:22:07.0998 2956 WUDFRd - ok
11:22:08.0077 2956 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:22:08.0080 2956 wudfsvc - ok
11:22:08.0179 2956 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:22:08.0350 2956 \Device\Harddisk0\DR0 - ok
11:22:08.0363 2956 Boot (0x1200) (97d3f8b737f186f46203ef5827d14986) \Device\Harddisk0\DR0\Partition0
11:22:08.0378 2956 \Device\Harddisk0\DR0\Partition0 - ok
11:22:08.0435 2956 Boot (0x1200) (622c821be4ad1d939f792aaca06d784e) \Device\Harddisk0\DR0\Partition1
11:22:08.0437 2956 \Device\Harddisk0\DR0\Partition1 - ok
11:22:08.0456 2956 ============================================================
11:22:08.0456 2956 Scan finished
11:22:08.0456 2956 ============================================================
11:22:08.0501 3508 Detected object count: 0
11:22:08.0501 3508 Actual detected object count: 0

#11 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 13 July 2012 - 01:21 AM

i have sent the tdsskiller eport.The aswmbr is taking time to download avast!virus definitions database....i will send the report of it as soon as its done

#12 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 13 July 2012 - 01:46 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 11:26:47
-----------------------------
11:26:47.438 OS Version: Windows 6.0.6002 Service Pack 2
11:26:47.438 Number of processors: 2 586 0x170A
11:26:47.439 ComputerName: PAYAL- UserName: Payal
11:26:48.885 Initialize success
12:06:36.610 AVAST engine defs: 12071201
12:07:18.292 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:07:18.297 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
12:07:18.308 Disk 0 MBR read successfully
12:07:18.310 Disk 0 MBR scan
12:07:18.316 Disk 0 Windows VISTA default MBR code
12:07:18.319 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
12:07:18.330 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 192946 MB offset 25174016
12:07:18.353 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 100004 MB offset 420329472
12:07:18.358 Disk 0 scanning sectors +625137664
12:07:18.437 Disk 0 scanning C:\Windows\system32\drivers
12:07:28.822 Service scanning
12:08:01.865 Modules scanning
12:08:24.944 Disk 0 trace - called modules:
12:08:24.966 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:08:24.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8cbf20c0]
12:08:24.967 3 CLASSPNP.SYS[911a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8c0f3028]
12:08:26.059 AVAST engine scan C:\Windows
12:08:37.905 AVAST engine scan C:\Windows\system32
12:11:36.745 AVAST engine scan C:\Windows\system32\drivers
12:11:49.279 AVAST engine scan C:\Users\Payal
12:13:46.185 AVAST engine scan C:\ProgramData
12:15:58.965 Scan finished successfully
12:16:24.424 Disk 0 MBR has been saved successfully to "C:\Users\Payal\Desktop\MBR.dat"
12:16:24.428 The log file has been saved successfully to "C:\Users\Payal\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:37 AM

Posted 13 July 2012 - 02:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Payal\AppData\Roaming\Mozilla\Firefox\Profiles\8xnpv8op.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com

RegNull::
[HKEY_USERS\S-1-5-21-465328401-2053620946-3148916402-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{29D64A71-9AF6-3F56-2D51-121F139BD91E}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 14 July 2012 - 01:25 AM

