Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected with MisVh55.exe


  • This topic is locked This topic is locked
47 replies to this topic

#1 mukesh51

mukesh51

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 02 December 2013 - 07:38 AM

Hi There,

       Seems like my computer is infected with Virus of filename "MisVh55.exe". The system time has been reset to April 17 2002 and whenever I try to visit any of the site (for example:- www.google.com), the browser warning comes that the certificate of the site is invalid.

 

In a haste, I did the following actions.

1) Tried running MBAM, but it was not able to identify any issues.

2) ran "ComboFix". it identified the virus and removed the corrupted files, but on restart of the system, MisVh55.exe did show up again.

3) I tried running the system restore twice. The System restore completed successfully, but the issue still seems to be there. Even after the system restore the system clock is back to April 17 2002 and if I visit google, it gives the invalid certificate message.

 

Could someone please help.

 

I am new to this forum, so if this topic is already being discussed, I apologize for the repeated post.

 

 

Regards,

-Mukesh



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:42 AM

Posted 07 December 2013 - 07:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516082 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 07 December 2013 - 01:41 PM

The issue has not been resolved on my computer. When i go to Google.com it still shows the SSL Error with the following message.

 

Cannot connect to the real www.google.com

 

Something is currently interfering with your secure connection to www.google.com.

Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.

If you were to visit www.google.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.com.

 

------------------------------------------------------------------------------------------ 

 

