Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: robert1 on January 10, 2012, 10:17:02 AM
-
ComboFix 12-01-09.07 - pc 01/10/2012 3:54.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.1271 [GMT 0:00]
Running from: c:\users\pc\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\sys32
c:\programdata\sys32\Screenshot0.jpeg
c:\windows\alcrmv.exe
c:\windows\system32\spsys.log
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-07 21:38 . 2012-01-07 21:38 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-07 21:32 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-07 21:32 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-07 21:32 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-07 21:31 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-07 21:31 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-07 21:31 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-07 21:31 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-07 21:31 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-07 21:31 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-07 21:31 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-07 21:30 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-01-07 21:30 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-01-07 21:30 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-01-07 21:30 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-07 21:30 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-01-07 21:30 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-01-07 21:30 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-01-07 21:30 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-01-07 21:30 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-01-07 21:30 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-07 21:30 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-01-07 21:30 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-01-07 21:05 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-07 21:05 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:05 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-07 21:05 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:05 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-07 21:05 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:05 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-07 21:05 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-01-07 21:04 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-01-07 21:04 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-07 21:04 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 01:09 . 2012-01-07 01:09 -------- d-----w- C:\$AVG
2012-01-07 01:09 . 2012-01-10 02:26 -------- d-----w- c:\program files\rkfree
2012-01-07 01:09 . 2012-01-07 01:09 -------- d---a-w- c:\programdata\rkfree
2012-01-07 01:06 . 2012-01-07 01:09 -------- d-----w- c:\users\pc\AppData\Roaming\GetRightToGo
2012-01-04 23:42 . 2012-01-04 23:43 -------- d--h--w- c:\program files\Temp
2012-01-03 12:34 . 2009-10-07 12:01 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-01-03 12:34 . 2009-10-07 12:01 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-01-03 12:34 . 2009-10-07 12:01 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-01-03 12:34 . 2009-08-25 17:03 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-01-03 12:34 . 2009-08-25 17:03 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-01-03 12:34 . 2009-08-25 17:03 103680 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-01-02 21:13 . 2012-01-02 21:17 -------- d-----w- c:\users\pc\AppData\Roaming\AVG
2012-01-01 22:07 . 2012-01-01 22:07 -------- d-----w- c:\users\pc\AppData\Roaming\PeerNetworking
2012-01-01 07:38 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-01 07:37 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-01 07:36 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 07:36 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-01-01 07:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-01-01 07:36 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-01 07:33 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-01-01 07:33 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-01-01 07:33 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-01-01 07:33 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-01 07:33 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-01-01 07:33 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-01-01 07:33 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-01 07:33 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-01 07:33 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-01 07:33 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-01 07:33 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-01 07:33 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-01 07:32 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-01 07:32 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-29 07:46 . 2012-01-10 02:45 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-29 07:46 . 2011-12-29 07:56 -------- d-----w- c:\programdata\AVG2012
2011-12-29 07:42 . 2012-01-02 21:19 -------- d-----w- c:\program files\AVG
2011-12-22 19:12 . 2012-01-04 20:59 -------- d-----w- c:\users\pc\AppData\Local\Conduit
2011-12-22 11:31 . 2012-01-04 18:15 -------- d-----w- c:\users\pc\AppData\Roaming\QuickScan
2011-12-22 06:58 . 2011-12-22 06:58 -------- d-----w- c:\users\pc\AppData\Roaming\CheckPoint
2011-12-22 06:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-22 06:47 . 2012-01-04 21:02 -------- d-----w- c:\program files\CheckPoint
2011-12-22 06:43 . 2004-10-15 18:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2011-12-22 06:42 . 2011-12-22 06:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-22 06:12 . 2011-12-22 06:12 -------- d-----w- c:\windows\system32\ca-ES
2011-12-22 06:12 . 2011-12-22 06:12 -------- d-----w- c:\windows\system32\eu-ES
2011-12-22 06:12 . 2011-12-22 06:12 -------- d-----w- c:\windows\system32\vi-VN
2011-12-22 05:51 . 2011-12-22 05:51 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 05:48 . 2009-04-11 06:28 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2011-12-22 05:47 . 2009-04-11 06:28 1382912 ----a-w- c:\windows\system32\WMVSDECD.DLL
2011-12-22 05:46 . 2009-04-11 06:28 19968 ----a-w- c:\windows\system32\winrnr.dll
2011-12-22 05:12 . 2012-01-01 06:17 -------- d-----w- c:\users\pc\AppData\Local\ElevatedDiagnostics
2011-12-21 21:59 . 2011-12-21 21:59 107336 ----a-w- c:\windows\system32\drivers\bknqRDNT.sys
2011-12-21 21:31 . 2011-12-21 21:31 -------- d-----w- c:\users\pc\AppData\Roaming\DriverCure
2011-12-21 21:31 . 2011-12-21 21:31 -------- d-----w- c:\users\pc\AppData\Roaming\SpeedyPC Software
2011-12-21 15:10 . 2012-01-10 00:17 -------- d-----w- c:\users\pc\AppData\Local\Mozilla Firefox
2011-12-20 21:41 . 2011-12-20 21:41 -------- d-----w- c:\users\pc\AppData\Roaming\Online Games Downloader
2011-12-20 21:41 . 2011-12-20 21:41 -------- d-----w- c:\program files\Online Games Downloader
2011-12-20 21:26 . 2011-12-20 21:26 79836 ----a-w- c:\windows\system32\fruninst.exe
2011-12-20 21:14 . 2011-12-20 21:14 -------- d-----w- c:\users\pc\AppData\Local\Adobe
2011-12-20 14:14 . 2011-11-30 02:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BD68BD2A-A663-4359-9A53-F61822A1456F}\mpengine.dll
2011-12-20 14:12 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-20 14:12 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-20 14:08 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-20 14:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-20 14:08 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 14:08 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 14:08 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 14:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-20 14:07 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-12-20 14:07 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-12-18 16:02 . 2011-12-18 16:02 -------- d-----w- c:\users\pc\AppData\Local\Microsoft Games
2011-12-17 16:05 . 2011-12-30 23:11 -------- d-----w- c:\users\pc\AppData\Roaming\dvdcss
2011-12-17 16:05 . 2011-12-18 18:26 -------- d-----w- c:\users\pc\AppData\Roaming\vlc
2011-12-17 15:36 . 2011-12-17 15:36 -------- d-----w- c:\program files\Common Files\Steam
2011-12-17 15:34 . 2007-07-19 18:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-12-17 12:18 . 2011-12-17 12:18 -------- d-----w- c:\programdata\Systweak
2011-12-16 22:21 . 2011-12-29 19:25 1816 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-16 22:21 . 2010-04-19 17:15 15080 ----a-w- c:\windows\system32\ROBoot.exe
2011-12-16 22:14 . 2011-12-16 22:14 -------- d-----w- c:\windows\Repair
2011-12-16 22:14 . 2011-12-16 22:14 -------- d-----w- c:\users\pc\AppData\Roaming\Systweak
2011-12-16 22:13 . 2010-01-30 15:00 17136 ----a-w- c:\windows\system32\sasnative32.exe
2011-12-16 22:13 . 2011-12-16 22:17 -------- d-----w- c:\program files\Advanced System Optimizer 3
2011-12-16 22:10 . 2012-01-04 19:03 -------- d-----w- c:\users\pc\AppData\Roaming\uTorrent
2011-12-16 22:10 . 2011-12-16 22:10 -------- d-----w- c:\users\pc\AppData\Local\uTorrent
2011-12-16 20:47 . 2011-12-16 20:47 -------- d-----w- c:\program files\VideoLAN
2011-12-16 20:37 . 2011-12-16 20:37 -------- d-----w- c:\users\pc\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 23:42 . 2011-04-26 13:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-10 15:24 . 2011-07-03 17:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 14:29 . 2011-04-27 10:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 06:53 . 2011-12-16 20:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF255C7-8742-4B96-8971-1268EEE04974}]
2010-11-12 17:32 1368480 ----a-w- c:\program files\Online Games Downloader\SWFCatcher.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-05-21 2605192]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-05-21 362392]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-10-20 2998272]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32\0\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2548725397-2496849373-359535291-1001]
"EnableNotificationsRef"=dword:00000003
.
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [2010-01-30 6656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Flash Recorder\mfnsp32.dll
TCP: Interfaces\{6623CB66-7996-4B51-9686-52F1C8139E98}: NameServer = 82.132.254.3 82.132.254.2
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lso94mm2.default\
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
AddRemove-HijackThis - c:\users\pc\AppData\Local\Temp\Rar$EX17.232\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-10 04:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wsqmcons.exe
c:\windows\system32\schtasks.exe
.