ComboFix 12-07-11.03 - Payal 14-07-2012 11:46:16.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.3001.1852 [GMT 5.5:30]
Running from: c:\users\Payal\Downloads\ComboFix.exe
Command switches used :: c:\users\Payal\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 06:21 . 2012-07-14 06:21 -------- d-----w- c:\users\Payal\AppData\Local\temp
2012-07-14 06:21 . 2012-07-14 06:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 05:42 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:41 . 2012-01-12 03:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-11 13:41 . 2012-07-11 13:41 -------- d-----w- c:\program files\Common Files\iS3
2012-07-11 13:41 . 2012-07-12 06:53 -------- d-----w- c:\programdata\STOPzilla!
2012-07-11 11:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:20 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:20 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:20 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:20 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 11:20 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 10:26 . 2012-07-08 10:26 -------- d-----w- c:\users\Payal\jagexcache
2012-07-08 10:04 . 2012-07-08 10:04 -------- d-----w- c:\windows\system32\Adobe
2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-30 09:07 . 2012-06-30 09:07 -------- d-----w- c:\users\Payal\AppData\Roaming\PC Cleaners
2012-06-30 08:50 . 2012-06-30 09:07 -------- d-----w- c:\users\Payal\AppData\Roaming\PCPro
2012-06-30 08:50 . 2012-06-30 08:50 4448056 ----a-w- c:\windows\uninst.exe
2012-06-30 08:50 . 2012-06-30 08:50 -------- d-----w- c:\programdata\PC1Data
2012-06-29 13:09 . 2012-06-29 13:09 -------- d-----w- c:\programdata\Ask
2012-06-29 13:08 . 2012-06-29 13:08 -------- d-----w- c:\program files\Common Files\Java
2012-06-29 13:08 . 2012-06-29 13:08 -------- d-----w- c:\program files\Oracle
2012-06-29 13:08 . 2012-05-04 13:59 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-29 13:07 . 2012-06-29 13:07 -------- d-----w- c:\program files\Java
2012-06-29 09:22 . 2012-06-29 12:19 -------- d-----w- c:\program files\PC Tools
2012-06-29 06:56 . 2012-06-29 12:19 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-29 06:56 . 2012-05-11 05:44 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-29 06:51 . 2012-06-29 12:17 -------- d-----w- c:\programdata\PC Tools
2012-06-29 06:51 . 2012-06-29 06:51 -------- d-----w- c:\users\Payal\AppData\Roaming\TestApp
2012-06-25 11:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 11:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 11:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 11:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 11:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-25 11:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 11:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 11:50 . 2012-06-02 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 11:50 . 2012-06-02 09:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 11:23 . 2012-06-25 11:23 -------- d-----w- c:\users\Payal\AppData\Roaming\Malwarebytes
2012-06-25 11:23 . 2012-06-25 11:23 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 11:50 . 2012-06-09 11:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-09 11:50 . 2012-06-09 11:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-09 11:50 . 2012-06-09 11:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-09 11:50 . 2012-06-09 11:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-09 11:50 . 2012-06-09 11:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-09 11:50 . 2012-06-09 11:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-09 11:50 . 2012-06-09 11:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-09 11:50 . 2012-06-09 11:50 367104 ----a-w- c:\windows\system32\html.iec
2012-06-09 11:50 . 2012-06-09 11:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-09 11:50 . 2012-06-09 11:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-09 11:50 . 2012-06-09 11:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-09 11:50 . 2012-06-09 11:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-09 11:50 . 2012-06-09 11:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-09 11:50 . 2012-06-09 11:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-09 11:50 . 2012-06-09 11:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-09 11:50 . 2012-06-09 11:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-09 11:29 . 2012-06-09 11:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-06-09 11:29 . 2012-06-09 11:29 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-09 11:29 . 2012-06-09 11:29 586240 ----a-w- c:\windows\system32\stobject.dll
2012-06-09 11:29 . 2012-06-09 11:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-06-09 11:29 . 2012-06-09 11:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-06-09 11:29 . 2012-06-09 11:29 2873344 ----a-w- c:\windows\system32\mf.dll
2012-06-09 11:29 . 2012-06-09 11:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-06-09 11:29 . 2012-06-09 11:29 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-06-09 11:29 . 2012-06-09 11:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-06-09 11:29 . 2012-06-09 11:29 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-06-09 11:29 . 2012-06-09 11:29 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-06-09 11:29 . 2012-06-09 11:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-06-09 11:29 . 2012-06-09 11:29 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-06-09 11:29 . 2012-06-09 11:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-06-09 11:29 . 2012-06-09 11:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-06-09 11:29 . 2012-06-09 11:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-06-09 11:29 . 2012-06-09 11:29 37376 ----a-w- c:\windows\system32\cdd.dll
2012-06-09 11:29 . 2012-06-09 11:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-06-09 11:29 . 2012-06-09 11:29 258048 ----a-w- c:\windows\system32\winspool.drv
2012-06-09 11:29 . 2012-06-09 11:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-06-09 11:28 . 2012-06-09 11:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-09 11:28 . 2012-06-09 11:28 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-09 11:28 . 2012-06-09 11:28 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-06-09 11:28 . 2012-06-09 11:28 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-09 11:28 . 2012-06-09 11:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-09 11:28 . 2012-06-09 11:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-09 11:28 . 2012-06-09 11:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-09 11:28 . 2012-06-09 11:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-04 13:59 . 2010-08-17 04:45 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 14:03 . 2012-06-13 09:11 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 09:15 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 09:15 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 09:15 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-18 11:39 . 2011-05-07 09:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-12 18:53 . 2010-07-12 18:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-14 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-15 345384]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-07-09 440864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-11 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-06-18 3559936]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-05-05 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-05-05 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-04 173288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Payal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_49762599.lnk - c:\users\Payal\AppData\Local\Temp\_uninst_49762599.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46024092
*NewlyCreated* - ASWMBR
*Deregistered* - 46024092
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 09:56]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 09:56]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-465328401-2053620946-3148916402-1000Core.job
- c:\users\Payal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 10:02]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-465328401-2053620946-3148916402-1000UA.job
- c:\users\Payal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 10:02]
.
2012-07-13 c:\windows\Tasks\pjvuqunmp.job
- c:\windows\system32\msswchs.dll [2012-05-30 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.149.208.92 202.149.208.91
FF - ProfilePath - c:\users\Payal\AppData\Roaming\Mozilla\Firefox\Profiles\8xnpv8op.default\
FF - prefs.js: browser.startup.homepage - hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 11:51
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(648)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
- - - - - - - > 'Explorer.exe'(2936)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Completion time: 2012-07-14 11:53:49
ComboFix-quarantined-files.txt 2012-07-14 06:23
ComboFix2.txt 2012-07-12 08:26
.
Pre-Run: 54,792,871,936 bytes free
Post-Run: 54,889,263,104 bytes free
.
- - End Of File - - E610D528AF215759F032F34F17B254A3