As per the instructions, I've downloaded and run the DDS.com "exec", which has generated two logs DDS.txt and Attach.txt. The contents of DDS.txt is posted below and have attached the attach.txt file.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:28:17 on 2002-04-23
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.261 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BT Common Client\btomosrv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\gtdetectsc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\NetWorx\networx.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ncr
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &NetWorx Desk Band: {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - c:\program files\networx\deskband.dll
uRun: [Wisdom-soft ScreenHunter 5.1 Pro] 0
uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\apache2.2\bin\ApacheMonitor.exe
uPolicies-Explorer: NoLogOff = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://passage.cna.com/vdesk/terminal/f5tunsrv.cab#version=6031,2010,617,2013
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://passage.cna.com/vdesk/terminal/InstallerControl.cab#version=7000,2010,1020,1507
DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} - hxxps://passage.cna.com/vdesk/terminal/f5InspectionHost.cab#version=7000,2010,1020,1407
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://passage.cna.com/vdesk/terminal/vdeskctrl.cab#version=6031,2010,0617,2011
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://usnjym02.tcs.com/dwa8W.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://passage.cna.com/vdesk/terminal/urxshost.cab#version=6031,2010,617,2010
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://passage.cna.com/vdesk/terminal/urxhost.cab#version=6031,2010,617,2005
DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} - hxxps://passage.cna.com/policy/download_binary.php/win32/f5syschk.cab#Version=6031,2010,0617,2012
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{199E69A1-5A5A-43B5-9989-103625144FA7} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2010-10-24 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-19 136360]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2012-5-7 1740696]
R2 BT Common Client;BT Common Client;c:\program files\bt common client\btomosrv.exe [2007-7-3 61440]
R2 gtdetectsc;GtDetectSc Service;c:\windows\system32\Gtdetectsc.exe [2012-4-25 118784]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-13 418376]
R2 UDisk Monitor;UDisk Monitor;c:\program files\mblaze ui\bin\MonServiceUDisk.exe [2012-2-20 512000]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-7 73216]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-19 11608]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-19 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-19 66616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-19 701512]
S3 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [2011-9-9 20549]
S3 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\drivers\btwsp50.sys [2007-4-20 24560]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-7 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-7 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-5-7 235392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-19 22856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2012-2-20 105472]
.
=============== Created Last 30 ================
.
2013-09-07 11:41:57 -------- d-----w- c:\documents and settings\owner\application data\Blackboard
2013-08-15 21:57:03 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-08-15 21:55:47 -------- d-----w- c:\program files\iPod
2013-08-15 21:55:29 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-15 21:53:20 -------- d-----w- c:\program files\Bonjour
2013-06-22 18:15:03 -------- d-----w- c:\documents and settings\owner\.android
2013-05-26 21:57:15 -------- d-----w- c:\documents and settings\owner\application data\Unity
2013-05-26 21:49:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\Unity
2013-05-21 19:08:38 -------- d-----w- c:\documents and settings\owner\workspace
2013-05-19 11:25:38 -------- d-----w- c:\documents and settings\owner\mindterm
2013-05-19 11:25:38 -------- d-----w- c:\documents and settings\owner\.rightscale
2013-05-15 11:31:13 -------- d-----w- c:\documents and settings\owner\.m2
2013-05-08 19:26:37 -------- d-----w- c:\documents and settings\owner\application data\Python-Eggs
2013-04-07 14:44:56 -------- d-----w- C:\mongo_class
2013-01-24 12:02:43 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-01-24 12:02:43 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-01-24 12:02:40 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-01-24 12:02:40 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-12-19 12:48:19 -------- d-----w- c:\windows\system32\LogFiles
2012-11-28 21:40:49 -------- d-----w- c:\program files\Active Ports(2)
2012-11-19 20:29:13 -------- d-sha-r- C:\cmdcons
2012-11-19 20:27:21 98816 -c--a-w- c:\windows\sed.exe
2012-11-19 20:27:21 256000 -c--a-w- c:\windows\PEV.exe
2012-11-19 20:27:21 208896 -c--a-w- c:\windows\MBR.exe
2012-10-06 10:15:18 -------- d-----w- C:\jquery-mobile
2012-09-15 13:56:37 -------- d-----w- C:\jquery
2012-09-08 19:53:04 -------- d-----w- C:\google-python-exercises
2012-09-08 12:15:09 25 ----a-w- C:\abc.bat
2012-09-01 20:44:00 -------- d-----w- C:\git_cs253
2012-08-21 12:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-18 09:14:30 -------- d-----w- C:\googleappengine
2012-08-18 09:12:18 -------- d-----w- c:\documents and settings\owner\Google
2012-08-17 07:04:18 -------- d-----w- C:\fun2
2012-08-16 05:55:35 -------- d-----w- C:\test_directory
2012-08-15 22:38:29 108349 ----a-w- C:\fun1.exe
2012-08-15 22:37:18 -------- d-----w- C:\fun1
2012-08-15 22:36:34 -------- d-----w- c:\program files\Jar2Exe Wizard
2012-08-07 19:48:02 -------- d-----w- C:\testpdf1
2012-08-04 13:35:42 -------- d-----w- c:\documents and settings\owner\.idlerc
2012-07-14 19:46:49 -------- d-----w- c:\documents and settings\owner\application data\MiKTeX
2012-07-14 19:45:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\MiKTeX
2012-07-14 19:36:07 -------- d-----w- c:\documents and settings\all users\application data\MiKTeX
2012-07-14 19:31:21 -------- d-----w- C:\latex_install
2012-07-13 21:33:07 -------- d-----w- c:\documents and settings\owner\application data\HeidiSQL
2012-07-13 21:32:56 -------- d-----w- c:\program files\HeidiSQL
2012-07-13 21:32:56 -------- d-----w- c:\documents and settings\all users\application data\HeidiSQL
2012-07-06 13:58:51 78336 -c----w- c:\windows\system32\dllcache\browser.dll
2012-07-01 10:26:06 -------- d-----w- c:\documents and settings\owner\local settings\application data\Wisdom-soft
2012-07-01 10:25:44 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 6.0 Free
2012-06-26 02:35:58 1375288 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll
2012-06-23 23:30:50 -------- d-----w- c:\documents and settings\owner\.ssh
2012-06-23 22:54:18 -------- d-----w- C:\mySite
2012-06-23 22:43:08 -------- d-----w- C:\cygwin
2012-06-23 22:39:27 -------- d-----w- c:\program files\Git
2012-06-13 05:36:23 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-11 22:33:20 17323640 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2012-06-11 21:53:56 -------- d-----w- C:\pmp
2012-06-10 21:16:44 118384 -c--a-w- c:\program files\common files\microsoft shared\textconv\MSCONV97.DLL
2012-06-09 19:45:25 -------- d-----w- C:\Python27
2012-06-09 17:23:04 -------- d-----w- c:\documents and settings\owner\application data\Sublime Text 2
2012-06-09 17:23:00 -------- d-----w- c:\program files\Sublime Text 2
2012-06-09 10:37:16 -------- d-----w- C:\wamp
2012-06-06 19:59:42 1070152 -c--a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 22:16:44 946448 -c--a-w- c:\windows\system32\dllcache\calc.exe
2012-06-05 22:16:44 946448 ----a-w- c:\windows\system32\Calc.exe
2012-06-05 22:15:11 -------- d-----w- c:\program files\Microsoft Calculator Plus
2012-06-05 21:21:59 138752 -c--a-w- c:\windows\system32\dllcache\sndvol32.exe
2012-06-05 21:21:59 138752 ----a-w- c:\windows\system32\sndvol32.exe
2012-06-04 23:28:40 -------- d-----w- c:\documents and settings\owner\local settings\application data\CutePDF Writer
2012-06-04 19:43:07 316824 -c--a-r- c:\windows\system32\cpnprtuk.cid
2012-06-04 19:43:04 230808 -c--a-r- c:\windows\system32\cpnprt2.cid
2012-06-04 19:42:59 -------- d-----w- c:\windows\Cache
2012-06-04 19:42:57 31 -c-ha-w- c:\windows\UKCpInfo.sys
2012-06-04 19:42:57 -------- d-----w- c:\program files\Coupon Printer
2012-06-04 13:57:38 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-06-02 22:28:44 -------- d-----w- C:\IBM_Websphere
2012-06-02 13:45:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\TVU Networks
2012-06-02 13:45:44 -------- d-----w- c:\documents and settings\all users\application data\TVU Networks
2012-06-02 13:45:40 -------- d-----w- c:\documents and settings\owner\LocalLow
2012-06-02 13:43:17 -------- d-----w- c:\windows\system32\TVUAx
2012-05-22 11:40:28 -------- d-----w- c:\documents and settings\owner\local settings\application data\CounterPath Corporation
2012-05-22 11:39:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\CounterPath
2012-05-15 02:17:34 2594632 ----a-w- c:\program files\common files\microsoft shared\vba\vba6\VBE6.DLL
2012-05-13 20:09:45 -------- d-----w- c:\documents and settings\owner\local settings\application data\Deployment
2012-05-08 06:01:25 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-05-07 21:48:34 -------- d-----w- c:\documents and settings\owner\application data\Birdstep Technology
2012-05-07 21:48:20 -------- d-----w- c:\documents and settings\all users\application data\Birdstep Technology
2012-05-07 21:48:06 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-05-07 21:48:06 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-05-07 21:48:06 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-05-07 21:48:06 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-05-07 21:48:06 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-05-07 21:48:06 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-05-07 21:48:06 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-05-07 21:48:06 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-05-07 21:48:06 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-05-07 21:47:56 67156 -c--a-w- c:\windows\Huawei ModemsUninstall.exe
2012-05-07 21:47:56 -------- d-----w- c:\program files\Huawei Modems
2012-05-07 21:47:53 10240 ----a-w- c:\windows\system32\drivers\mdvrmng.sys
2012-05-07 21:47:44 -------- d-----w- c:\program files\3 Mobile Broadband
2012-05-07 18:53:45 -------- d-----w- c:\documents and settings\all users\application data\YTD YouTube Downloader & Converter
2012-05-07 16:31:13 -------- d-----w- c:\program files\YTD YouTube Downloader & Converter
2012-05-06 11:56:48 -------- d-----w- c:\program files\NetWorx
2012-05-06 11:56:48 -------- d-----w- c:\documents and settings\all users\application data\SoftPerfect
2012-04-25 16:46:20 -------- d-----w- c:\program files\BT Common Client
2012-04-25 16:46:20 -------- d-----w- c:\program files\BT Access Manager
2012-04-25 16:46:20 -------- d-----w- c:\documents and settings\all users\application data\BT Common Client
2012-04-25 16:22:34 -------- d-----w- c:\documents and settings\all users\application data\Sierra Wireless
2012-04-25 16:22:22 -------- d-----w- c:\documents and settings\owner\application data\BT Access Manager
2012-04-25 16:20:58 -------- d-----w- c:\program files\Sierra Wireless Inc
2012-04-25 16:20:41 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-04-25 16:20:41 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-04-25 16:20:21 65635 -c--a-w- c:\windows\system32\GtmNicApp.cpl
2012-04-25 16:20:21 118784 ----a-w- c:\windows\system32\Gtdetectsc.exe
2012-04-25 16:20:10 -------- d-----w- c:\program files\option
2012-04-25 16:19:37 -------- d-----w- c:\documents and settings\all users\application data\BT Access Manager
2012-04-21 09:51:16 -------- d-----w- C:\data
2012-04-21 06:00:01 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth
2012-04-18 13:03:46 -------- d-----w- c:\windows\system32\XPSViewer
2012-04-18 13:03:18 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-04-18 13:03:02 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-04-18 13:03:02 597504 -c----w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-04-18 13:03:02 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-04-18 13:03:02 575488 -c----w- c:\windows\system32\xpsshhdr.dll
2012-04-18 13:03:02 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-04-18 13:03:02 1676288 -c----w- c:\windows\system32\xpssvcs.dll
2012-04-18 13:03:02 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-04-18 13:03:02 117760 -c----w- c:\windows\system32\prntvpt.dll
2012-04-12 11:05:57 -------- d-----w- c:\documents and settings\owner\application data\Softland
2012-04-12 11:00:16 -------- d-----w- c:\program files\Acro Software
2012-04-10 22:31:54 2303488 -c--a-w- c:\windows\system32\python27.dll
2012-04-07 05:52:31 -------- d-----w- c:\documents and settings\all users\application data\F5 Networks
2012-04-03 17:19:21 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2012-04-03 17:19:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Citrix
2012-04-03 17:19:04 -------- d-----w- c:\documents and settings\owner\application data\ICAClient
2012-04-03 17:18:56 -------- d-----w- c:\program files\Citrix
2012-03-31 07:04:46 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-02-29 14:10:16 148480 -c----w- c:\windows\system32\dllcache\imagehlp.dll
2012-02-24 01:30:48 1618216 ----a-w- c:\program files\common files\microsoft shared\office12\OGL.DLL
2012-02-20 09:31:28 105472 ----a-w- c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2012-02-20 09:31:12 -------- d-----w- c:\program files\MBlaze UI
2012-02-14 21:15:55 3072 -c----w- c:\windows\system32\iacenc.dll
2012-02-14 21:15:55 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-09 11:30:24 49976 -c--a-w- c:\program files\common files\system\msmapi\1033\MSMAPI32.DLL
2012-02-03 22:35:32 -------- d-----w- c:\documents and settings\owner\application data\ZTEMTUI
2012-01-29 10:22:38 293376 -c----w- c:\windows\system32\browserchoice.exe
2012-01-28 11:28:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
2012-01-03 13:10:44 182672 -c--a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-12-30 10:50:42 -------- d-----w- c:\documents and settings\all users\CrypKey
2011-12-30 10:50:26 -------- d-sh--w- c:\windows\ftpcache
2011-12-30 10:46:31 27648 -c--a-r- c:\windows\Setup_ck.exe
2011-12-30 10:46:31 21638 ----a-w- c:\windows\system32\Ckldrv.sys
2011-12-30 10:46:31 18432 -c--a-w- c:\windows\Setup_ck.dll
2011-12-30 10:46:31 165888 -c--a-w- c:\windows\Ckconfig.exe
2011-12-30 10:46:31 122880 ----a-w- c:\windows\system32\Crypserv.exe
2011-12-30 10:46:31 11776 -c--a-w- c:\windows\Ckrfresh.exe
2011-12-07 15:49:02 -------- d-----w- c:\documents and settings\owner\application data\ZTEEVDO
2011-11-23 18:30:19 -------- d-----w- c:\documents and settings\all users\application data\Idea Net Setter
2011-11-23 18:30:06 -------- d-----w- c:\documents and settings\all users\application data\DataCardService
2011-11-23 18:29:58 14640 -c----w- c:\windows\system32\spmsgXP_2k3.dll
2011-11-23 18:29:43 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-11-23 18:29:43 1112288 -c--a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-11-23 18:29:43 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-11-23 18:27:44 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2011-11-23 18:27:44 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-11-23 14:42:07 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-11-23 14:42:07 31640 ----a-w- c:\windows\system32\msonpmon.dll
2011-11-23 14:36:19 -------- d-----w- c:\windows\SHELLNEW
2011-11-23 14:35:56 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Help
2011-11-03 15:28:36 386048 -c----w- c:\windows\system32\dllcache\qdvd.dll
2011-11-03 11:35:16 -------- d-----w- c:\program files\SchoolSmart
2011-11-03 11:34:56 286720 -c----w- c:\windows\Setup1.exe
2011-11-03 11:34:55 73216 -c--a-w- c:\windows\ST6UNST.EXE
2011-11-03 11:34:31 -------- d-----w- C:\Deepu
2011-10-30 05:50:30 -------- d-----w- c:\documents and settings\owner\application data\Agency9
2011-10-20 19:29:20 -------- d-----w- c:\documents and settings\owner\application data\Avira
2011-10-19 18:44:51 -------- d-----w- C:\HTML5
2011-10-19 04:57:19 -------- d-----w- C:\testApp
2011-10-18 07:18:56 -------- d-----w- C:\Apache2.2
2011-10-16 19:48:01 -------- d-----w- C:\testpdf
2011-10-16 17:47:07 197 ----a-w- C:\setItextEnv.bat
2011-10-16 16:34:37 -------- d-----w- C:\itext
2011-10-15 13:19:17 -------- d-----w- c:\program files\Sun
2011-10-15 13:19:04 73728 -c--a-w- c:\windows\system32\javacpl.cpl
2011-10-15 13:19:04 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-10-15 13:16:22 -------- d-----w- C:\Java
2011-10-15 11:46:45 -------- d-----w- C:\apache-tomcat
2011-10-15 11:41:07 -------- d-----w- C:\MySql
2011-10-15 09:49:52 -------- d-----w- c:\documents and settings\owner\local settings\application data\{7148F0A6-6813-11D6-A77B-00B0D0142190}
2011-10-15 09:48:16 -------- d-----w- C:\j2sdk142
2011-10-15 09:46:54 -------- d-----w- c:\documents and settings\owner\local settings\application data\{35A3A4F2-B792-11D6-A78A-00B0D0142190}
2011-10-14 14:47:29 176128 -c----w- c:\windows\system32\dllcache\winmm.dll
2011-10-04 22:22:30 756048 ----a-w- c:\program files\common files\microsoft shared\office12\MSPTLS.DLL
2011-10-04 08:18:41 -------- d-----w- c:\program files\MSXML 4.0
2011-10-03 19:16:47 -------- d-----w- c:\documents and settings\owner\application data\Intel
2011-10-03 19:16:40 319488 -c--a-w- c:\windows\system32\AegisI5Installer.exe
2011-10-03 19:16:40 21425 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-10-03 19:15:51 561152 -c--a-w- c:\windows\system32\NETw3c32.dll
2011-10-03 19:15:51 2732032 -c--a-w- c:\windows\system32\NETw3r32.dll
2011-10-03 19:15:51 1711104 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2011-10-03 19:14:03 -------- d-----w- c:\program files\Modem Helper