**************************************************************************
.
Completion time: 2012-01-10 04:27:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 04:27
.
Pre-Run: 45,245,841,408 bytes free
Post-Run: 45,890,932,736 bytes free
.
- - End Of File - - AA547D0ADCC02390594B516D02A90B4C
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
ComboFix is a very powerful tool and should not be used without the supervision of malware removal expert.
What sort of problems are you experiencing on your computer?
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*****************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.
(http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg)
1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE (http://www.bleepingcomputer.com/forums/topic114351.html).Then post your DDS logs. (DDS.txt and Attach.txt )
-
Sorry for taking so long to answer.But my internet stopped working but dongle was connected fine.
Here is Malwarebytes scan
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.10.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19048
pc :: RAPER [administrator]
Protection: Enabled
1/10/2012 8:00:58 PM
mbam-log-2012-01-10 (20-00-58).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246819
Time elapsed: 3 hour(s), 4 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\$RECYCLE.BIN\S-1-5-21-2548725397-2496849373-359535291-1001\$RTQG64R\rkfree.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.
C:\Users\pc\Documents\Downloads\rkfree_setup.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.
(end)
-
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by pc at 14:01:48 on 2012-01-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.940 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Users\pc\AppData\Local\MOZILL~1\firefox.exe
C:\Users\pc\AppData\Local\MOZILL~1\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Flash Catcher: {3af255c7-8742-4b96-8971-1268eee04974} - c:\program files\online games downloader\SWFCatcher.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [O2Start] c:\program files\o2cm-ce\o2 connection manager\tscui.exe /s
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
LSP: c:\program files\flash recorder\mfnsp32.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{6623CB66-7996-4B51-9686-52F1C8139E98} : NameServer = 82.132.254.2 82.132.254.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pc\appdata\roaming\mozilla\firefox\profiles\lso94mm2.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\pc\appdata\roaming\mozilla\firefox\profiles\lso94mm2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl6a52ccd2;MpKsl6a52ccd2;c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\MpKsl6a52ccd2.sys [2012-1-11 29904]
R1 RemoveAny;RemoveAny driver;c:\windows\system32\drivers\RemoveAny.sys [2011-11-24 15096]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-20 176128]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\advanced system optimizer 3\ASO3DefragSrv.exe [2011-12-16 238824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-3 652872]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-3 20464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 ADASPROT;SYSTWEAKASO;c:\program files\advanced system optimizer 3\adasprot32.sys [2011-12-16 6656]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2008-6-3 3695104]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-7 7168]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-4-28 729728]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2007-6-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2007-6-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2007-6-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2011-6-3 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2011-6-3 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2011-6-3 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2011-6-3 97704]
.
=============== File Associations ===============
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
=============== Created Last 30 ================
.
2012-01-11 10:20:50 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\MpKsl6a52ccd2.sys
2012-01-11 10:19:45 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\offreg.dll
2012-01-11 04:36:38 703824 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{59d2d06f-8485-49fb-bb2c-e5f66b99e440}\gapaengine.dll
2012-01-11 04:35:47 6823496 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a2c41244-f649-4d14-a805-f551705527cd}\mpengine.dll
2012-01-11 04:28:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-10 13:22:35 -------- d-----w- c:\program files\HeavenWard
2012-01-10 12:34:15 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2012-01-10 12:34:14 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2012-01-10 12:34:13 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2012-01-10 12:34:13 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-01-10 12:34:13 132880 ----a-w- c:\windows\system32\MSINET.OCX
2012-01-10 12:34:12 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2012-01-10 12:34:12 3584 ----a-w- c:\program files\common files\microsoft shared\dao\comcat.dll
2012-01-10 12:34:12 1338880 ----a-w- c:\program files\common files\microsoft shared\dao\shdocvw.dll
2012-01-10 04:27:18 -------- d-----w- c:\users\pc\appdata\local\temp
2012-01-10 04:15:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-10 03:52:38 98816 ----a-w- c:\windows\sed.exe
2012-01-10 03:52:38 518144 ----a-w- c:\windows\SWREG.exe
2012-01-10 03:52:38 256000 ----a-w- c:\windows\PEV.exe
2012-01-10 03:52:38 208896 ----a-w- c:\windows\MBR.exe
2012-01-10 03:52:27 -------- d-----w- C:\ComboFix
2012-01-07 21:38:32 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-07 21:32:11 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-07 21:32:09 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-07 21:32:09 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-07 21:31:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-07 21:31:14 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-07 21:31:13 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-07 21:31:13 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-07 21:31:13 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-07 21:31:13 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-07 21:31:12 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-07 21:06:09 797184 ----a-w- c:\windows\system32\FntCache.dll
2012-01-07 21:05:43 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-07 21:05:43 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-07 21:05:36 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:05:35 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-07 21:05:35 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:05:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:05:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:05:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-07 21:05:34 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-07 21:05:32 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
2012-01-07 21:04:51 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-01-07 21:04:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 21:04:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-07 01:09:51 -------- d-----w- C:\$AVG
2012-01-07 01:09:35 -------- d---a-w- c:\programdata\rkfree
2012-01-07 01:06:33 -------- d-----w- c:\users\pc\appdata\roaming\GetRightToGo
2012-01-04 23:42:56 -------- d--h--w- c:\program files\Temp
2012-01-03 12:34:15 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-01-03 12:34:15 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-01-03 12:34:15 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-01-03 12:34:15 103680 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-01-03 12:34:15 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-01-03 12:34:15 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-01-02 21:13:09 -------- d-----w- c:\users\pc\appdata\roaming\AVG
2012-01-01 22:07:34 -------- d-----w- c:\users\pc\appdata\roaming\PeerNetworking
2012-01-01 07:38:04 707584 ----a-w- c:\program files\common files\system\wab32.dll
2012-01-01 07:37:36 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-01 07:36:54 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 07:36:49 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-01-01 07:36:37 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-01-01 07:36:32 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-01 07:33:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-01-01 07:33:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-01-01 07:33:59 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-01-01 07:33:58 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-01 07:33:32 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-01-01 07:33:32 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-01-01 07:33:29 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-01 07:33:28 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-01 07:33:25 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-01 07:33:25 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-01 07:33:24 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-01 07:33:24 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-01 07:32:32 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-01 07:32:32 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-29 07:49:06 -------- d-----w- c:\users\pc\appdata\roaming\AVG2012
2011-12-29 07:46:00 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-29 07:46:00 -------- d-----w- c:\programdata\AVG2012
2011-12-29 07:42:58 -------- d-----w- c:\program files\AVG
2011-12-22 19:12:55 -------- d-----w- c:\users\pc\appdata\local\Conduit
2011-12-22 11:31:58 -------- d-----w- c:\users\pc\appdata\roaming\QuickScan
2011-12-22 06:58:54 -------- d-----w- c:\users\pc\appdata\roaming\CheckPoint
2011-12-22 06:55:20 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-22 06:47:21 -------- d-----w- c:\program files\CheckPoint
2011-12-22 06:43:10 83096 ----a-w- c:\windows\system32\SSSensor.dll
2011-12-22 06:42:03 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-12-22 06:12:15 -------- d-----w- c:\windows\system32\eu-ES
2011-12-22 06:12:15 -------- d-----w- c:\windows\system32\ca-ES
2011-12-22 06:12:14 -------- d-----w- c:\windows\system32\vi-VN
2011-12-22 05:51:11 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 05:48:59 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2011-12-22 05:47:59 1382912 ----a-w- c:\windows\system32\WMVSDECD.DLL
2011-12-22 05:46:59 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2011-12-22 05:12:08 -------- d-----w- c:\users\pc\appdata\local\ElevatedDiagnostics
2011-12-21 21:59:16 107336 ----a-w- c:\windows\system32\drivers\bknqRDNT.sys
2011-12-21 21:31:47 -------- d-----w- c:\users\pc\appdata\roaming\DriverCure
2011-12-21 21:31:45 -------- d-----w- c:\users\pc\appdata\roaming\SpeedyPC Software
2011-12-21 15:10:06 -------- d-----w- c:\users\pc\appdata\local\Mozilla Firefox
2011-12-20 21:41:07 -------- d-----w- c:\users\pc\appdata\roaming\Online Games Downloader
2011-12-20 21:41:06 -------- d-----w- c:\program files\Online Games Downloader
2011-12-20 21:26:48 79836 ----a-w- c:\windows\system32\fruninst.exe
2011-12-20 21:14:56 -------- d-----w- c:\users\pc\appdata\local\Adobe
2011-12-20 14:14:37 6823496 ------w- c:\programdata\microsoft\windows defender\definition updates\{bd68bd2a-a663-4359-9a53-f61822a1456f}\mpengine.dll
2011-12-20 14:12:43 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-20 14:12:43 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-20 14:08:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-20 14:08:49 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-20 14:08:34 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 14:08:34 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 14:08:34 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 14:08:30 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-20 14:07:41 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-12-20 14:07:24 276992 ----a-w- c:\windows\system32\schannel.dll
2011-12-18 16:02:09 -------- d-----w- c:\users\pc\appdata\local\Microsoft Games
2011-12-17 15:36:38 -------- d-----w- c:\program files\common files\Steam
2011-12-17 15:34:59 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2011-12-17 12:18:28 -------- d-----w- c:\programdata\Systweak
2011-12-16 22:21:13 1816 ----a-w- c:\windows\system32\ASOROSet.bin
2011-12-16 22:21:13 15080 ----a-w- c:\windows\system32\ROBoot.exe
2011-12-16 22:14:22 -------- d-----w- c:\windows\Repair
2011-12-16 22:14:21 -------- d-----w- c:\users\pc\appdata\roaming\Systweak
2011-12-16 22:13:59 17136 ----a-w- c:\windows\system32\sasnative32.exe
2011-12-16 22:13:47 -------- d-----w- c:\program files\Advanced System Optimizer 3
2011-12-16 22:10:12 -------- d-----w- c:\users\pc\appdata\roaming\uTorrent
2011-12-16 22:10:12 -------- d-----w- c:\users\pc\appdata\local\uTorrent
2011-12-16 20:47:56 -------- d-----w- c:\program files\VideoLAN
2011-12-16 20:37:38 -------- d-----w- c:\users\pc\appdata\roaming\Malwarebytes
.