#15 viral_1212

viral_1212
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:07 PM

Posted 14 July 2012 - 01:50 AM

This is the report after combofix was updated



ComboFix 12-07-13.03 - Payal 14-07-2012 12:11:08.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.91.1033.18.3001.1719 [GMT 5.5:30]
Running from: c:\users\Payal\Downloads\ComboFix.exe
Command switches used :: c:\users\Payal\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 06:45 . 2012-07-14 06:45 -------- d-----w- c:\users\Payal\AppData\Local\temp
2012-07-14 06:45 . 2012-07-14 06:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 05:42 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:41 . 2012-01-12 03:56 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-07-11 13:41 . 2012-07-11 13:41 -------- d-----w- c:\program files\Common Files\iS3
2012-07-11 13:41 . 2012-07-12 06:53 -------- d-----w- c:\programdata\STOPzilla!
2012-07-11 11:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:20 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:20 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:20 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:20 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 11:20 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-08 10:26 . 2012-07-08 10:26 -------- d-----w- c:\users\Payal\jagexcache
2012-07-08 10:04 . 2012-07-08 10:04 -------- d-----w- c:\windows\system32\Adobe
2012-06-30 11:40 . 2012-06-30 11:40 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-30 09:07 . 2012-06-30 09:07 -------- d-----w- c:\users\Payal\AppData\Roaming\PC Cleaners
2012-06-30 08:50 . 2012-06-30 09:07 -------- d-----w- c:\users\Payal\AppData\Roaming\PCPro
2012-06-30 08:50 . 2012-06-30 08:50 4448056 ----a-w- c:\windows\uninst.exe
2012-06-30 08:50 . 2012-06-30 08:50 -------- d-----w- c:\programdata\PC1Data
2012-06-29 13:09 . 2012-06-29 13:09 -------- d-----w- c:\programdata\Ask
2012-06-29 13:08 . 2012-06-29 13:08 -------- d-----w- c:\program files\Common Files\Java
2012-06-29 13:08 . 2012-06-29 13:08 -------- d-----w- c:\program files\Oracle
2012-06-29 13:08 . 2012-05-04 13:59 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-29 13:07 . 2012-06-29 13:07 -------- d-----w- c:\program files\Java
2012-06-29 09:22 . 2012-06-29 12:19 -------- d-----w- c:\program files\PC Tools
2012-06-29 06:56 . 2012-06-29 12:19 -------- d-----w- c:\program files\Common Files\PC Tools
2012-06-29 06:56 . 2012-05-11 05:44 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-06-29 06:51 . 2012-06-29 12:17 -------- d-----w- c:\programdata\PC Tools
2012-06-29 06:51 . 2012-06-29 06:51 -------- d-----w- c:\users\Payal\AppData\Roaming\TestApp
2012-06-25 11:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 11:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 11:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 11:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 11:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-25 11:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 11:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 11:50 . 2012-06-02 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 11:50 . 2012-06-02 09:42 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-25 11:23 . 2012-06-25 11:23 -------- d-----w- c:\users\Payal\AppData\Roaming\Malwarebytes
2012-06-25 11:23 . 2012-06-25 11:23 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 11:50 . 2012-06-09 11:50 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-09 11:50 . 2012-06-09 11:50 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-09 11:50 . 2012-06-09 11:50 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-09 11:50 . 2012-06-09 11:50 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-09 11:50 . 2012-06-09 11:50 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-09 11:50 . 2012-06-09 11:50 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-09 11:50 . 2012-06-09 11:50 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-09 11:50 . 2012-06-09 11:50 367104 ----a-w- c:\windows\system32\html.iec
2012-06-09 11:50 . 2012-06-09 11:50 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-09 11:50 . 2012-06-09 11:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-09 11:50 . 2012-06-09 11:50 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-09 11:50 . 2012-06-09 11:50 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-09 11:50 . 2012-06-09 11:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-09 11:50 . 2012-06-09 11:50 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-09 11:50 . 2012-06-09 11:50 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-09 11:50 . 2012-06-09 11:50 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-09 11:29 . 2012-06-09 11:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-06-09 11:29 . 2012-06-09 11:29 98816 ----a-w- c:\windows\system32\mfps.dll
2012-06-09 11:29 . 2012-06-09 11:29 586240 ----a-w- c:\windows\system32\stobject.dll