2011-10-03 19:13:51 77824 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-10-03 19:13:51 32768 -c----w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-10-03 19:13:51 225280 -c----w- c:\program files\common files\installshield\iscript\iscript.dll
2011-10-03 19:13:51 176128 -c----w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-10-03 19:13:50 614532 -c--a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-09-26 06:11:20 611328 -c----w- c:\windows\system32\uiautomationcore.dll
2011-09-22 04:36:31 -------- d-----w- C:\Delhi Belly (2011) [320 - VBR - ACD - Tollymp3z]
2011-09-03 10:17:37 601088 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-08-30 22:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-14 04:49:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\VMware
2011-08-11 03:05:37 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 03:03:24 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 18:27:26 1415072 -c--a-w- c:\program files\common files\microsoft shared\office12\ACECORE.DLL
2011-07-27 17:49:34 552832 -c--a-w- c:\program files\common files\microsoft shared\office12\OFFLB.EXE
2011-07-27 17:49:22 95608 -c--a-w- c:\program files\common files\microsoft shared\office12\EXP_PDF.DLL
2011-07-27 17:49:22 56696 -c--a-w- c:\program files\common files\microsoft shared\office12\EXP_XPS.DLL
2011-07-27 17:49:22 177536 -c--a-w- c:\program files\common files\microsoft shared\smart tag\IETAG.DLL
2011-07-27 05:33:08 1064296 ----a-w- c:\program files\common files\microsoft shared\office12\RICHED20.DLL
2011-07-27 05:20:20 971616 ----a-w- c:\program files\common files\microsoft shared\web folders\MSONSEXT.DLL
2011-07-27 05:13:08 439128 ----a-w- c:\program files\common files\microsoft shared\dw\DWDCW20.DLL
2011-07-27 05:13:08 434080 -c--a-w- c:\program files\common files\microsoft shared\dw\DWTRIG20.EXE
2011-07-27 05:13:06 813960 -c--a-w- c:\program files\common files\microsoft shared\dw\DW20.EXE
2011-07-27 04:59:00 6540136 -c--a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUP.DLL
2011-07-27 04:58:56 439160 -c--a-w- c:\program files\common files\microsoft shared\office12\office setup controller\SETUP.EXE
2011-07-27 04:36:06 481640 -c--a-w- c:\program files\common files\microsoft shared\portal\PortalConnectCore.dll
2011-07-20 11:38:38 735096 -c--a-w- c:\program files\common files\microsoft shared\office12\SERCONV.DLL
2011-07-20 11:38:30 1329064 -c--a-w- c:\program files\common files\microsoft shared\office12\PJ11OD11.DLL
2011-07-20 11:38:22 882520 -c--a-w- c:\program files\common files\microsoft shared\office12\ATLCONV.DLL
2011-07-20 05:23:06 65408 -c--a-w- c:\program files\common files\microsoft shared\office12\MSOMSE.DLL
2011-07-20 05:23:04 47472 -c--a-w- c:\program files\common files\microsoft shared\office12\MSE7.EXE
2011-07-20 05:23:04 459664 -c--a-w- c:\program files\common files\microsoft shared\office12\MODHELP.DLL
2011-07-20 05:18:26 2872184 -c--a-w- c:\program files\common files\microsoft shared\office12\OFFDIAG.EXE
2011-07-20 05:18:24 440696 -c--a-w- c:\program files\common files\microsoft shared\office12\ODSERV.EXE
2011-07-20 05:14:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\WMTools Downloaded Files
2011-07-13 21:34:36 1117584 ----a-w- c:\program files\common files\microsoft shared\filters\offfiltx.dll
2011-07-07 02:28:22 1193320 -c--a-w- c:\windows\system32\FM20.DLL
2011-06-22 08:16:34 1681784 -c--a-w- c:\program files\common files\microsoft shared\web server extensions\12\bin\FPSRVUTL.DLL
2011-06-21 20:02:40 341888 -c--a-w- c:\program files\common files\microsoft shared\proof\MSTH3ES.DLL
2011-06-21 02:36:44 341888 -c--a-w- c:\program files\common files\microsoft shared\proof\MSTH3FR.DLL
2011-06-21 02:15:50 -------- d-----w- C:\Output
2011-06-21 02:13:29 -------- d-----w- c:\program files\PowerPoint-PPT to Pdf Converter
2011-06-16 00:27:55 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-06 01:31:41 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-31 17:23:32 289616 -c--a-w- c:\program files\common files\microsoft shared\msclientdatamgr\MSCDM.DLL
2011-05-31 16:26:54 986000 ----a-w- c:\program files\common files\microsoft shared\office12\msoshext.dll
2011-05-31 16:26:52 88448 -c--a-w- c:\program files\common files\microsoft shared\smart tag\METCONV.DLL
2011-05-26 19:28:06 6637952 ----a-w- c:\program files\common files\microsoft shared\office12\MSORES.DLL
2011-04-24 16:08:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\TechSmith
2011-04-24 16:06:28 -------- d-----w- c:\windows\system32\QuickTime
2011-04-19 09:47:04 670032 -c--a-w- c:\program files\common files\microsoft shared\vc\msdia90.dll
2011-04-19 03:57:47 -------- d-----w- C:\pre-school
2011-04-06 01:21:20 242704 -c--a-w- c:\program files\common files\system\ole db\MSMDCB80.DLL
2011-04-03 02:50:05 -------- d-----w- c:\program files\Elaborate Bytes
2011-03-18 08:49:02 631616 -c--a-w- c:\windows\system32\msvcp100d.dll
2011-03-18 08:49:02 1467200 -c--a-w- c:\windows\system32\msvcr100d.dll
2011-03-15 02:19:48 -------- d-----w- c:\documents and settings\owner\local settings\application data\Conduit
2011-03-15 02:19:34 -------- d-----w- C:\extensions
2011-03-15 02:19:26 -------- d-----w- c:\program files\uTorrent
2011-03-15 02:18:55 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-03-09 17:37:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2011-03-07 02:08:13 93552 ----a-w- c:\windows\system32\ElbyCDIO.dll
2011-03-07 00:52:09 134512 ----a-w- c:\windows\system32\ElbyVCD.dll
2011-02-18 23:40:50 768848 -c--a-w- c:\windows\system32\msvcr100.dll
2011-02-13 21:16:29 -------- d-----w- c:\program files\common files\Symantec Shared
2011-02-13 21:16:21 -------- d-----w- c:\documents and settings\all users\application data\Norton
2011-02-13 21:16:18 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2011-02-10 02:48:09 -------- d-----w- c:\documents and settings\owner\local settings\application data\Move Networks
2011-02-06 03:10:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\PGP Corporation
2011-02-06 03:10:03 -------- d-----w- c:\documents and settings\owner\application data\PGP Corporation
2011-02-06 03:09:30 -------- d-----w- c:\documents and settings\all users\application data\PGP Corporation
2011-02-06 03:08:17 78440 -c--a-w- c:\windows\system32\PGPlspRollback.reg
2011-02-06 03:08:03 -------- d-----w- c:\program files\PGP Corporation
2011-02-06 03:08:03 -------- d-----w- c:\program files\common files\PGP Corporation
2011-02-06 02:28:39 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2011-02-06 02:28:24 -------- d-----w- c:\program files\LogMeIn
2011-01-21 14:44:37 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-15 16:20:14 30208 ----a-w- c:\windows\system32\drivers\VClone.sys
2010-12-20 17:32:15 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2010-12-17 03:09:38 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-17 03:09:38 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-17 03:09:38 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-17 03:09:38 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-17 03:09:38 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-17 03:09:37 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-17 03:09:37 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-12-16 22:57:57 31088 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-16 04:26:07 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-07 13:21:09 214256 -c--a-w- c:\windows\system32\muweb.dll
2010-12-07 13:21:09 17136 -c--a-w- c:\windows\system32\mucltui.dll.mui
2010-12-07 13:21:08 275696 -c--a-w- c:\windows\system32\mucltui.dll
2010-12-05 05:22:35 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-12-05 05:22:35 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-12-04 07:11:31 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Pro
2010-12-04 07:11:31 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Pro
2010-11-29 23:38:30 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2010-11-27 00:44:56 -------- d-----w- c:\program files\VideoLAN
2010-11-11 06:08:15 -------- d-----w- c:\program files\Convert MP4 to MP3
2010-11-11 06:00:07 -------- d-----w- c:\documents and settings\owner\application data\AnvSoft
2010-11-09 14:52:35 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2010-11-09 14:52:35 249856 -c----w- c:\windows\system32\dllcache\odbc32.dll
2010-11-09 14:52:35 200704 -c----w- c:\windows\system32\dllcache\msadox.dll
2010-11-07 20:40:15 -------- d-----w- c:\windows\system32\Adobe
2010-11-06 15:45:01 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-10-29 04:06:00 -------- d-----w- c:\documents and settings\owner\.thumbnails
2010-10-29 03:45:58 -------- d-----w- c:\documents and settings\owner\.gimp-2.6
2010-10-29 03:44:37 -------- d-----w- c:\program files\GIMP-2.0
2010-10-25 03:06:21 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple
2010-10-25 03:06:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
2010-10-24 02:06:35 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
2010-10-24 01:18:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2010-10-22 11:43:18 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2010-10-22 11:43:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-22 05:12:49 -------- d-----w- C:\MS-Office
2010-10-21 12:21:33 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-21 12:21:23 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-21 02:44:01 -------- d-----w- c:\windows\system32\scripting
2010-10-21 02:44:01 -------- d-----w- c:\windows\l2schemas
2010-10-21 02:44:00 -------- d-----w- c:\windows\system32\en
2010-10-21 02:44:00 -------- d-----w- c:\windows\system32\bits
2010-10-21 02:39:41 -------- d-----w- c:\windows\network diagnostic
2010-10-21 02:34:49 -------- d-----w- c:\windows\EHome
2010-10-21 01:58:11 -------- d-----w- c:\program files\BurnAware Free
2010-10-21 01:54:13 -------- d-----w- c:\documents and settings\owner\application data\Helios
2010-10-21 01:53:56 -------- d-----w- c:\program files\TextPad 5
2010-10-20 03:21:53 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-10-20 00:36:14 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-10-20 00:29:13 -------- d-----w- c:\windows\ie8updates
2010-10-20 00:29:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-20 00:29:06 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-20 00:29:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-20 00:29:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-20 00:29:06 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-20 00:29:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-20 00:29:06 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-20 00:28:02 -------- dc-h--w- c:\windows\ie8
2010-10-19 15:28:42 -------- d-----w- c:\windows\ServicePackFiles
2010-10-19 14:32:05 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-10-19 14:32:05 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-10-19 14:32:05 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-10-19 14:32:05 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-10-19 14:32:05 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-10-19 14:32:05 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-10-19 14:32:01 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-10-19 14:32:01 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2010-10-19 14:32:01 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2010-10-19 14:32:01 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2010-10-19 14:32:00 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2010-10-19 14:32:00 13776 ------w- c:\windows\system32\drivers\recagent.sys
2010-10-19 14:31:59 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2010-10-19 14:31:59 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-10-19 14:31:57 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2010-10-19 14:31:57 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-10-19 14:31:57 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2010-10-19 14:31:50 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-10-19 14:31:50 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-10-19 14:31:50 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-10-19 14:16:52 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-10-19 14:16:52 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-19 14:16:49 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2010-10-19 14:16:41 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-19 14:16:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-10-19 14:15:14 337920 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-10-19 14:12:14 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-10-19 14:10:11 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-10-19 12:35:11 -------- d-----w- c:\windows\system32\PreInstall
2010-10-19 12:35:10 26144 -c--a-w- c:\windows\system32\spupdsvc.exe
2010-10-19 12:30:00 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-19 03:19:53 44544 ----a-r- c:\windows\system32\drivers\bcm4sbxp.sys
2010-10-19 03:19:44 -------- d-----w- c:\program files\Broadcom
2010-10-19 03:18:09 90112 -c--a-w- c:\windows\system32\snymsico.dll
2010-10-19 03:18:09 51328 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-10-19 03:18:09 307968 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-10-19 03:18:09 28544 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-10-19 03:18:09 16480 -c--a-w- c:\windows\system32\rixdicon.dll
2010-10-19 03:17:56 57344 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-10-19 03:17:56 5632 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-10-19 03:17:56 237568 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-10-19 03:17:56 155648 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-10-19 03:17:55 692224 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-10-19 03:17:55 282756 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-10-19 03:17:55 163972 -c--a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-10-19 03:15:01 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-19 03:13:01 -------- d-----w- c:\windows\system32\ReinstallBackups
2010-10-19 02:11:19 -------- d-----w- C:\Mukesh
2010-10-19 01:34:58 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 01:34:57 -------- d-----w- c:\program files\Avira
2010-10-19 01:34:57 -------- d-----w- c:\documents and settings\all users\application data\Avira
2010-10-19 01:29:39 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2010-10-19 01:29:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 01:29:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 01:29:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2010-10-19 01:24:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\Temp
2010-10-19 01:24:38 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2010-10-19 01:22:14 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-10-18 07:02:40 65776 ----a-w- c:\windows\UnDeploy.exe
.
==================== Find3M  ====================
.
2013-06-28 22:30:41 90112 ----a-w- c:\windows\DUMP6afe.tmp
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41:17 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02:42 375296 -c--a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 -c--a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 -c--a-w- c:\windows\system32\synceng.dll
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-09 01:46:48 374792 ----a-w- c:\windows\system32\drivers\icquni.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 14:19:44 22040 -c--a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 -c--a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 -c--a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-01 16:50:06 601088 ----a-w- c:\windows\system32\crypt32.dll
2012-05-14 09:22:41 345600 ----a-w- c:\windows\system32\localspl.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-18 12:35:08 60416 -c--a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-18 11:13:22 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-10-14 14:47:29 23040 -c--a-w- c:\windows\system32\mciseq.dll
2011-10-14 14:47:29 176128 ----a-w- c:\windows\system32\winmm.dll
2011-10-10 14:22:41 692736 -c--a-w- c:\windows\system32\inetcomm.dll
2011-09-26 06:11:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 06:11:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 -c--a-w- c:\windows\system32\crypt32(3).dll
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-17 13:18:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 17:32:15 551936 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-11-18 18:12:44 81920 -c--a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-02 15:17:02 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-09-18 06:53:25 954368 -c--a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 -c--a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-23 03:30:48 411480 ----a-w- c:\windows\system32\tsccvid.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:17:24 143422 -c--a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31:20 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-04-16 15:36:56 406016 ----a-w- c:\windows\system32\usp10.dll
2010-04-05 16:54:04 384512 -c--a-w- c:\windows\system32\mp4sdmod.dll
2010-03-30 18:46:34 99176 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 18:40:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-30 05:52:26 262416 -c--a-w- c:\windows\system32\mpg4ds32.ax
2010-03-18 12:16:28 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 12:16:28 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 12:16:28 486216 -c--a-w- c:\windows\system32\evr.dll
2010-03-05 14:37:40 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-12 04:33:11 100864 -c--a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-29 14:43:39 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:01:25 86016 -c--a-w- c:\windows\system32\cabview.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-21 15:51:04 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-11-06 19:37:08 49488 -c--a-w- c:\windows\system32\netfxperf.dll
2009-11-06 19:37:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2009-11-06 19:36:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 -c--a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
.
============= FINISH: 18:30:29.09 ===============
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 AM