==================== Find3M ====================
.
2012-01-10 05:05:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 23:42:58 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 01:58:12 15096 ----a-w- c:\windows\system32\drivers\RemoveAny.sys
.
============= FINISH: 14:04:11.99 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2011 11:52:06 AM
System Uptime: 1/11/2012 10:58:49 AM (4 hours ago)
.
Motherboard: PACKARD BELL BV | |
Processor: Intel(R) Celeron(R) D CPU 3.33GHz | CPU 1 | 3322/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 49.595 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 11.294 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (CDFS)
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Generic Bluetooth Radio
Device ID: USB\VID_0A12&PID_0001\5&3AC7D04D&0&2
Manufacturer: Cambridge Silicon Radio Ltd.
Name: Generic Bluetooth Radio
PNP Device ID: USB\VID_0A12&PID_0001\5&3AC7D04D&0&2
Service: BTHUSB
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Acronis True Image Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1)
Advanced System Optimizer
Age of Empires III
AVG 2012
Command & Conquer Red Alert 2
DVD Flick 1.3.0.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 8.0 (x86 en-US)
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
O2 Connection Manager
Online Games Downloader v2.0
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
VirtualDJ Home FREE
VLC media player 1.1.11
Westwood Shared Internet Components
WinRAR 4.01 (32-bit)
ZTE_MF627_USB_MODEM_1.2059.0.4
.
==== Event Viewer Messages From Past Week ========
.
1/9/2012 1:45:33 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
1/6/2012 4:09:57 PM, Error: EventLog [6008] - The previous system shutdown at 4:04:14 PM on 1/6/2012 was unexpected.
1/5/2012 6:26:14 PM, Error: Application Popup [1801] - The hardware has reported an uncorrectable memory error.
1/4/2012 4:40:46 PM, Error: EventLog [6008] - The previous system shutdown at 12:52:06 AM on 1/4/2012 was unexpected.
1/11/2012 4:30:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80248014 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/11/2012 2:58:46 AM, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the path specified.
1/11/2012 2:47:31 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
1/11/2012 2:37:38 AM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80092003 Error description: An error occurred while reading or writing to a file. Signatures loading: Backup Loading signature version: 1.107.834.0 Loading engine version: 1.1.7000.0
1/11/2012 2:34:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswFW aswNdis aswNdis2 aswRdr aswSnx aswSP aswTdi
1/11/2012 2:34:28 AM, Error: Service Control Manager [7001] - The avast! Antivirus service depends on the aswMonFlt service which failed to start because of the following error: The system cannot find the file specified.
1/11/2012 2:34:28 AM, Error: Service Control Manager [7000] - The aswMonFlt service failed to start due to the following error: The system cannot find the file specified.
1/11/2012 2:34:28 AM, Error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the file specified.
1/11/2012 12:21:42 AM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
1/11/2012 10:19:26 AM, Error: atikmdag [43038] -
1/11/2012 10:18:11 AM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
1/11/2012 1:53:22 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6623CB66-7996-4B51-9686-52F1C8139E98} because another computer on the network has the same name. The server could not start.
1/11/2012 1:52:26 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
1/11/2012 1:07:23 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
1/10/2012 4:19:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/10/2012 4:12:02 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
-
But my internet stopped working
Is your internet connection working now?
You have two Anti-virus programs running on your computer; Microsoft Security Essentials and AVG Anti-Virus Free Edition. One will have to be disabled or uninstalled. Running more than one AV program a computer can cause all sorts of problems. I would recommend removing AVG.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here (http://www.softpedia.com/get/Others/Signatures-Updates/SUPERAntiSpyware-Database-Definitions-Updates.shtml)
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
The internet started to work again.I found 3 programs in avg on the allow list and removed them now it works i can only remember one of them it was called IEXPLORER.EXE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/11/2012 at 11:18 PM
Application Version : 5.0.1142
Core Rules Database Version : 8124
Trace Rules Database Version: 5936
Scan type : Complete Scan
Total Scan Time : 00:38:22
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 531
Memory threats detected : 0
Registry items scanned : 35216
Registry threats detected : 0
File items scanned : 25970
File threats detected : 2
Adware.Tracking Cookie
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
cloud.video.unrulymedia.com [ C:\USERS\PC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5DKY9V5J ]
-
The internet started to work again.I found 3 programs in avg on the allow list and removed them now it works i can only remember one of them it was called IEXPLORER.EXE
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/11/2012 at 11:18 PM
Application Version : 5.0.1142
Core Rules Database Version : 8124
Trace Rules Database Version: 5936
Scan type : Complete Scan
Total Scan Time : 00:38:22
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 531
Memory threats detected : 0
Registry items scanned : 35216
Registry threats detected : 0
File items scanned : 25970
File threats detected : 2
Adware.Tracking Cookie
C:\Users\pc\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /avgtechnologies.112.2o7 ]
cloud.video.unrulymedia.com [ C:\USERS\PC\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5DKY9V5J ]
i will run combofix tomorrow morning
-
ComboFix 12-01-12.04 - pc 01/12/2012 19:43:38.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1791.1228 [GMT 0:00]
Running from: c:\users\pc\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Recent\hacker9.URL
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-12 to 2012-01-12 )))))))))))))))))))))))))))))))
.
.