2012-06-09 11:29 . 2012-06-09 11:29 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-06-09 11:29 . 2012-06-09 11:29 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-06-09 11:29 . 2012-06-09 11:29 2873344 ----a-w- c:\windows\system32\mf.dll
2012-06-09 11:29 . 2012-06-09 11:29 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-06-09 11:29 . 2012-06-09 11:29 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-06-09 11:29 . 2012-06-09 11:29 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-06-09 11:29 . 2012-06-09 11:29 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-06-09 11:29 . 2012-06-09 11:29 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-06-09 11:29 . 2012-06-09 11:29 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-06-09 11:29 . 2012-06-09 11:29 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-06-09 11:29 . 2012-06-09 11:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-06-09 11:29 . 2012-06-09 11:29 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-06-09 11:29 . 2012-06-09 11:29 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-06-09 11:29 . 2012-06-09 11:29 37376 ----a-w- c:\windows\system32\cdd.dll
2012-06-09 11:29 . 2012-06-09 11:29 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-06-09 11:29 . 2012-06-09 11:29 258048 ----a-w- c:\windows\system32\winspool.drv
2012-06-09 11:29 . 2012-06-09 11:29 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-06-09 11:28 . 2012-06-09 11:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-06-09 11:28 . 2012-06-09 11:28 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-06-09 11:28 . 2012-06-09 11:28 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-06-09 11:28 . 2012-06-09 11:28 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-06-09 11:28 . 2012-06-09 11:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-06-09 11:28 . 2012-06-09 11:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-06-09 11:28 . 2012-06-09 11:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-06-09 11:28 . 2012-06-09 11:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-05-04 13:59 . 2010-08-17 04:45 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-01 14:03 . 2012-06-13 09:11 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-13 09:15 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-13 09:15 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 09:15 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-18 11:39 . 2011-05-07 09:12 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-12 18:53 . 2010-07-12 18:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-15 06:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-14 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-15 345384]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-07-09 440864]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-04-11 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-06-18 3559936]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-05-05 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-05-05 206120]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-04 173288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-28 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Payal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_49762599.lnk - c:\users\Payal\AppData\Local\Temp\_uninst_49762599.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46024092
*NewlyCreated* - ASWMBR
*Deregistered* - 46024092
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 09:56]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 09:56]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-465328401-2053620946-3148916402-1000Core.job
- c:\users\Payal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 10:02]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-465328401-2053620946-3148916402-1000UA.job
- c:\users\Payal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 10:02]
.
2012-07-13 c:\windows\Tasks\pjvuqunmp.job
- c:\windows\system32\msswchs.dll [2012-05-30 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.149.208.92 202.149.208.91
FF - ProfilePath - c:\users\Payal\AppData\Roaming\Mozilla\Firefox\Profiles\8xnpv8op.default\
FF - prefs.js: browser.startup.homepage - hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d
FF - prefs.js: keyword.URL - hxxp://eis.esnips.com/page/search_provider/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 12:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(648)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
- - - - - - - > 'Explorer.exe'(2604)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll
.
Completion time: 2012-07-14 12:17:44
ComboFix-quarantined-files.txt 2012-07-14 06:47
ComboFix2.txt 2012-07-14 06:23
ComboFix3.txt 2012-07-12 08:26
.
Pre-Run: 54,914,146,304 bytes free
Post-Run: 54,882,791,424 bytes free
.
- - End Of File - - DEE3E9E7F1B0A834F9262DCFFAFFE9FA




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users