Posted 08 December 2013 - 05:51 PM

Greetings mukesh51 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run these programs for me.

===================================================

Run TDSSKiller by Kaspersky on XP

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Double-click on TDSSKiller.exe.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


tdss2.png


  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


tdss4.png


  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TdssKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 10 December 2013 - 05:48 AM

Apologies for the late reply. I've performed the actions as mentioned in the post. I found few screenshots to be different than mentioned in the post, so I am attaching the screenshots for getting you on the same page.

 

For example, the TDSKiller.exe found an infected file, but I didn't got the "CURE" option in the drop down. There were only two options "SKIP" and "Copy to Quarantine" and when I pressed on the continue button, it never asked me to reboot the machine.

 

Also in the aswMBR, the scan i did was more of a quick scan, rather than specific to "C:\" drive. I hope that was expected. I've attached screenshots for reference. Please find the logs for TDSKiller and aswMBR, below.

 

09:51:02.0953 0x0b98  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
09:51:05.0484 0x0b98  ============================================================
09:51:05.0484 0x0b98  Current date / time: 2012/12/11 09:51:05.0484
09:51:05.0484 0x0b98  SystemInfo:
09:51:05.0484 0x0b98  
09:51:05.0484 0x0b98  OS Version: 5.1.2600 ServicePack: 3.0
09:51:05.0484 0x0b98  Product type: Workstation
09:51:05.0484 0x0b98  ComputerName: MUKESH
09:51:05.0484 0x0b98  UserName: Owner
09:51:05.0484 0x0b98  Windows directory: C:\WINDOWS
09:51:05.0484 0x0b98  System windows directory: C:\WINDOWS
09:51:05.0484 0x0b98  Processor architecture: Intel x86
09:51:05.0484 0x0b98  Number of processors: 2
09:51:05.0484 0x0b98  Page size: 0x1000
09:51:05.0484 0x0b98  Boot type: Normal boot
09:51:05.0484 0x0b98  ============================================================
09:51:07.0125 0x0b98  KLMD registered as C:\WINDOWS\system32\drivers\73593638.sys
09:51:07.0187 0x0b98  System UUID: {0C4DBE94-4FB1-D7B2-E2A0-D5B6D169DCE1}
09:51:07.0812 0x0b98  Drive \Device\Harddisk0\DR0 - Size: 0x1248119400 (73.13 Gb), SectorSize: 0x200, Cylinders: 0x254A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:51:07.0812 0x0b98  ============================================================
09:51:07.0812 0x0b98  \Device\Harddisk0\DR0:
09:51:07.0812 0x0b98  MBR partitions:
09:51:07.0812 0x0b98  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x6970062
09:51:07.0812 0x0b98  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x69878E8, BlocksNum 0x22227B4
09:51:07.0812 0x0b98  ============================================================
09:51:07.0890 0x0b98  C: <-> \Device\Harddisk0\DR0\Partition1
09:51:08.0000 0x0b98  D: <-> \Device\Harddisk0\DR0\Partition2
09:51:08.0000 0x0b98  ============================================================
09:51:08.0000 0x0b98  Initialize success
09:51:08.0000 0x0b98  ============================================================
09:51:09.0375 0x0fe4  ============================================================
09:51:09.0375 0x0fe4  Scan started
09:51:09.0375 0x0fe4  Mode: Manual; 
09:51:09.0375 0x0fe4  ============================================================
09:51:09.0375 0x0fe4  KSN ping started
09:51:11.0796 0x0fe4  KSN ping finished: true
09:51:12.0468 0x0fe4  ================ Scan system memory ========================
09:51:14.0218 0x0fe4  System memory - ok
09:51:14.0218 0x0fe4  ================ Scan services =============================
09:51:14.0359 0x0fe4  Abiosdsk - ok
09:51:14.0375 0x0fe4  abp480n5 - ok
09:51:14.0421 0x0fe4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:51:14.0421 0x0fe4  ACPI - ok
09:51:14.0593 0x0fe4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
09:51:14.0609 0x0fe4  ACPIEC - ok
09:51:14.0687 0x0fe4  [ 24A0876D07EF356DCBC1D7A7929354AB, 765653E856EC5841DB851363E7C7CFC332D3605789ECD0998762F60ADD56A0D8 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:51:14.0687 0x0fe4  AdobeFlashPlayerUpdateSvc - ok
09:51:14.0703 0x0fe4  adpu160m - ok
09:51:14.0734 0x0fe4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
09:51:14.0734 0x0fe4  aec - ok
09:51:14.0781 0x0fe4  [ 375EB0B97E3950ADEF3633C27A82438B, A79AF11EFAFFAB0CBB0A7A21AD53072C44EFA2EB375981201DE1EF03F3564A12 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:51:14.0781 0x0fe4  AegisP - ok
09:51:14.0828 0x0fe4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
09:51:14.0843 0x0fe4  AFD - ok
09:51:14.0859 0x0fe4  Aha154x - ok
09:51:14.0859 0x0fe4  aic78u2 - ok
09:51:14.0875 0x0fe4  aic78xx - ok
09:51:14.0906 0x0fe4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
09:51:14.0906 0x0fe4  Alerter - ok
09:51:14.0937 0x0fe4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
09:51:14.0937 0x0fe4  ALG - ok
09:51:14.0953 0x0fe4  AliIde - ok
09:51:14.0953 0x0fe4  amsint - ok
09:51:15.0078 0x0fe4  [ B4837FE56D76B2E9EA90E5365CF6A2BE, 4379A0BA850C787D6AD01F50D6FCEEA96E2F4800BAF1A0EEEC6BEFA6851762C1 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:51:15.0093 0x0fe4  AntiVirSchedulerService - ok
09:51:15.0140 0x0fe4  [ DF5A3016052755C910A206058B4A1729, 0E15807370B8EA28002D713490FD8DDD3E7FCFAE78477197CE2C0EFB5F176896 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:51:15.0171 0x0fe4  AntiVirService - ok
09:51:15.0234 0x0fe4  [ 44CEAFF41EDE4297F30913DDF80D17C1, E3070D4D88938B3A8F14647A7AF7427B446C4298BC771C025C263D78CFE6BE70 ] Apache2.2       C:\Apache2.2\bin\httpd.exe
09:51:15.0234 0x0fe4  Apache2.2 - ok
09:51:15.0343 0x0fe4  [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:51:15.0343 0x0fe4  Apple Mobile Device - ok
09:51:15.0359 0x0fe4  AppMgmt - ok
09:51:15.0390 0x0fe4  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:51:15.0406 0x0fe4  Arp1394 - ok
09:51:15.0406 0x0fe4  asc - ok
09:51:15.0421 0x0fe4  asc3350p - ok
09:51:15.0421 0x0fe4  asc3550 - ok
09:51:15.0531 0x0fe4  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:51:15.0531 0x0fe4  aspnet_state - ok
09:51:15.0546 0x0fe4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:51:15.0546 0x0fe4  AsyncMac - ok
09:51:15.0578 0x0fe4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
09:51:15.0578 0x0fe4  atapi - ok
09:51:15.0593 0x0fe4  Atdisk - ok
09:51:15.0625 0x0fe4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:51:15.0640 0x0fe4  Atmarpc - ok
09:51:15.0687 0x0fe4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
09:51:15.0687 0x0fe4  AudioSrv - ok
09:51:15.0734 0x0fe4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
09:51:15.0734 0x0fe4  audstub - ok
09:51:15.0781 0x0fe4  [ 0B497C79824F8E1BF22FA6AACD3DE3A0, D9238EFCE3BD9C280B8EC0766C2E99940CB97B1FE5354E6D5B714C13097BAB70 ] avgio           C:\Program Files\Avira\AntiVir Desktop\avgio.sys
09:51:15.0781 0x0fe4  avgio - ok
09:51:15.0812 0x0fe4  [ 1E4114685DE1FFA9675E09C6A1FB3F4B, A9A558BBF5D1EFDC7C82D58307CE3C48FE41A0905A3C4010C3F24D083EC891AC ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:51:15.0812 0x0fe4  avgntflt - ok
09:51:15.0828 0x0fe4  [ 0F78D3DAE6DEDD99AE54C9491C62ADF2, 0E06E5DE67BCFF8028311DE492279F9D8B3B11B68C49CA8B2AFA19FFFADCC18F ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:51:15.0828 0x0fe4  avipbb - ok
09:51:15.0875 0x0fe4  [ 6489310D11971F6BA6C7F49BE0BAF6E0, 24FB7D3DA7F372C30258AB476F0FAF43A73FF97417E86B0646105BA60B71E2AF ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:51:15.0890 0x0fe4  bcm4sbxp - ok
09:51:16.0046 0x0fe4  [ 68BF3520FE759C91FD9182F36E585374, FB88732817BBBEFB9644B9C3E1CC1033431AF9A62C742522D851FA7AB1B7F962 ] BecHelperService C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
09:51:16.0109 0x0fe4  BecHelperService - ok
09:51:16.0218 0x0fe4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
09:51:16.0218 0x0fe4  Beep - ok
09:51:16.0328 0x0fe4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:51:16.0359 0x0fe4  Bonjour Service - ok
09:51:16.0406 0x0fe4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
09:51:16.0406 0x0fe4  Browser - ok
09:51:16.0468 0x0fe4  [ 9944C0BE9F57C6A2A2B49B56CE7C909E, B73C4F4485D3341F7F82FDCC1926D72BF01FFD21078E085C9D73FCB3AF208ED5 ] BT Common Client C:\Program Files\BT Common Client\btomosrv.exe
09:51:16.0468 0x0fe4  BT Common Client - ok
09:51:16.0500 0x0fe4  [ 41F970CCED20C10CDAAE5D5D7A21A6C2, 58A991B5DB0EDCF4C6E809D48459FBDC850B56FE81B4B649B078195188C143F9 ] BTWSp50         C:\WINDOWS\system32\Drivers\BTWSp50.sys
09:51:16.0500 0x0fe4  BTWSp50 - ok
09:51:16.0515 0x0fe4  catchme - ok
09:51:16.0562 0x0fe4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
09:51:16.0578 0x0fe4  cbidf2k - ok
09:51:16.0578 0x0fe4  cd20xrnt - ok
09:51:16.0625 0x0fe4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
09:51:16.0625 0x0fe4  Cdaudio - ok
09:51:16.0671 0x0fe4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
09:51:16.0671 0x0fe4  Cdfs - ok
09:51:16.0687 0x0fe4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:51:16.0687 0x0fe4  Cdrom - ok
09:51:16.0734 0x0fe4  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
09:51:16.0734 0x0fe4  cercsr6 - ok
09:51:16.0734 0x0fe4  Changer - ok
09:51:16.0781 0x0fe4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
09:51:16.0781 0x0fe4  CiSvc - ok
09:51:16.0781 0x0fe4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
09:51:16.0796 0x0fe4  ClipSrv - ok
09:51:16.0843 0x0fe4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:51:16.0843 0x0fe4  clr_optimization_v2.0.50727_32 - ok
09:51:16.0921 0x0fe4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:51:16.0921 0x0fe4  clr_optimization_v4.0.30319_32 - ok
09:51:16.0953 0x0fe4  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:51:16.0953 0x0fe4  CmBatt - ok
09:51:16.0953 0x0fe4  CmdIde - ok
09:51:17.0000 0x0fe4  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:51:17.0015 0x0fe4  Compbatt - ok
09:51:17.0015 0x0fe4  COMSysApp - ok
09:51:17.0031 0x0fe4  Cpqarray - ok
09:51:17.0031 0x0fe4  Crypkey License - ok
09:51:17.0078 0x0fe4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
09:51:17.0093 0x0fe4  CryptSvc - ok
09:51:17.0125 0x0fe4  [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm         C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
09:51:17.0140 0x0fe4  ctxusbm - ok
09:51:17.0140 0x0fe4  dac2w2k - ok
09:51:17.0156 0x0fe4  dac960nt - ok
09:51:17.0218 0x0fe4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
09:51:17.0250 0x0fe4  DcomLaunch - ok
09:51:17.0296 0x0fe4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
09:51:17.0312 0x0fe4  Dhcp - ok
09:51:17.0312 0x0fe4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
09:51:17.0328 0x0fe4  Disk - ok
09:51:17.0328 0x0fe4  dmadmin - ok
09:51:17.0453 0x0fe4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
09:51:17.0515 0x0fe4  dmboot - ok
09:51:17.0562 0x0fe4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
09:51:17.0562 0x0fe4  dmio - ok
09:51:17.0593 0x0fe4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
09:51:17.0593 0x0fe4  dmload - ok
09:51:17.0625 0x0fe4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
09:51:17.0640 0x0fe4  dmserver - ok
09:51:17.0656 0x0fe4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
09:51:17.0656 0x0fe4  DMusic - ok
09:51:17.0703 0x0fe4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
09:51:17.0703 0x0fe4  Dnscache - ok
09:51:17.0765 0x0fe4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
09:51:17.0781 0x0fe4  Dot3svc - ok
09:51:17.0781 0x0fe4  dpti2o - ok
09:51:17.0828 0x0fe4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
09:51:17.0828 0x0fe4  drmkaud - ok
09:51:17.0843 0x0fe4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
09:51:17.0859 0x0fe4  EapHost - ok
09:51:17.0890 0x0fe4  [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO        C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
09:51:17.0890 0x0fe4  ElbyCDIO - ok
09:51:17.0937 0x0fe4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
09:51:17.0937 0x0fe4  ERSvc - ok
09:51:18.0000 0x0fe4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
09:51:18.0000 0x0fe4  Eventlog - ok
09:51:18.0062 0x0fe4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
09:51:18.0093 0x0fe4  EventSystem - ok
09:51:18.0265 0x0fe4  [ 788C72B145C75A7EE5F5D6A32542D912, 46AD6ED0C850E8E61B1EC22D75312D50FEFA8448C09B834AE819638B1F8A3EAA ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:51:18.0296 0x0fe4  EvtEng - ok
09:51:18.0343 0x0fe4  [ FB54F67974D13D73BE3E2F1DF042D295, D5E70DF417ECDBD2619D7293EB229D6FB5D89A5E8BAC37B71795C92318D2FDAD ] ewusbnet        C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
09:51:18.0359 0x0fe4  ewusbnet - ok
09:51:18.0375 0x0fe4  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev     C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
09:51:18.0375 0x0fe4  ew_hwusbdev - ok
09:51:18.0390 0x0fe4  [ 61A973F60E94A551BA7B15F3460444FB, FC2FB69978D99D75673AFE9F08176F3139DCBAEDE4D339BD09DA29CD3EC01005 ] ew_usbenumfilter C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys
09:51:18.0390 0x0fe4  ew_usbenumfilter - ok
09:51:18.0421 0x0fe4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
09:51:18.0421 0x0fe4  Fastfat - ok
09:51:18.0468 0x0fe4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:51:18.0468 0x0fe4  FastUserSwitchingCompatibility - ok
09:51:18.0484 0x0fe4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
09:51:18.0484 0x0fe4  Fdc - ok
09:51:18.0531 0x0fe4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
09:51:18.0531 0x0fe4  Fips - ok