2012-01-12 19:56 . 2012-01-12 19:57 -------- d-----w- c:\users\pc\AppData\Local\temp
2012-01-12 19:56 . 2012-01-12 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 12:08 . 2012-01-12 12:08 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11FC4154-309B-4242-AC50-A5F8DCC3BCC4}\MpKslf7208f11.sys
2012-01-12 12:08 . 2012-01-12 12:08 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11FC4154-309B-4242-AC50-A5F8DCC3BCC4}\offreg.dll
2012-01-12 00:19 . 2011-11-30 02:21 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{11FC4154-309B-4242-AC50-A5F8DCC3BCC4}\mpengine.dll
2012-01-11 22:37 . 2012-01-11 22:37 -------- d-----w- c:\users\pc\AppData\Roaming\SUPERAntiSpyware.com
2012-01-11 22:30 . 2012-01-11 22:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-11 22:30 . 2012-01-11 22:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-11 22:09 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D6B9622-F461-4008-8051-7564086F4E38}\mpengine.dll
2012-01-11 19:04 . 2012-01-11 19:04 -------- d-----w- c:\program files\Xeus Technologies
2012-01-11 04:36 . 2011-10-04 17:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59D2D06F-8485-49FB-BB2C-E5F66B99E440}\gapaengine.dll
2012-01-11 04:28 . 2012-01-11 04:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-11 02:22 . 2012-01-11 03:29 -------- d-----w- c:\users\test
2012-01-11 02:13 . 2012-01-11 03:29 -------- d-----w- c:\users\Guest
2012-01-10 12:34 . 2000-04-03 23:05 118784 ----a-w- c:\windows\system32\msstdfmt.dll
2012-01-10 12:34 . 2001-10-04 13:14 184320 ----a-w- c:\windows\system32\wzcsvc.dll
2012-01-10 12:34 . 2004-03-09 13:00 132880 ----a-w- c:\windows\system32\MSINET.OCX
2012-01-10 12:34 . 2000-10-10 09:01 198656 ----a-w- c:\windows\system32\comdlg32.ocx
2012-01-10 12:34 . 1998-06-24 13:00 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2012-01-10 12:34 . 2001-10-04 14:13 3584 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\comcat.dll
2012-01-10 12:34 . 2001-10-04 13:16 1338880 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\shdocvw.dll
2012-01-10 12:34 . 1999-06-10 23:34 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-01-07 21:38 . 2012-01-07 21:38 -------- d-----w- c:\program files\Windows Portable Devices
2012-01-07 21:32 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-01-07 21:32 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-01-07 21:32 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-01-07 21:31 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-01-07 21:31 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-01-07 21:31 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-01-07 21:31 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-01-07 21:31 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-01-07 21:31 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-01-07 21:31 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-01-07 21:30 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2012-01-07 21:30 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2012-01-07 21:30 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2012-01-07 21:30 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2012-01-07 21:30 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2012-01-07 21:30 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2012-01-07 21:30 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2012-01-07 21:30 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2012-01-07 21:30 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2012-01-07 21:30 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2012-01-07 21:30 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2012-01-07 21:30 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2012-01-07 21:05 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2012-01-07 21:05 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-01-07 21:05 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-01-07 21:05 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-01-07 21:05 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-01-07 21:05 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2012-01-07 21:05 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-01-07 21:05 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2012-01-07 21:05 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-01-07 21:04 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2012-01-07 21:04 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-01-07 21:04 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-01-07 01:09 . 2012-01-07 01:09 -------- d---a-w- c:\programdata\rkfree
2012-01-07 01:06 . 2012-01-07 01:09 -------- d-----w- c:\users\pc\AppData\Roaming\GetRightToGo
2012-01-04 23:42 . 2012-01-04 23:43 -------- d--h--w- c:\program files\Temp
2012-01-03 12:34 . 2009-10-07 12:01 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-01-03 12:34 . 2009-10-07 12:01 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-01-03 12:34 . 2009-10-07 12:01 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2012-01-03 12:34 . 2009-08-25 17:03 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-01-03 12:34 . 2009-08-25 17:03 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-01-03 12:34 . 2009-08-25 17:03 103680 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2012-01-02 21:13 . 2012-01-02 21:17 -------- d-----w- c:\users\pc\AppData\Roaming\AVG
2012-01-01 22:07 . 2012-01-01 22:07 -------- d-----w- c:\users\pc\AppData\Roaming\PeerNetworking
2012-01-01 07:38 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-01-01 07:37 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-01 07:36 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-01-01 07:36 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2012-01-01 07:36 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-01-01 07:36 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-01-01 07:33 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2012-01-01 07:33 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2012-01-01 07:33 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2012-01-01 07:33 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2012-01-01 07:33 . 2011-04-21 13:55 508416 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-01-01 07:33 . 2009-06-17 13:23 30208 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-01-01 07:33 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-01-01 07:33 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-01-01 07:33 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-01-01 07:33 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-01-01 07:33 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-01-01 07:33 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-01-01 07:32 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-01 07:32 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-29 07:46 . 2012-01-11 22:06 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-29 07:42 . 2012-01-02 21:19 -------- d-----w- c:\program files\AVG
2011-12-22 19:12 . 2012-01-04 20:59 -------- d-----w- c:\users\pc\AppData\Local\Conduit
2011-12-22 11:31 . 2012-01-11 04:22 -------- d-----w- c:\users\pc\AppData\Roaming\QuickScan
2011-12-22 06:58 . 2011-12-22 06:58 -------- d-----w- c:\users\pc\AppData\Roaming\CheckPoint
2011-12-22 06:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-22 06:47 . 2012-01-04 21:02 -------- d-----w- c:\program files\CheckPoint
2011-12-22 06:43 . 2004-10-15 18:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2011-12-22 06:42 . 2011-12-22 06:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-22 06:12 . 2011-12-22 06:12 -------- d-----w- c:\windows\system32\ca-ES
2011-12-22 06:12 . 2011-12-22 06:12 -------- d-----w- c:\windows\system32\eu-ES
2011-12-22 06:12 . 2011-12-22 06:12 -------- d-----w- c:\windows\system32\vi-VN
2011-12-22 05:51 . 2011-12-22 05:51 -------- d-----w- c:\windows\system32\EventProviders
2011-12-22 05:48 . 2009-04-11 06:28 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2011-12-22 05:47 . 2009-04-11 06:28 1382912 ----a-w- c:\windows\system32\WMVSDECD.DLL
2011-12-22 05:46 . 2009-04-11 06:28 19968 ----a-w- c:\windows\system32\winrnr.dll
2011-12-22 05:12 . 2012-01-01 06:17 -------- d-----w- c:\users\pc\AppData\Local\ElevatedDiagnostics
2011-12-21 21:59 . 2011-12-21 21:59 107336 ----a-w- c:\windows\system32\drivers\bknqRDNT.sys
2011-12-21 21:31 . 2011-12-21 21:31 -------- d-----w- c:\users\pc\AppData\Roaming\DriverCure
2011-12-21 21:31 . 2011-12-21 21:31 -------- d-----w- c:\users\pc\AppData\Roaming\SpeedyPC Software
2011-12-21 15:10 . 2012-01-11 04:00 -------- d-----w- c:\users\pc\AppData\Local\Mozilla Firefox
2011-12-20 21:41 . 2011-12-20 21:41 -------- d-----w- c:\users\pc\AppData\Roaming\Online Games Downloader
2011-12-20 21:41 . 2011-12-20 21:41 -------- d-----w- c:\program files\Online Games Downloader
2011-12-20 21:26 . 2011-12-20 21:26 79836 ----a-w- c:\windows\system32\fruninst.exe
2011-12-20 21:14 . 2011-12-20 21:14 -------- d-----w- c:\users\pc\AppData\Local\Adobe
2011-12-20 14:12 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-12-20 14:12 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-12-20 14:08 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-20 14:08 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-12-20 14:08 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-12-20 14:08 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-12-20 14:08 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-20 14:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-12-20 14:07 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-12-20 14:07 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-12-18 16:02 . 2011-12-18 16:02 -------- d-----w- c:\users\pc\AppData\Local\Microsoft Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 05:05 . 2011-04-26 13:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 23:42 . 2011-04-26 13:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-12-10 15:24 . 2011-07-03 17:34 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 06:53 . 2011-12-16 20:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AF255C7-8742-4B96-8971-1268EEE04974}]
2010-11-12 17:32 1368480 ----a-w- c:\program files\Online Games Downloader\SWFCatcher.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-05-21 2605192]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-05-21 362392]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2009-10-20 2998272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2548725397-2496849373-359535291-1001]
"EnableNotificationsRef"=dword:00000003
.
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [2010-01-30 6656]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLF7208F11
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\Flash Recorder\mfnsp32.dll
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lso94mm2.default\
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-12 19:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-12 20:06:45
ComboFix-quarantined-files.txt 2012-01-12 20:06
ComboFix2.txt 2012-01-10 04:27
.
Pre-Run: 52,639,502,336 bytes free
Post-Run: 52,671,492,096 bytes free
.
- - End Of File - - E00B05629C3873EA22A9AD30C1C6E26B
-
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
I cannot run SysProt Antirootkit i get not responding.Then when it tells me to end process it does not end it it is still in task manager running and will not let me stop the process
-
Hi when i rebooted my pc after sysprot.exe failed my system would not shut down the screen just whent of and the computer was still running.When i got it back on the system installed a unknown driver.
-
Please try this one instead.
Please download RootRepeal from GooglePages.com (http://rootrepeal.googlepages.com/RootRepeal.zip).- Extract the program file to your Desktop.
- Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
(http://i39.tinypic.com/nclahc.gif)
- Select ALL of the checkboxes and then click OK and it will start scanning your system.
(http://i39.tinypic.com/2j5lb6.gif)
- If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
- When done, click on Save Report
- Save it to the Desktop.
- Please copy/paste the contents of the report in your next reply.