09:51:18.0546 0x0fe4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
09:51:18.0546 0x0fe4  Flpydisk - ok
09:51:20.0890 0x0fe4  [ 60AB9A49B83ABC25017467C50306FE05, 24C83A7CB1AD5D200858D16319028F6D99592F00EBD2C25B6938177A8CEAC0CC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
09:51:25.0453 0x0fe4  Suspicious file ( NoAccess ): C:\WINDOWS\system32\drivers\fltmgr.sys. md5: 60AB9A49B83ABC25017467C50306FE05, sha256: 24C83A7CB1AD5D200858D16319028F6D99592F00EBD2C25B6938177A8CEAC0CC
09:51:25.0453 0x0fe4  FltMgr - detected LockedFile.Multi.Generic ( 1 )
09:51:28.0234 0x0fe4  Object is SCO, delete is not allowed
09:51:28.0234 0x0fe4  FltMgr ( LockedFile.Multi.Generic ) - warning
09:51:28.0234 0x0fe4  Force sending object to P2P due to detect: C:\WINDOWS\system32\drivers\fltmgr.sys
09:51:31.0953 0x0fe4  Object send P2P result: true
09:51:34.0546 0x0fe4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:51:34.0546 0x0fe4  FontCache3.0.0.0 - ok
09:51:34.0562 0x0fe4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:51:34.0562 0x0fe4  Fs_Rec - ok
09:51:34.0593 0x0fe4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:51:34.0609 0x0fe4  Ftdisk - ok
09:51:34.0656 0x0fe4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:51:34.0656 0x0fe4  GEARAspiWDM - ok
09:51:34.0703 0x0fe4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:51:34.0718 0x0fe4  Gpc - ok
09:51:34.0750 0x0fe4  [ D45CD64117F5896A3E920280ADFC7EFA, F7CAD30FD89A49129844798CFA7A9759972DFB5C8EE95EA56F5B14DA34DDFBF1 ] gtdetectsc      C:\WINDOWS\system32\gtdetectsc.exe
09:51:34.0765 0x0fe4  gtdetectsc - ok
09:51:34.0796 0x0fe4  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:51:34.0812 0x0fe4  HDAudBus - ok
09:51:34.0906 0x0fe4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:51:34.0906 0x0fe4  helpsvc - ok
09:51:34.0921 0x0fe4  HidServ - ok
09:51:34.0937 0x0fe4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:51:34.0953 0x0fe4  HidUsb - ok
09:51:34.0984 0x0fe4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
09:51:35.0000 0x0fe4  hkmsvc - ok
09:51:35.0000 0x0fe4  hpn - ok
09:51:35.0125 0x0fe4  [ E8EC1767EA315A39A0DD8989952CA0E9, E7586CF0D4F2898E551E51035D7979B6EAF5E20B40FDDFA6297B84E171DB9016 ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
09:51:35.0187 0x0fe4  HSF_DPV - ok
09:51:35.0312 0x0fe4  [ 61478FA42EE04562E7F11F4DCA87E9C8, 3F54BE008E0D109B00BC2B069B5D509FE784D399B0F5E856E651B12021F0DBA0 ] HSXHWAZL        C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
09:51:35.0312 0x0fe4  HSXHWAZL - ok
09:51:35.0390 0x0fe4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
09:51:35.0406 0x0fe4  HTTP - ok
09:51:35.0453 0x0fe4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
09:51:35.0453 0x0fe4  HTTPFilter - ok
09:51:35.0500 0x0fe4  [ F44461E66F1B7DD267957FE9BAA63ED0, 5B51692F1670A43A8C1B9E2EECB4042AB04BA92AAA347405A61D3EA8C478BC5A ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
09:51:35.0500 0x0fe4  huawei_enumerator - ok
09:51:35.0546 0x0fe4  [ F547F862B8907F1BCBD9B72A72A6449E, 18045A85AF0060E599A386D2F50E333D0ADEBECD2987CB4EE6377D1537197285 ] hwdatacard      C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
09:51:35.0562 0x0fe4  hwdatacard - ok
09:51:35.0578 0x0fe4  i2omgmt - ok
09:51:35.0578 0x0fe4  i2omp - ok
09:51:35.0640 0x0fe4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:51:35.0640 0x0fe4  i8042prt - ok
09:51:35.0812 0x0fe4  [ CC449157474D5E43DAEA7E20F52C635A, 5C65259E32096949F1E7E449E7F6058408AD28B6276564BD477A700E048977DE ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:51:35.0890 0x0fe4  ialm - ok
09:51:36.0031 0x0fe4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:51:36.0062 0x0fe4  idsvc - ok
09:51:36.0062 0x0fe4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
09:51:36.0078 0x0fe4  Imapi - ok
09:51:36.0109 0x0fe4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
09:51:36.0125 0x0fe4  ImapiService - ok
09:51:36.0125 0x0fe4  ini910u - ok
09:51:36.0140 0x0fe4  IntelIde - ok
09:51:36.0171 0x0fe4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:51:36.0187 0x0fe4  intelppm - ok
09:51:36.0203 0x0fe4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
09:51:36.0203 0x0fe4  Ip6Fw - ok
09:51:36.0234 0x0fe4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:51:36.0250 0x0fe4  IpFilterDriver - ok
09:51:36.0265 0x0fe4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:51:36.0265 0x0fe4  IpInIp - ok
09:51:36.0296 0x0fe4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:51:36.0296 0x0fe4  IpNat - ok
09:51:36.0375 0x0fe4  [ FE56897B27ED266F9C4E7D90A0B5DA47, 6B39D25FAFBA886ACF3ABC0A2946E053914B80C3F4769AD36279126C5D4970B6 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:51:36.0390 0x0fe4  iPod Service - ok
09:51:36.0437 0x0fe4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:51:36.0437 0x0fe4  IPSec - ok
09:51:36.0468 0x0fe4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
09:51:36.0468 0x0fe4  IRENUM - ok
09:51:36.0500 0x0fe4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:51:36.0515 0x0fe4  isapnp - ok
09:51:36.0578 0x0fe4  [ 5E06A9D23727DAF96FAA796F1135FDCD, CE17B26F6DE8FD229A32A0057855A35EA2A728162808095D2000FF6987AF2939 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:51:36.0578 0x0fe4  JavaQuickStarterService - ok
09:51:36.0625 0x0fe4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:51:36.0625 0x0fe4  Kbdclass - ok
09:51:36.0656 0x0fe4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
09:51:36.0671 0x0fe4  kmixer - ok
09:51:36.0687 0x0fe4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
09:51:36.0703 0x0fe4  KSecDD - ok
09:51:36.0734 0x0fe4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
09:51:36.0750 0x0fe4  lanmanserver - ok
09:51:36.0765 0x0fe4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:51:36.0781 0x0fe4  lanmanworkstation - ok
09:51:36.0781 0x0fe4  lbrtfdc - ok
09:51:36.0828 0x0fe4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
09:51:36.0828 0x0fe4  LmHosts - ok
09:51:36.0843 0x0fe4  lmimirr - ok
09:51:36.0875 0x0fe4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
09:51:36.0875 0x0fe4  MBAMProtector - ok
09:51:36.0984 0x0fe4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:51:37.0015 0x0fe4  MBAMScheduler - ok
09:51:37.0109 0x0fe4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:51:37.0156 0x0fe4  MBAMService - ok
09:51:37.0265 0x0fe4  [ E246A32C445056996074A397DA56E815, 5CD5B22840151CAC1FC990C3E468E5382DCC3F89EFD8CE422B9B10B5BEB6F990 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:51:37.0265 0x0fe4  mdmxsdk - ok
09:51:37.0312 0x0fe4  [ 4E10E84320A8EC1C12BD0D00973B22AB, E83192D442EBD01CEEB7AB96FFCD055C07DEE274EF08FF73060D9809BAAC4AFB ] mdvrmng         C:\WINDOWS\system32\drivers\mdvrmng.sys
09:51:37.0312 0x0fe4  mdvrmng - ok
09:51:37.0343 0x0fe4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
09:51:37.0343 0x0fe4  Messenger - ok
09:51:37.0437 0x0fe4  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:51:37.0437 0x0fe4  Microsoft Office Groove Audit Service - ok
09:51:37.0484 0x0fe4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
09:51:37.0484 0x0fe4  mnmdd - ok
09:51:37.0531 0x0fe4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
09:51:37.0531 0x0fe4  mnmsrvc - ok
09:51:37.0578 0x0fe4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
09:51:37.0578 0x0fe4  Modem - ok
09:51:37.0593 0x0fe4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:51:37.0593 0x0fe4  Mouclass - ok
09:51:37.0656 0x0fe4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:51:37.0656 0x0fe4  mouhid - ok
09:51:37.0687 0x0fe4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
09:51:37.0687 0x0fe4  MountMgr - ok
09:51:37.0687 0x0fe4  mraid35x - ok
09:51:37.0734 0x0fe4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:51:37.0734 0x0fe4  MRxDAV - ok
09:51:37.0828 0x0fe4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:51:37.0859 0x0fe4  MRxSmb - ok
09:51:37.0875 0x0fe4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
09:51:37.0875 0x0fe4  MSDTC - ok
09:51:37.0890 0x0fe4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
09:51:37.0890 0x0fe4  Msfs - ok
09:51:37.0906 0x0fe4  MSIServer - ok
09:51:37.0921 0x0fe4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:51:37.0921 0x0fe4  MSKSSRV - ok
09:51:37.0937 0x0fe4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:51:37.0937 0x0fe4  MSPCLOCK - ok
09:51:37.0953 0x0fe4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
09:51:37.0953 0x0fe4  MSPQM - ok
09:51:38.0000 0x0fe4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:51:38.0000 0x0fe4  mssmbios - ok
09:51:38.0046 0x0fe4  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
09:51:38.0046 0x0fe4  Mup - ok
09:51:38.0109 0x0fe4  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
09:51:38.0140 0x0fe4  napagent - ok
09:51:38.0187 0x0fe4  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
09:51:38.0203 0x0fe4  NDIS - ok
09:51:38.0234 0x0fe4  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:51:38.0234 0x0fe4  NdisTapi - ok
09:51:38.0281 0x0fe4  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:51:38.0281 0x0fe4  Ndisuio - ok
09:51:38.0312 0x0fe4  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:51:38.0312 0x0fe4  NdisWan - ok
09:51:38.0343 0x0fe4  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
09:51:38.0343 0x0fe4  NDProxy - ok
09:51:38.0375 0x0fe4  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
09:51:38.0375 0x0fe4  NetBIOS - ok
09:51:38.0390 0x0fe4  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
09:51:38.0406 0x0fe4  NetBT - ok
09:51:38.0453 0x0fe4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
09:51:38.0468 0x0fe4  NetDDE - ok
09:51:38.0484 0x0fe4  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
09:51:38.0500 0x0fe4  NetDDEdsdm - ok
09:51:38.0531 0x0fe4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
09:51:38.0531 0x0fe4  Netlogon - ok
09:51:38.0562 0x0fe4  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
09:51:38.0578 0x0fe4  Netman - ok
09:51:38.0640 0x0fe4  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:51:38.0640 0x0fe4  NetTcpPortSharing - ok
09:51:38.0859 0x0fe4  [ 71371ED9086A3D65F43967C89634E9A9, B0E5F7090970BCDB3C8C42DA49AFA0E5A6E74D0052298B54B83623E29C1360D1 ] NETw3x32        C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
09:51:38.0937 0x0fe4  NETw3x32 - ok
09:51:39.0062 0x0fe4  [ 6B054F7E94CCA5161A0BFB065C931308, C7F91CF1D4862FF4E78585CDCF6065F0F1AE6D88E8D5A6CDBADCF74EC1600153 ] NetworkX        C:\WINDOWS\system32\ckldrv.sys
09:51:39.0062 0x0fe4  NetworkX - ok
09:51:39.0078 0x0fe4  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:51:39.0078 0x0fe4  NIC1394 - ok
09:51:39.0109 0x0fe4  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
09:51:39.0125 0x0fe4  Nla - ok
09:51:39.0156 0x0fe4  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
09:51:39.0156 0x0fe4  Npfs - ok
09:51:39.0218 0x0fe4  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
09:51:39.0234 0x0fe4  Ntfs - ok
09:51:39.0250 0x0fe4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
09:51:39.0250 0x0fe4  NtLmSsp - ok
09:51:39.0312 0x0fe4  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
09:51:39.0328 0x0fe4  NtmsSvc - ok
09:51:39.0343 0x0fe4  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
09:51:39.0343 0x0fe4  Null - ok
09:51:39.0390 0x0fe4  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:51:39.0390 0x0fe4  NwlnkFlt - ok
09:51:39.0390 0x0fe4  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:51:39.0406 0x0fe4  NwlnkFwd - ok
09:51:39.0500 0x0fe4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:51:39.0531 0x0fe4  odserv - ok
09:51:39.0546 0x0fe4  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:51:39.0546 0x0fe4  ohci1394 - ok
09:51:39.0609 0x0fe4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:51:39.0625 0x0fe4  ose - ok
09:51:39.0671 0x0fe4  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
09:51:39.0687 0x0fe4  Parport - ok
09:51:39.0703 0x0fe4  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
09:51:39.0703 0x0fe4  PartMgr - ok
09:51:39.0734 0x0fe4  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
09:51:39.0734 0x0fe4  ParVdm - ok
09:51:39.0765 0x0fe4  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
09:51:39.0781 0x0fe4  PCI - ok
09:51:39.0781 0x0fe4  PCIDump - ok
09:51:39.0828 0x0fe4  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
09:51:39.0828 0x0fe4  PCIIde - ok
09:51:39.0859 0x0fe4  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
09:51:39.0875 0x0fe4  Pcmcia - ok
09:51:39.0875 0x0fe4  PDCOMP - ok
09:51:39.0890 0x0fe4  PDFRAME - ok
09:51:39.0890 0x0fe4  PDRELI - ok
09:51:39.0906 0x0fe4  PDRFRAME - ok
09:51:39.0906 0x0fe4  perc2 - ok
09:51:39.0921 0x0fe4  perc2hib - ok
09:51:39.0968 0x0fe4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
09:51:39.0984 0x0fe4  PlugPlay - ok
09:51:40.0000 0x0fe4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
09:51:40.0000 0x0fe4  PolicyAgent - ok
09:51:40.0015 0x0fe4  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:51:40.0015 0x0fe4  PptpMiniport - ok
09:51:40.0031 0x0fe4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:51:40.0031 0x0fe4  ProtectedStorage - ok
09:51:40.0046 0x0fe4  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
09:51:40.0046 0x0fe4  PSched - ok
09:51:40.0078 0x0fe4  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:51:40.0093 0x0fe4  Ptilink - ok
09:51:40.0093 0x0fe4  ql1080 - ok
09:51:40.0109 0x0fe4  Ql10wnt - ok
09:51:40.0109 0x0fe4  ql12160 - ok
09:51:40.0125 0x0fe4  ql1240 - ok
09:51:40.0125 0x0fe4  ql1280 - ok
09:51:40.0140 0x0fe4  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:51:40.0140 0x0fe4  RasAcd - ok
09:51:40.0187 0x0fe4  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
09:51:40.0203 0x0fe4  RasAuto - ok
09:51:40.0218 0x0fe4  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:51:40.0234 0x0fe4  Rasl2tp - ok
09:51:40.0296 0x0fe4  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
09:51:40.0312 0x0fe4  RasMan - ok
09:51:40.0328 0x0fe4  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:51:40.0328 0x0fe4  RasPppoe - ok
09:51:40.0343 0x0fe4  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
09:51:40.0343 0x0fe4  Raspti - ok
09:51:40.0406 0x0fe4  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:51:40.0421 0x0fe4  Rdbss - ok
09:51:40.0421 0x0fe4  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:51:40.0421 0x0fe4  RDPCDD - ok
09:51:40.0484 0x0fe4  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
09:51:40.0500 0x0fe4  RDPWD - ok
09:51:40.0546 0x0fe4  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
09:51:40.0562 0x0fe4  RDSessMgr - ok
09:51:40.0593 0x0fe4  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
09:51:40.0593 0x0fe4  redbook - ok
09:51:40.0656 0x0fe4  [ D8894ACEFE1A607DE7D0E628285BFFF4, 318E34CB2037706D257B89B71C667166A7A03CCB52D0823164AAAC20B4AA6152 ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:51:40.0687 0x0fe4  RegSrvc - ok
09:51:40.0734 0x0fe4  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
09:51:40.0750 0x0fe4  RemoteAccess - ok
09:51:40.0781 0x0fe4  [ 24ED7AF20651F9FA1F249482E7C1F165, 6F7BD68CBA0CACDCB6B43A401887A190FD825B4EE1974D07271224CB225A8DC2 ] rimmptsk        C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:51:40.0781 0x0fe4  rimmptsk - ok
09:51:40.0796 0x0fe4  [ 1BDBA2D2D402415A78A4BA766DFE0F7B, 894EB6956B8F28DE96B846AC87E4FDD9614240871D6A326CEFB7F99184BC3E79 ] rimsptsk        C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:51:40.0796 0x0fe4  rimsptsk - ok
09:51:40.0843 0x0fe4  [ F774ECD11A064F0DEBB2D4395418153C, 053CBC85E40C6D8D1FC2968A2B7FD43445E6B0FDEED5905A905F953A236052C9 ] rismxdp         C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
09:51:40.0875 0x0fe4  rismxdp - ok
09:51:40.0906 0x0fe4  [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7, CDF10D3D8ADA7ADB1CC1567BFA986557C6D69F4099B70FDFABD4C3D09E3CA778 ] ROOTMODEM       C:\WINDOWS\system32\Drivers\RootMdm.sys
09:51:40.0906 0x0fe4  ROOTMODEM - ok
09:51:40.0968 0x0fe4  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
09:51:40.0968 0x0fe4  RpcLocator - ok
09:51:41.0031 0x0fe4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
09:51:41.0062 0x0fe4  RpcSs - ok
09:51:41.0093 0x0fe4  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
09:51:41.0109 0x0fe4  RSVP - ok
09:51:41.0250 0x0fe4  [ C17C3A529CE14012F9731A6E264C1911, 1B928E70F4416E2A487830D2C81CBB5939ACE9ECE3D4BC75C1CB1CE35CE242FB ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:51:41.0328 0x0fe4  S24EventMonitor - ok
09:51:41.0421 0x0fe4  [ DAEF68FC328342D219DE928C8EE610B2, 8E02F15FE15C42C16297872AF79081C72078C133FDFF4F0375CECDF7486403E0 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:51:41.0421 0x0fe4  s24trans - ok
09:51:41.0437 0x0fe4  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
09:51:41.0437 0x0fe4  SamSs - ok
09:51:41.0484 0x0fe4  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
09:51:41.0484 0x0fe4  SCardSvr - ok
09:51:41.0531 0x0fe4  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
09:51:41.0546 0x0fe4  Schedule - ok
09:51:41.0578 0x0fe4  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:51:41.0578 0x0fe4  sdbus - ok
09:51:41.0625 0x0fe4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:51:41.0625 0x0fe4  Secdrv - ok
09:51:41.0640 0x0fe4  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
09:51:41.0640 0x0fe4  seclogon - ok
09:51:41.0656 0x0fe4  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
09:51:41.0656 0x0fe4  SENS - ok
09:51:41.0671 0x0fe4  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
09:51:41.0671 0x0fe4  Serial - ok
09:51:41.0703 0x0fe4  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
09:51:41.0703 0x0fe4  Sfloppy - ok
09:51:41.0734 0x0fe4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:51:41.0734 0x0fe4  ShellHWDetection - ok
09:51:41.0750 0x0fe4  Simbad - ok
09:51:41.0781 0x0fe4  [ A1ECEEAA5C5E74B2499EB51D38185B84, BB866DDA4D1F85A68A652204DAC7378456793E096A15F88B9C153BECD3D18C27 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:51:41.0781 0x0fe4  SONYPVU1 - ok
09:51:41.0781 0x0fe4  Sparrow - ok
09:51:41.0812 0x0fe4  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
09:51:41.0812 0x0fe4  splitter - ok
09:51:41.0843 0x0fe4  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
09:51:41.0859 0x0fe4  Spooler - ok
09:51:41.0875 0x0fe4  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
09:51:41.0875 0x0fe4  sr - ok
09:51:41.0937 0x0fe4  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
09:51:41.0937 0x0fe4  srservice - ok
09:51:41.0968 0x0fe4  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
09:51:41.0984 0x0fe4  Srv - ok
09:51:42.0015 0x0fe4  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
09:51:42.0015 0x0fe4  SSDPSRV - ok
09:51:42.0062 0x0fe4  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:51:42.0062 0x0fe4  ssmdrv - ok
09:51:42.0171 0x0fe4  [ 3AD78E22210D3FBD9F76DE84A8DF19B5, 4C3BA26DE5A5567F958EC8173191E0B3CE3438AD0AD6115BDED28A7B5A0DA0B8 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
09:51:42.0218 0x0fe4  STHDA - ok
09:51:42.0250 0x0fe4  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
09:51:42.0265 0x0fe4  stisvc - ok
09:51:42.0296 0x0fe4  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
09:51:42.0296 0x0fe4  swenum - ok
09:51:42.0328 0x0fe4  [ 5230AAB3A00B0A1B89580D8ED85B5BFA, F7C84C296E08D80E2291D6D2EE4DCBFDEB17480CE5DDD235F92937227D471342 ] swivsp          C:\WINDOWS\system32\DRIVERS\swivspnt.sys
09:51:42.0328 0x0fe4  swivsp - ok
09:51:42.0343 0x0fe4  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
09:51:42.0343 0x0fe4  swmidi - ok
09:51:42.0343 0x0fe4  SwPrv - ok
09:51:42.0359 0x0fe4  symc810 - ok
09:51:42.0375 0x0fe4  symc8xx - ok
09:51:42.0375 0x0fe4  sym_hi - ok
09:51:42.0375 0x0fe4  sym_u3 - ok
09:51:42.0406 0x0fe4  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
09:51:42.0406 0x0fe4  sysaudio - ok
09:51:42.0453 0x0fe4  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
09:51:42.0453 0x0fe4  SysmonLog - ok
09:51:42.0484 0x0fe4  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
09:51:42.0484 0x0fe4  TapiSrv - ok
09:51:42.0546 0x0fe4  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:51:42.0562 0x0fe4  Tcpip - ok
09:51:42.0609 0x0fe4  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
09:51:42.0609 0x0fe4  TDPIPE - ok
09:51:42.0625 0x0fe4  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
09:51:42.0625 0x0fe4  TDTCP - ok
09:51:42.0640 0x0fe4  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
09:51:42.0640 0x0fe4  TermDD - ok
09:51:42.0687 0x0fe4  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
09:51:42.0687 0x0fe4  TermService - ok
09:51:42.0718 0x0fe4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
09:51:42.0734 0x0fe4  Themes - ok
09:51:42.0734 0x0fe4  TosIde - ok
09:51:42.0750 0x0fe4  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
09:51:42.0765 0x0fe4  TrkWks - ok
09:51:42.0781 0x0fe4  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
09:51:42.0781 0x0fe4  Udfs - ok
09:51:42.0921 0x0fe4  [ 51097346A2E4A622D712CD8154FCBA4B, 586448F3572D288F550B9CE3637A0C8D32B4077C8E13F4CEF01BB357B21B218C ] UDisk Monitor   C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
09:51:42.0937 0x0fe4  UDisk Monitor - ok
09:51:42.0953 0x0fe4  UIUSys - ok
09:51:42.0953 0x0fe4  ultra - ok
09:51:43.0000 0x0fe4  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
09:51:43.0015 0x0fe4  Update - ok
09:51:43.0046 0x0fe4  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
09:51:43.0046 0x0fe4  upnphost - ok
09:51:43.0062 0x0fe4  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
09:51:43.0078 0x0fe4  UPS - ok
09:51:43.0109 0x0fe4  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:51:43.0109 0x0fe4  usbccgp - ok
09:51:43.0125 0x0fe4  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:51:43.0125 0x0fe4  usbehci - ok
09:51:43.0171 0x0fe4  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:51:43.0171 0x0fe4  usbhub - ok
09:51:43.0187 0x0fe4  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:51:43.0187 0x0fe4  USBSTOR - ok
09:51:43.0203 0x0fe4  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:51:43.0203 0x0fe4  usbuhci - ok
09:51:43.0234 0x0fe4  [ BFA4AE30B3AC10E9223830BF103F5A3F, B576A00FF42574B7247FF9D92FF12B2AE7D525769F964C0E0411799982A2BD11 ] vcdrom          C:\WINDOWS\system32\drivers\VCdRom.sys
09:51:43.0234 0x0fe4  vcdrom - ok
09:51:43.0281 0x0fe4  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044, 0F6F3FF106015580009776A1F91FD10371BAF229A2A773436A5783F142CC1A0C ] VClone          C:\WINDOWS\system32\DRIVERS\VClone.sys
09:51:43.0281 0x0fe4  VClone - ok
09:51:43.0296 0x0fe4  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
09:51:43.0296 0x0fe4  VgaSave - ok
09:51:43.0296 0x0fe4  ViaIde - ok
09:51:43.0296 0x0fe4  VMnetAdapter - ok
09:51:43.0328 0x0fe4  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
09:51:43.0328 0x0fe4  VolSnap - ok
09:51:43.0390 0x0fe4  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
09:51:43.0390 0x0fe4  VSS - ok
09:51:43.0437 0x0fe4  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
09:51:43.0437 0x0fe4  W32Time - ok
09:51:43.0515 0x0fe4  [ 5D81DFEDC21830764B02F12415AFAE2B, 379753219632E1705578922B5FBD0A84A00C517FCB3E9CBE01DEBBDCD513EF60 ] wampapache      c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
09:51:43.0515 0x0fe4  wampapache - ok
09:51:43.0578 0x0fe4  wampmysqld - ok
09:51:43.0593 0x0fe4  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:51:43.0609 0x0fe4  Wanarp - ok
09:51:43.0671 0x0fe4  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
09:51:43.0687 0x0fe4  Wdf01000 - ok
09:51:43.0687 0x0fe4  WDICA - ok
09:51:43.0734 0x0fe4  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
09:51:43.0734 0x0fe4  wdmaud - ok
09:51:43.0781 0x0fe4  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
09:51:43.0781 0x0fe4  WebClient - ok
09:51:43.0859 0x0fe4  [ BA6B6FB242A6BA4068C8B763063BEB63, 424324919D018033D93A19F30C8CACF4F88808A79EA17B35284EA02BA8A7DD27 ] winachsf        C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
09:51:43.0875 0x0fe4  winachsf - ok
09:51:43.0984 0x0fe4  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
09:51:43.0984 0x0fe4  winmgmt - ok
09:51:44.0046 0x0fe4  [ 22516ED8E0D89323D4E0D9CCC2848819, 1A9B7816B7F9C54F0E8C23B6FEC5B61622D27A0C02CC021B48A0721DBC034A8C ] WLANKEEPER      C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
09:51:44.0062 0x0fe4  WLANKEEPER - ok
09:51:44.0093 0x0fe4  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
09:51:44.0093 0x0fe4  WmdmPmSN - ok
09:51:44.0109 0x0fe4  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:51:44.0109 0x0fe4  WmiAcpi - ok
09:51:44.0140 0x0fe4  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:51:44.0156 0x0fe4  WmiApSrv - ok
09:51:44.0265 0x0fe4  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:51:44.0281 0x0fe4  WPFFontCache_v0400 - ok
09:51:44.0343 0x0fe4  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:51:44.0343 0x0fe4  WS2IFSL - ok
09:51:44.0421 0x0fe4  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
09:51:44.0437 0x0fe4  WZCSVC - ok
09:51:44.0484 0x0fe4  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
09:51:44.0484 0x0fe4  xmlprov - ok
09:51:44.0546 0x0fe4  [ 4B6DFADD45C19AD43FD56B965EFD2DC3, B5DDF9913A755C6AFF3C9445964C9B135EB675BEC92D6064FFF4F10255C05460 ] ztemtusbser     C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
09:51:44.0546 0x0fe4  ztemtusbser - ok
09:51:44.0562 0x0fe4  ================ Scan global ===============================
09:51:44.0593 0x0fe4  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
09:51:44.0640 0x0fe4  [ 8C7DCA4B158BF16894120786A7A5F366, E232E82B45412A636F936567036CB966F28F5C3730982145B8A8239B485E4A7E ] C:\WINDOWS\system32\winsrv.dll
09:51:44.0671 0x0fe4  [ 8C7DCA4B158BF16894120786A7A5F366, E232E82B45412A636F936567036CB966F28F5C3730982145B8A8239B485E4A7E ] C:\WINDOWS\system32\winsrv.dll
09:51:44.0703 0x0fe4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
09:51:44.0703 0x0fe4  [ Global ] - ok
09:51:44.0703 0x0fe4  ================ Scan MBR ==================================
09:51:44.0718 0x0fe4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:51:44.0953 0x0fe4  \Device\Harddisk0\DR0 - ok
09:51:44.0953 0x0fe4  ================ Scan VBR ==================================
09:51:44.0953 0x0fe4  [ A027442A9E128FF3AF1DB9D06A10D544 ] \Device\Harddisk0\DR0\Partition1
09:51:44.0968 0x0fe4  \Device\Harddisk0\DR0\Partition1 - ok
09:51:44.0984 0x0fe4  [ AEF3C362896AB78990AD8596C904B8D3 ] \Device\Harddisk0\DR0\Partition2
09:51:44.0984 0x0fe4  \Device\Harddisk0\DR0\Partition2 - ok
09:51:44.0984 0x0fe4  Waiting for KSN requests completion. In queue: 181
09:51:45.0984 0x0fe4  Waiting for KSN requests completion. In queue: 181
09:51:46.0984 0x0fe4  Waiting for KSN requests completion. In queue: 181
09:51:48.0015 0x0fe4  AV detected via SS1: AntiVir Desktop, 10.0.1.59, disabled, outofdate
09:51:50.0453 0x0fe4  ============================================================
09:51:50.0453 0x0fe4  Scan finished
09:51:50.0453 0x0fe4  ============================================================
09:51:50.0453 0x0a3c  Detected object count: 1
09:51:50.0453 0x0a3c  Actual detected object count: 1
09:52:10.0703 0x0a3c  FltMgr ( LockedFile.Multi.Generic ) - User select action: Quarantine 
09:59:26.0796 0x0808  Deinitialize success
 