Please remove any e-mail address in the RootRepeal report (if present).
-
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2012/01/13 21:24
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x87246000 Size: 286720 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x82010000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x87B91000 Size: 294912 File Visible: - Signed: -
Status: -
Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0x9C1F0000 Size: 36864 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x87351000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x87359000 Size: 122880 File Visible: - Signed: -
Status: -
Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8C004000 Size: 5320704 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x87ABF000 Size: 28672 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x87094000 Size: 32768 File Visible: - Signed: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x932B0000 Size: 102400 File Visible: - Signed: -
Status: -
Name: BthEnum.sys
Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys
Address: 0x9319C000 Size: 40960 File Visible: - Signed: -
Status: -
Name: bthmodem.sys
Image Path: C:\Windows\system32\DRIVERS\bthmodem.sys
Address: 0x931C0000 Size: 61440 File Visible: - Signed: -
Status: -
Name: bthpan.sys
Image Path: C:\Windows\system32\DRIVERS\bthpan.sys
Address: 0x931A6000 Size: 106496 File Visible: - Signed: -
Status: -
Name: bthport.sys
Image Path: C:\Windows\System32\Drivers\bthport.sys
Address: 0x9300F000 Size: 524288 File Visible: - Signed: -
Status: -
Name: BTHUSB.sys
Image Path: C:\Windows\System32\Drivers\BTHUSB.sys
Address: 0x93002000 Size: 53248 File Visible: - Signed: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x99730000 Size: 57344 File Visible: - Signed: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9336F000 Size: 90112 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8C61A000 Size: 98304 File Visible: - Signed: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x870DD000 Size: 917504 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x879C8000 Size: 135168 File Visible: - Signed: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8709C000 Size: 266240 File Visible: - Signed: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x9311F000 Size: 53248 File Visible: - Signed: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x879E9000 Size: 36864 File Visible: - Signed: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x877E4000 Size: 94208 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x879B7000 Size: 69632 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8C68E000 Size: 151552 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x93137000 Size: 32768 File Visible: No Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x9312C000 Size: 45056 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x9313F000 Size: 40960 File Visible: - Signed: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8C517000 Size: 655360 File Visible: - Signed: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x87990000 Size: 159744 File Visible: - Signed: -
Status: -
Name: ewusbmdm.sys
Image Path: C:\Windows\system32\DRIVERS\ewusbmdm.sys
Address: 0x930D0000 Size: 102912 File Visible: - Signed: -
Status: -
Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x930F7000 Size: 163840 File Visible: - Signed: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x873A9000 Size: 65536 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x87377000 Size: 204800 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x87AAF000 Size: 36864 File Visible: - Signed: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x876D7000 Size: 110592 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x823BB000 Size: 208896 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x930A1000 Size: 65536 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x87ACF000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x93098000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x93226000 Size: 446464 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8C632000 Size: 77824 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x87A26000 Size: 61440 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8C645000 Size: 45056 File Visible: - Signed: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8700C000 Size: 28672 File Visible: - Signed: -
Status: -
Name: KMWDFILTER.sys
Image Path: C:\Windows\system32\DRIVERS\KMWDFILTER.sys
Address: 0x9308F000 Size: 36864 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\drivers\ks.sys
Address: 0x8C6B3000 Size: 172032 File Visible: - Signed: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x87408000 Size: 462848 File Visible: - Signed: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x931CF000 Size: 65536 File Visible: - Signed: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x93158000 Size: 110592 File Visible: - Signed: -
Status: -
Name: mbam.sys
Image Path: C:\Windows\system32\drivers\mbam.sys
Address: 0x9C1F9000 Size: 14208 File Visible: - Signed: -
Status: -
Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x87013000 Size: 458752 File Visible: - Signed: -
Status: -
Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x930EA000 Size: 53248 File Visible: - Signed: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x93149000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8C7E5000 Size: 45056 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x930C8000 Size: 32768 File Visible: - Signed: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x87341000 Size: 65536 File Visible: - Signed: -
Status: -
Name: MpFilter.sys
Image Path: C:\Windows\system32\DRIVERS\MpFilter.sys
Address: 0x87A88000 Size: 157696 File Visible: - Signed: -
Status: -
Name: MpKsl82735674.sys
Image Path: c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{518B698C-05EE-4973-8D0A-57EC9CC16D75}\MpKsl82735674.sys
Address: 0x9C1EA000 Size: 23936 File Visible: - Signed: -
Status: -
Name: MpNWMon.sys
Image Path: C:\Windows\system32\DRIVERS\MpNWMon.sys
Address: 0x9C1D1000 Size: 37376 File Visible: - Signed: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x932C9000 Size: 86016 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x932DE000 Size: 135168 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x932FF000 Size: 126976 File Visible: - Signed: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9331E000 Size: 233472 File Visible: - Signed: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x93357000 Size: 98304 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x87B13000 Size: 45056 File Visible: - Signed: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x87295000 Size: 32768 File Visible: - Signed: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8C6DD000 Size: 192512 File Visible: - Signed: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x87584000 Size: 176128 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8C7F0000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x87981000 Size: 61440 File Visible: - Signed: -
Status: -
Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x87479000 Size: 1093632 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8C76F000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x93209000 Size: 40960 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8C77A000 Size: 143360 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x87A77000 Size: 69632 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x87782000 Size: 57344 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x87B5F000 Size: 204800 File Visible: - Signed: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x875AF000 Size: 241664 File Visible: - Signed: -
Status: -
Name: NisDrvWFP.sys
Image Path: C:\Windows\system32\DRIVERS\NisDrvWFP.sys
Address: 0x9C1DB000 Size: 59008 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x87B1E000 Size: 57344 File Visible: - Signed: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x877DA000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87808000 Size: 1114112 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\Windows\system32\ntoskrnl.exe
Address: 0x82010000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x87AB8000 Size: 28672 File Visible: - Signed: -
Status: -
Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x931DF000 Size: 172032 File Visible: - Signed: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x87BE2000 Size: 90112 File Visible: - Signed: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x872C4000 Size: 61440 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x8729D000 Size: 159744 File Visible: - Signed: -
Status: -
Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x8732C000 Size: 28672 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x87333000 Size: 57344 File Visible: - Signed: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9C0B6000 Size: 909312 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x82010000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8C661000 Size: 184320 File Visible: - Signed: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x87083000 Size: 69632 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x87B2C000 Size: 36864 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8C758000 Size: 94208 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8C79D000 Size: 61440 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8C7AC000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8C7C0000 Size: 86016 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x82010000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x873B9000 Size: 245760 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x87B03000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x87B0B000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rfcomm.sys
Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys
Address: 0x93173000 Size: 167936 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9C211000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x93213000 Size: 77824 File Visible: - Signed: -
Status: -
Name: RTKVAC.SYS
Image Path: C:\Windows\system32\drivers\RTKVAC.SYS
Address: 0x8C800000 Size: 4166144 File Visible: - Signed: -
Status: -
Name: Rtnicxp.sys
Image Path: C:\Windows\system32\DRIVERS\Rtnicxp.sys
Address: 0x8C650000 Size: 69632 File Visible: - Signed: -
Status: -
Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x8C7FA000 Size: 24576 File Visible: - Signed: -
Status: -
Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0x877A3000 Size: 139264 File Visible: - Signed: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9C194000 Size: 40960 File Visible: - Signed: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x87B4B000 Size: 81920 File Visible: - Signed: -
Status: -
Name: snapman.sys
Image Path: C:\Windows\system32\DRIVERS\snapman.sys
Address: 0x87959000 Size: 162592 File Visible: - Signed: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x87951000 Size: 32768 File Visible: - Signed: -
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x9C006000 Size: 720896 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x933AD000 Size: 323584 File Visible: - Signed: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x93385000 Size: 163840 File Visible: - Signed: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x93293000 Size: 118784 File Visible: - Signed: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8C70C000 Size: 266240 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8CBFA000 Size: 4992 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x875EA000 Size: 970752 File Visible: - Signed: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9C19E000 Size: 49152 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8C74D000 Size: 45056 File Visible: - Signed: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x87B35000 Size: 90112 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8C7D5000 Size: 65536 File Visible: - Signed: -
Status: -
Name: timntr.sys
Image Path: C:\Windows\system32\DRIVERS\timntr.sys
Address: 0x876F2000 Size: 587456 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x99710000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x87A1D000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x87A12000 Size: 45056 File Visible: - Signed: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x87A35000 Size: 53248 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x930B1000 Size: 94208 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CBFC000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8C60B000 Size: 61440 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x87A42000 Size: 217088 File Visible: - Signed: -
Status: -
Name: usbohci.sys
Image Path: C:\Windows\system32\DRIVERS\usbohci.sys
Address: 0x8C5C3000 Size: 40960 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8C5CD000 Size: 253952 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x877C5000 Size: 86016 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x87AD6000 Size: 49152 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x87AE2000 Size: 135168 File Visible: - Signed: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x872D3000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x872E2000 Size: 303104 File Visible: - Signed: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87918000 Size: 233472 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x87790000 Size: 77824 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8C5B7000 Size: 49152 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x871BD000 Size: 507904 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x87239000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x994F0000 Size: 2113536 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x994F0000 Size: 2113536 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x8728C000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x82010000 Size: 3846144 File Visible: - Signed: -
Status: -
Name: ws2ifsl.sys
Image Path: C:\Windows\system32\drivers\ws2ifsl.sys
Address: 0x87BD9000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9C1BF000 Size: 73728 File Visible: - Signed: -
Status: -
Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9C1AA000 Size: 83328 File Visible: - Signed: -
Status: -
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2012/01/13 21:21
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Path: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PID: 348 Status: -
Path: C:\Windows\System32\smss.exe
PID: 476 Status: -
Path: C:\Windows\System32\dwm.exe
PID: 500 Status: -
Path: C:\Windows\explorer.exe
PID: 580 Status: -
Path: C:\Windows\System32\spoolsv.exe
PID: 744 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 752 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 776 Status: -
Path: C:\Windows\System32\wininit.exe
PID: 824 Status: -
Path: C:\Windows\System32\csrss.exe
PID: 848 Status: -
Path: C:\Windows\System32\winlogon.exe
PID: 876 Status: -
Path: C:\Windows\System32\services.exe
PID: 924 Status: -
Path: C:\Windows\System32\lsass.exe
PID: 940 Status: -
Path: C:\Windows\System32\lsm.exe
PID: 948 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 996 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1104 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1168 Status: -
Path: C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PID: 1236 Status: -
Path: C:\Windows\System32\atiesrxx.exe
PID: 1384 Status: -
Path: C:\Windows\System32\Ati2evxx.exe
PID: 1404 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1432 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1464 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1476 Status: -
Path: C:\Windows\System32\audiodg.exe
PID: 1580 Status: Locked to the Windows API!