-----------------------------------------------------------------------------------------------

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2012-12-11 09:59:32
-----------------------------
09:59:32.640    OS Version: Windows 5.1.2600 Service Pack 3
09:59:32.640    Number of processors: 2 586 0xE08
09:59:32.640    ComputerName: MUKESH  UserName: Owner
09:59:33.343    Initialize success
10:05:29.734    AVAST engine defs: 13120902
10:06:02.406    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:06:02.421    Disk 0 Vendor: ST98823AS 8.03 Size: 74881MB BusType: 3
10:06:02.578    Disk 0 MBR read successfully
10:06:02.578    Disk 0 MBR scan
10:06:02.656    Disk 0 Windows XP default MBR code
10:06:02.656    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
10:06:02.703    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        53984 MB offset 80325
10:06:02.734    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17476 MB offset 110655720
10:06:02.750    Disk 0 Partition 4 00     DB  CP/M / CTOS MSWIN4.1     3365 MB offset 146448540
10:06:02.750    Disk 0 scanning sectors +153340425
10:06:02.953    Disk 0 scanning C:\WINDOWS\system32\drivers
10:06:21.328    Service scanning
10:06:46.515    Modules scanning
10:06:52.500    Disk 0 trace - called modules:
10:06:52.531    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
10:06:52.531    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d02ab8]
10:06:52.531    3 CLASSPNP.SYS[f769dfd7] -> nt!IofCallDriver -> \Device\00000074[0x86d07e98]
10:06:52.531    5 ACPI.sys[f7514620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d55d98]
10:06:53.750    AVAST engine scan C:\WINDOWS
10:07:02.718    AVAST engine scan C:\WINDOWS\system32
10:09:41.890    AVAST engine scan C:\WINDOWS\system32\drivers
10:10:07.437    AVAST engine scan C:\Documents and Settings\Owner
10:30:53.296    File: C:\Documents and Settings\Owner\My Documents\Downloads\iExplore.exe  **INFECTED** Win32:Malware-gen
10:31:43.406    AVAST engine scan C:\Documents and Settings\All Users
10:32:56.046    Scan finished successfully
10:35:01.015    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
10:35:01.015    The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
 
----------------------------------

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 AM

Posted 10 December 2013 - 10:30 AM

Greetings,

Thanks for the reports. Please run this for me.

===================================================

ComboFix Windows XP

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.
  • Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer

ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Query_RC.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware
----------

Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

----------

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 10 December 2013 - 01:10 PM

The computer seems to be working ok, but whenever i go to www.google.com, it says cannot connect to real google and give an SSL error.  Please find the combofix log below:

 

ComboFix 13-12-10.01 - Owner 12/11/2012  17:44:31.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.457 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-11 to 2012-12-11  )))))))))))))))))))))))))))))))
.
.
2013-09-07 11:41 . 2013-09-07 11:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Blackboard
2013-08-15 21:57 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-08-15 21:55 . 2013-08-15 21:55 -------- d-----w- c:\program files\iPod
2013-08-15 21:55 . 2013-08-15 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-15 21:54 . 2013-08-15 21:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2013-08-15 21:53 . 2013-08-15 21:53 -------- d-----w- c:\program files\Bonjour
2013-06-22 18:15 . 2013-06-22 18:33 -------- d-----w- c:\documents and settings\Owner\.android
2013-05-26 21:57 . 2013-05-26 21:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Unity
2013-05-26 21:49 . 2013-05-26 21:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity
2013-05-21 19:08 . 2013-05-21 19:08 -------- d-----w- c:\documents and settings\Owner\workspace
2013-05-19 11:25 . 2013-05-19 18:38 -------- d-----w- c:\documents and settings\Owner\mindterm
2013-05-19 11:25 . 2013-05-19 18:38 -------- d-----w- c:\documents and settings\Owner\.rightscale
2013-05-15 11:31 . 2013-05-15 11:31 -------- d-----w- c:\documents and settings\Owner\.m2
2013-05-08 19:26 . 2013-05-08 19:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Python-Eggs
2013-04-08 06:42 . 2013-04-08 06:42 0 ----a-w- c:\documents and settings\Owner\.mongorc.js
2013-04-07 14:44 . 2013-05-15 10:36 -------- d-----w- C:\mongo_class
2013-01-24 12:02 . 2001-08-17 13:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-01-24 12:02 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-01-24 12:02 . 2008-04-13 13:45 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2013-01-24 12:02 . 2008-04-13 13:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-12-19 12:48 . 2012-12-19 12:48 -------- d-----w- c:\windows\system32\LogFiles
2012-12-11 09:49 . 2012-12-11 09:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-28 21:40 . 2012-11-28 22:23 -------- d-----w- c:\program files\Active Ports(2)
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 19:24 . 2012-03-31 07:04 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-19 19:24 . 2011-06-06 01:31 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-28 22:30 . 2010-10-17 21:50 90112 ----a-w- c:\windows\DUMP6afe.tmp
2013-04-04 13:50 . 2010-10-19 01:29 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2004-08-04 10:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2004-08-04 10:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2004-08-04 10:00 375296 -c--a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 10:00 43520 -c--a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 10:00 1469440 -c----w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 10:00 385024 -c--a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2004-08-04 10:00 58368 -c--a-w- c:\windows\system32\synceng.dll
2012-09-18 22:10 . 2011-10-16 17:47 197 ----a-w- C:\setItextEnv.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Pro"="0" [X]
"Wisdom-soft ScreenHunter 6.0 Free"="0" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-21 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2012-02-27 3387904]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - c:\apache2.2\bin\ApacheMonitor.exe [2011-9-9 41051]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [9/8/2009 12:43 PM 65584]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [10/24/2010 2:06 AM 8576]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/19/2010 1:34 AM 136360]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [5/7/2012 9:48 PM 1740696]
R2 BT Common Client;BT Common Client;c:\program files\BT Common Client\btomosrv.exe [7/3/2007 11:14 AM 61440]
R2 gtdetectsc;GtDetectSc Service;c:\windows\system32\Gtdetectsc.exe [4/25/2012 4:20 PM 118784]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/13/2012 9:00 PM 418376]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [5/7/2012 9:48 PM 73216]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [3/26/2007 8:48 AM 20352]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/19/2010 1:29 AM 701512]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [2/20/2012 9:31 AM 512000]
S3 Apache2.2;Apache2.2;c:\apache2.2\bin\httpd.exe [9/9/2011 4:56 AM 20549]
S3 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\drivers\btwsp50.sys [4/20/2007 4:44 AM 24560]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [5/7/2012 9:48 PM 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [5/7/2012 9:48 PM 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [5/7/2012 9:48 PM 235392]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/19/2010 1:29 AM 22856]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2/20/2012 9:31 AM 105472]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:24]
.
2013-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1275210071-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 01:24]
.
2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1275210071-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 01:24]
.
2013-12-01 c:\windows\Tasks\User_Feed_Synchronization-{3C686628-8762-4ECE-A775-6A16A0A1EBEC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: cna.com\passage
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-MisVh55 - c:\windows\inf\ MisVh55.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-11 17:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-1275210071-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D3D2549-F664-6C12-5ED1-5B6F4E01C40F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\NetWorx\deskband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-12-11  18:01:50
ComboFix-quarantined-files.txt  2012-12-11 18:01
ComboFix2.txt  2012-11-19 20:53
.
Pre-Run: 18,221,219,840 bytes free
Post-Run: 23,337,021,440 bytes free
.
- - End Of File - - CC2FE84BB139FE73305373AD8CDEC7E1
8F558EB6672622401DA993E1E865C861
 


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 AM

Posted 10 December 2013 - 01:49 PM

it says cannot connect to real google and give an SSL error

Did this symptom just surface?  Which browser are you using?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 10 December 2013 - 02:00 PM

No the symptom didn't occur just now. It started from the day I got infected with this virus "MisVh55".
When i started this post, i mentioned about it.
I am attaching a screenshots of both IE and Chrome browser.
On other hand, if i open www.bing.com in any of the browser, it doesn't gives this warning and opens the site without any issues.

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 AM

Posted 10 December 2013 - 07:11 PM

Please do this.

===================================================

Adding Trusted Site

--------------------
  • Click Start, then Control Panel
  • Click Internet Options
  • Click the Security tab
  • Click Trusted Sites, then Sites
  • Under Add this website to the zone: type https://www.google.com, then click Add
  • Close the window, click OK, then try to navigate to Google
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 11 December 2013 - 02:30 AM

Even after adding the url "https://www.google.com" to trusted sites both the Chrome and IE browser had the same SSL errors as mentioned earlier.

 

Thanks.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 AM

Posted 11 December 2013 - 09:02 AM

Two things please.

Can you tell me if the date and time is correct on your computer. Also, please do this.

===================================================

Temporary File Cleaner (TFC)

--------------------
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean
  • Check access to Google
NOTE: It's normal for the computer to boot more slowly the first time after running TFC

TFC will clear out all temporary folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. TFC only cleans temporary folders and will not clean URL history, prefetch, or cookies


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Date and time correct?
  • Can you access Google?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 11 December 2013 - 01:39 PM

Ran the TFC.exe. It rebooted the system and the date was not correct. It was 12/12/12, whereas it should be 12/12/13. But this might be because i manually changed the time couple of day backs, before creating this post. when i got first affect the time was reset to 2002. It is still having the SSL error for www. google.com site in both the browsers.

 

One thing I noticed, when it gives the SSL error in IE browser, is it is trying to connect to a specific URL in california. Not sure, if this is the real IP address of google.com site. Attaching a screenshot for your reference.

 

Thanks

Attached Files



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 AM

Posted 11 December 2013 - 01:49 PM

Yes, that is a Google IP address.

Please reset your clock to your current date/time
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 mukesh51

mukesh51
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 11 December 2013 - 02:13 PM

Sure. Just one more thing, probably i didn't mention so far, everytime i reboot my machine, it keeps on saying near the start button that New Programs have been installed on your computer, which is wrong, because i haven't installed a new program.

 

I did mention at the start of the post that the System Restore also didn't work.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users