Path: C:\Windows\System32\svchost.exe
PID: 1612 Status: -
Path: C:\Windows\System32\SLsvc.exe
PID: 1632 Status: -
Path: C:\Windows\System32\Ati2evxx.exe
PID: 1696 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1848 Status: -
Path: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PID: 1892 Status: -
Path: C:\Program Files\SUPERAntiSpyware\SASCore.exe
PID: 1912 Status: -
Path: C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PID: 1948 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 1984 Status: -
Path: C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PID: 2068 Status: -
Path: C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
PID: 2084 Status: -
Path: C:\Windows\SOUNDMAN.EXE
PID: 2092 Status: -
Path: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PID: 2100 Status: -
Path: C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
PID: 2120 Status: -
Path: C:\Program Files\Microsoft Security Client\msseces.exe
PID: 2132 Status: -
Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PID: 2148 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 2176 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 2236 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 2276 Status: -
Path: C:\Windows\System32\WUDFHost.exe
PID: 2528 Status: -
Path: C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PID: 3388 Status: -
Path: C:\Windows\System32\svchost.exe
PID: 3676 Status: -
Path: C:\Windows\System32\wuauclt.exe
PID: 3872 Status: -
Path: C:\Windows\System32\taskeng.exe
PID: 3996 Status: -
Path: C:\Program Files\Acronis\TrueImageHome\prl_report.exe
PID: 4476 Status: -
Path: C:\Users\pc\Desktop\RootRepeal.exe
PID: 4948 Status: -
Path: C:\Program Files\Acronis\TrueImageHome\prl_stat.exe
PID: 5756 Status: -
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2012/01/13 21:23
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Shadow SSDT
-------------------
#: 000 Function Name: NtGdiAbortDoc
Status: Not hooked
#: 001 Function Name: NtGdiAbortPath
Status: Not hooked
#: 002 Function Name: NtGdiAddFontResourceW
Status: Not hooked
#: 003 Function Name: NtGdiAddRemoteFontToDC
Status: Not hooked
#: 004 Function Name: NtGdiAddFontMemResourceEx
Status: Not hooked
#: 005 Function Name: NtGdiRemoveMergeFont
Status: Not hooked
#: 006 Function Name: NtGdiAddRemoteMMInstanceToDC
Status: Not hooked
#: 007 Function Name: NtGdiAlphaBlend
Status: Not hooked
#: 008 Function Name: NtGdiAngleArc
Status: Not hooked
#: 009 Function Name: NtGdiAnyLinkedFonts
Status: Not hooked
#: 010 Function Name: NtGdiFontIsLinked
Status: Not hooked
#: 011 Function Name: NtGdiArcInternal
Status: Not hooked
#: 012 Function Name: NtGdiBeginPath
Status: Not hooked
#: 013 Function Name: NtGdiBitBlt
Status: Not hooked
#: 014 Function Name: NtGdiCancelDC
Status: Not hooked
#: 015 Function Name: NtGdiCheckBitmapBits
Status: Not hooked
#: 016 Function Name: NtGdiCloseFigure
Status: Not hooked
#: 017 Function Name: NtGdiClearBitmapAttributes
Status: Not hooked
#: 018 Function Name: NtGdiClearBrushAttributes
Status: Not hooked
#: 019 Function Name: NtGdiColorCorrectPalette
Status: Not hooked
#: 020 Function Name: NtGdiCombineRgn
Status: Not hooked
#: 021 Function Name: NtGdiCombineTransform
Status: Not hooked
#: 022 Function Name: NtGdiComputeXformCoefficients
Status: Not hooked
#: 023 Function Name: NtGdiConfigureOPMProtectedOutput
Status: Not hooked
#: 024 Function Name: NtGdiConsoleTextOut
Status: Not hooked
#: 025 Function Name: NtGdiConvertMetafileRect
Status: Not hooked
#: 026 Function Name: NtGdiCreateBitmap
Status: Not hooked
#: 027 Function Name: NtGdiCreateClientObj
Status: Not hooked
#: 028 Function Name: NtGdiCreateColorSpace
Status: Not hooked
#: 029 Function Name: NtGdiCreateColorTransform
Status: Not hooked
#: 030 Function Name: NtGdiCreateCompatibleBitmap
Status: Not hooked
#: 031 Function Name: NtGdiCreateCompatibleDC
Status: Not hooked
#: 032 Function Name: NtGdiCreateDIBBrush
Status: Not hooked
#: 033 Function Name: NtGdiCreateDIBitmapInternal
Status: Not hooked
#: 034 Function Name: NtGdiCreateDIBSection
Status: Not hooked
#: 035 Function Name: NtGdiCreateEllipticRgn
Status: Not hooked
#: 036 Function Name: NtGdiCreateHalftonePalette
Status: Not hooked
#: 037 Function Name: NtGdiCreateHatchBrushInternal
Status: Not hooked
#: 038 Function Name: NtGdiCreateMetafileDC
Status: Not hooked
#: 039 Function Name: NtGdiCreateOPMProtectedOutputs
Status: Not hooked
#: 040 Function Name: NtGdiCreatePaletteInternal
Status: Not hooked
#: 041 Function Name: NtGdiCreatePatternBrushInternal
Status: Not hooked
#: 042 Function Name: NtGdiCreatePen
Status: Not hooked
#: 043 Function Name: NtGdiCreateRectRgn
Status: Not hooked
#: 044 Function Name: NtGdiCreateRoundRectRgn
Status: Not hooked
#: 045 Function Name: NtGdiCreateServerMetaFile
Status: Not hooked
#: 046 Function Name: NtGdiCreateSolidBrush
Status: Not hooked
#: 047 Function Name: NtGdiD3dContextCreate
Status: Not hooked
#: 048 Function Name: NtGdiD3dContextDestroy
Status: Not hooked
#: 049 Function Name: NtGdiD3dContextDestroyAll
Status: Not hooked
#: 050 Function Name: NtGdiD3dValidateTextureStageState
Status: Not hooked
#: 051 Function Name: NtGdiD3dDrawPrimitives2
Status: Not hooked
#: 052 Function Name: NtGdiDdGetDriverState
Status: Not hooked
#: 053 Function Name: NtGdiDdAddAttachedSurface
Status: Not hooked
#: 054 Function Name: NtGdiDdAlphaBlt
Status: Not hooked
#: 055 Function Name: NtGdiDdAttachSurface
Status: Not hooked
#: 056 Function Name: NtGdiDdBeginMoCompFrame
Status: Not hooked
#: 057 Function Name: NtGdiDdBlt
Status: Not hooked
#: 058 Function Name: NtGdiDdCanCreateSurface
Status: Not hooked
#: 059 Function Name: NtGdiDdCanCreateD3DBuffer
Status: Not hooked
#: 060 Function Name: NtGdiDdColorControl
Status: Not hooked
#: 061 Function Name: NtGdiDdCreateDirectDrawObject
Status: Not hooked
#: 062 Function Name: NtGdiDdCreateSurface
Status: Not hooked
#: 063 Function Name: NtGdiDdCreateD3DBuffer
Status: Not hooked
#: 064 Function Name: NtGdiDdCreateMoComp
Status: Not hooked
#: 065 Function Name: NtGdiDdCreateSurfaceObject
Status: Not hooked
#: 066 Function Name: NtGdiDdDeleteDirectDrawObject
Status: Not hooked
#: 067 Function Name: NtGdiDdDeleteSurfaceObject
Status: Not hooked
#: 068 Function Name: NtGdiDdDestroyMoComp
Status: Not hooked
#: 069 Function Name: NtGdiDdDestroySurface
Status: Not hooked
#: 070 Function Name: NtGdiDdDestroyD3DBuffer
Status: Not hooked
#: 071 Function Name: NtGdiDdEndMoCompFrame
Status: Not hooked
#: 072 Function Name: NtGdiDdFlip
Status: Not hooked
#: 073 Function Name: NtGdiDdFlipToGDISurface
Status: Not hooked
#: 074 Function Name: NtGdiDdGetAvailDriverMemory
Status: Not hooked
#: 075 Function Name: NtGdiDdGetBltStatus
Status: Not hooked
#: 076 Function Name: NtGdiDdGetDC
Status: Not hooked
#: 077 Function Name: NtGdiDdGetDriverInfo
Status: Not hooked
#: 078 Function Name: NtGdiDdGetDxHandle
Status: Not hooked
#: 079 Function Name: NtGdiDdGetFlipStatus
Status: Not hooked
#: 080 Function Name: NtGdiDdGetInternalMoCompInfo
Status: Not hooked
#: 081 Function Name: NtGdiDdGetMoCompBuffInfo
Status: Not hooked
#: 082 Function Name: NtGdiDdGetMoCompGuids
Status: Not hooked
#: 083 Function Name: NtGdiDdGetMoCompFormats
Status: Not hooked
#: 084 Function Name: NtGdiDdGetScanLine
Status: Not hooked
#: 085 Function Name: NtGdiDdLock
Status: Not hooked
#: 086 Function Name: NtGdiDdLockD3D
Status: Not hooked
#: 087 Function Name: NtGdiDdQueryDirectDrawObject
Status: Not hooked
#: 088 Function Name: NtGdiDdQueryMoCompStatus
Status: Not hooked
#: 089 Function Name: NtGdiDdReenableDirectDrawObject
Status: Not hooked
#: 090 Function Name: NtGdiDdReleaseDC
Status: Not hooked
#: 091 Function Name: NtGdiDdRenderMoComp
Status: Not hooked
#: 092 Function Name: NtGdiDdResetVisrgn
Status: Not hooked
#: 093 Function Name: NtGdiDdSetColorKey
Status: Not hooked
#: 094 Function Name: NtGdiDdSetExclusiveMode
Status: Not hooked
#: 095 Function Name: NtGdiDdSetGammaRamp
Status: Not hooked
#: 096 Function Name: NtGdiDdCreateSurfaceEx
Status: Not hooked
#: 097 Function Name: NtGdiDdSetOverlayPosition
Status: Not hooked
#: 098 Function Name: NtGdiDdUnattachSurface
Status: Not hooked
#: 099 Function Name: NtGdiDdUnlock
Status: Not hooked
#: 100 Function Name: NtGdiDdUnlockD3D
Status: Not hooked
#: 101 Function Name: NtGdiDdUpdateOverlay
Status: Not hooked
#: 102 Function Name: NtGdiDdWaitForVerticalBlank
Status: Not hooked
#: 103 Function Name: NtGdiDvpCanCreateVideoPort
Status: Not hooked
#: 104 Function Name: NtGdiDvpColorControl
Status: Not hooked
#: 105 Function Name: NtGdiDvpCreateVideoPort
Status: Not hooked
#: 106 Function Name: NtGdiDvpDestroyVideoPort
Status: Not hooked
#: 107 Function Name: NtGdiDvpFlipVideoPort
Status: Not hooked
#: 108 Function Name: NtGdiDvpGetVideoPortBandwidth
Status: Not hooked
#: 109 Function Name: NtGdiDvpGetVideoPortField
Status: Not hooked
#: 110 Function Name: NtGdiDvpGetVideoPortFlipStatus
Status: Not hooked
#: 111 Function Name: NtGdiDvpGetVideoPortInputFormats
Status: Not hooked
#: 112 Function Name: NtGdiDvpGetVideoPortLine
Status: Not hooked
#: 113 Function Name: NtGdiDvpGetVideoPortOutputFormats
Status: Not hooked
#: 114 Function Name: NtGdiDvpGetVideoPortConnectInfo
Status: Not hooked
#: 115 Function Name: NtGdiDvpGetVideoSignalStatus
Status: Not hooked
#: 116 Function Name: NtGdiDvpUpdateVideoPort
Status: Not hooked
#: 117 Function Name: NtGdiDvpWaitForVideoPortSync
Status: Not hooked
#: 118 Function Name: NtGdiDvpAcquireNotification
Status: Not hooked
#: 119 Function Name: NtGdiDvpReleaseNotification
Status: Not hooked
#: 120 Function Name: NtGdiDxgGenericThunk
Status: Not hooked
#: 121 Function Name: NtGdiDeleteClientObj
Status: Not hooked
#: 122 Function Name: NtGdiDeleteColorSpace
Status: Not hooked
#: 123 Function Name: NtGdiDeleteColorTransform
Status: Not hooked
#: 124 Function Name: NtGdiDeleteObjectApp
Status: Not hooked
#: 125 Function Name: NtGdiDescribePixelFormat
Status: Not hooked
#: 126 Function Name: NtGdiDestroyOPMProtectedOutput
Status: Not hooked
#: 127 Function Name: NtGdiGetPerBandInfo
Status: Not hooked
#: 128 Function Name: NtGdiDoBanding
Status: Not hooked
#: 129 Function Name: NtGdiDoPalette
Status: Not hooked
#: 130 Function Name: NtGdiDrawEscape
Status: Not hooked
#: 131 Function Name: NtGdiEllipse
Status: Not hooked
#: 132 Function Name: NtGdiEnableEudc
Status: Not hooked
#: 133 Function Name: NtGdiEndDoc
Status: Not hooked
#: 134 Function Name: NtGdiEndPage
Status: Not hooked
#: 135 Function Name: NtGdiEndPath
Status: Not hooked
#: 136 Function Name: NtGdiEnumFontChunk
Status: Not hooked
#: 137 Function Name: NtGdiEnumFontClose
Status: Not hooked
#: 138 Function Name: NtGdiEnumFontOpen
Status: Not hooked
#: 139 Function Name: NtGdiEnumObjects
Status: Not hooked
#: 140 Function Name: NtGdiEqualRgn
Status: Not hooked
#: 141 Function Name: NtGdiEudcLoadUnloadLink
Status: Not hooked
#: 142 Function Name: NtGdiExcludeClipRect
Status: Not hooked
#: 143 Function Name: NtGdiExtCreatePen
Status: Not hooked
#: 144 Function Name: NtGdiExtCreateRegion
Status: Not hooked
#: 145 Function Name: NtGdiExtEscape
Status: Not hooked
#: 146 Function Name: NtGdiExtFloodFill
Status: Not hooked
#: 147 Function Name: NtGdiExtGetObjectW
Status: Not hooked
#: 148 Function Name: NtGdiExtSelectClipRgn
Status: Not hooked
#: 149 Function Name: NtGdiExtTextOutW
Status: Not hooked
#: 150 Function Name: NtGdiFillPath
Status: Not hooked
#: 151 Function Name: NtGdiFillRgn
Status: Not hooked
#: 152 Function Name: NtGdiFlattenPath
Status: Not hooked
#: 153 Function Name: NtGdiFlush
Status: Not hooked
#: 154 Function Name: NtGdiForceUFIMapping
Status: Not hooked
#: 155 Function Name: NtGdiFrameRgn
Status: Not hooked
#: 156 Function Name: NtGdiFullscreenControl
Status: Not hooked
#: 157 Function Name: NtGdiGetAndSetDCDword
Status: Not hooked
#: 158 Function Name: NtGdiGetAppClipBox
Status: Not hooked
#: 159 Function Name: NtGdiGetBitmapBits
Status: Not hooked
#: 160 Function Name: NtGdiGetBitmapDimension
Status: Not hooked
#: 161 Function Name: NtGdiGetBoundsRect
Status: Not hooked
#: 162 Function Name: NtGdiGetCertificate
Status: Not hooked
#: 163 Function Name: NtGdiGetCertificateSize
Status: Not hooked
#: 164 Function Name: NtGdiGetCharABCWidthsW
Status: Not hooked
#: 165 Function Name: NtGdiGetCharacterPlacementW
Status: Not hooked
#: 166 Function Name: NtGdiGetCharSet
Status: Not hooked
#: 167 Function Name: NtGdiGetCharWidthW
Status: Not hooked
#: 168 Function Name: NtGdiGetCharWidthInfo
Status: Not hooked
#: 169 Function Name: NtGdiGetColorAdjustment
Status: Not hooked
#: 170 Function Name: NtGdiGetColorSpaceforBitmap
Status: Not hooked
#: 171 Function Name: NtGdiGetCOPPCompatibleOPMInformation
Status: Not hooked
#: 172 Function Name: NtGdiGetDCDword
Status: Not hooked
#: 173 Function Name: NtGdiGetDCforBitmap
Status: Not hooked
#: 174 Function Name: NtGdiGetDCObject
Status: Not hooked
#: 175 Function Name: NtGdiGetDCPoint
Status: Not hooked
#: 176 Function Name: NtGdiGetDeviceCaps
Status: Not hooked
#: 177 Function Name: NtGdiGetDeviceGammaRamp
Status: Not hooked
#: 178 Function Name: NtGdiGetDeviceCapsAll
Status: Not hooked
#: 179 Function Name: NtGdiGetDIBitsInternal
Status: Not hooked
#: 180 Function Name: NtGdiGetETM
Status: Not hooked
#: 181 Function Name: NtGdiGetEudcTimeStampEx
Status: Not hooked
#: 182 Function Name: NtGdiGetFontData
Status: Not hooked
#: 183 Function Name: NtGdiGetFontResourceInfoInternalW
Status: Not hooked
#: 184 Function Name: NtGdiGetGlyphIndicesW
Status: Not hooked
#: 185 Function Name: NtGdiGetGlyphIndicesWInternal
Status: Not hooked
#: 186 Function Name: NtGdiGetGlyphOutline
Status: Not hooked
#: 187 Function Name: NtGdiGetOPMInformation
Status: Not hooked
#: 188 Function Name: NtGdiGetKerningPairs
Status: Not hooked
#: 189 Function Name: NtGdiGetLinkedUFIs
Status: Not hooked
#: 190 Function Name: NtGdiGetMiterLimit
Status: Not hooked
#: 191 Function Name: NtGdiGetMonitorID
Status: Not hooked
#: 192 Function Name: NtGdiGetNearestColor
Status: Not hooked
#: 193 Function Name: NtGdiGetNearestPaletteIndex
Status: Not hooked
#: 194 Function Name: NtGdiGetObjectBitmapHandle
Status: Not hooked
#: 195 Function Name: NtGdiGetOPMRandomNumber
Status: Not hooked
#: 196 Function Name: NtGdiGetOutlineTextMetricsInternalW
Status: Not hooked
#: 197 Function Name: NtGdiGetPath
Status: Not hooked
#: 198 Function Name: NtGdiGetPixel
Status: Not hooked
#: 199 Function Name: NtGdiGetRandomRgn
Status: Not hooked
#: 200 Function Name: NtGdiGetRasterizerCaps
Status: Not hooked
#: 201 Function Name: NtGdiGetRealizationInfo
Status: Not hooked
#: 202 Function Name: NtGdiGetRegionData
Status: Not hooked
#: 203 Function Name: NtGdiGetRgnBox
Status: Not hooked
#: 204 Function Name: NtGdiGetServerMetaFileBits
Status: Not hooked
#: 205 Function Name: NtGdiGetSpoolMessage
Status: Not hooked
#: 206 Function Name: NtGdiGetStats
Status: Not hooked
#: 207 Function Name: NtGdiGetStockObject
Status: Not hooked
#: 208 Function Name: NtGdiGetStringBitmapW
Status: Not hooked
#: 209 Function Name: NtGdiGetSuggestedOPMProtectedOutputArra ySize
Status: Not hooked
#: 210 Function Name: NtGdiGetSystemPaletteUse
Status: Not hooked
#: 211 Function Name: NtGdiGetTextCharsetInfo
Status: Not hooked
#: 212 Function Name: NtGdiGetTextExtent
Status: Not hooked
#: 213 Function Name: NtGdiGetTextExtentExW
Status: Not hooked
#: 214 Function Name: NtGdiGetTextFaceW
Status: Not hooked
#: 215 Function Name: NtGdiGetTextMetricsW
Status: Not hooked
#: 216 Function Name: NtGdiGetTransform
Status: Not hooked
#: 217 Function Name: NtGdiGetUFI
Status: Not hooked
#: 218 Function Name: NtGdiGetEmbUFI
Status: Not hooked
#: 219 Function Name: NtGdiGetUFIPathname
Status: Not hooked
#: 220 Function Name: NtGdiGetEmbedFonts
Status: Not hooked
#: 221 Function Name: NtGdiChangeGhostFont
Status: Not hooked
#: 222 Function Name: NtGdiAddEmbFontToDC
Status: Not hooked
#: 223 Function Name: NtGdiGetFontUnicodeRanges
Status: Not hooked
#: 224 Function Name: NtGdiGetWidthTable
Status: Not hooked
#: 225 Function Name: NtGdiGradientFill
Status: Not hooked
#: 226 Function Name: NtGdiHfontCreate
Status: Not hooked
#: 227 Function Name: NtGdiIcmBrushInfo
Status: Not hooked
#: 228 Function Name: SURFACE::bUnMap
Status: Not hooked
#: 229 Function Name: NtGdiInitSpool
Status: Not hooked
#: 230 Function Name: NtGdiIntersectClipRect
Status: Not hooked
#: 231 Function Name: NtGdiInvertRgn
Status: Not hooked
#: 232 Function Name: NtGdiLineTo
Status: Not hooked
#: 233 Function Name: NtGdiMakeFontDir
Status: Not hooked
#: 234 Function Name: NtGdiMakeInfoDC
Status: Not hooked
#: 235 Function Name: NtGdiMaskBlt
Status: Not hooked
#: 236 Function Name: NtGdiModifyWorldTransform
Status: Not hooked
#: 237 Function Name: NtGdiMonoBitmap
Status: Not hooked
#: 238 Function Name: NtGdiMoveTo
Status: Not hooked
#: 239 Function Name: NtGdiOffsetClipRgn
Status: Not hooked
#: 240 Function Name: NtGdiOffsetRgn
Status: Not hooked
#: 241 Function Name: NtGdiOpenDCW
Status: Not hooked
#: 242 Function Name: NtGdiPatBlt
Status: Not hooked
#: 243 Function Name: NtGdiPolyPatBlt
Status: Not hooked
#: 244 Function Name: NtGdiPathToRegion
Status: Not hooked
#: 245 Function Name: NtGdiPlgBlt
Status: Not hooked
#: 246 Function Name: NtGdiPolyDraw
Status: Not hooked
#: 247 Function Name: NtGdiPolyPolyDraw
Status: Not hooked
#: 248 Function Name: NtGdiPolyTextOutW
Status: Not hooked
#: 249 Function Name: NtGdiPtInRegion
Status: Not hooked
#: 250 Function Name: NtGdiPtVisible
Status: Not hooked
#: 251 Function Name: NtGdiQueryFonts
Status: Not hooked
#: 252 Function Name: NtGdiQueryFontAssocInfo
Status: Not hooked
#: 253 Function Name: NtGdiRectangle
Status: Not hooked
#: 254 Function Name: NtGdiRectInRegion
Status: Not hooked
#: 255 Function Name: NtGdiRectVisible
Status: Not hooked
#: 256 Function Name: NtGdiRemoveFontResourceW
Status: Not hooked
#: 257 Function Name: NtGdiRemoveFontMemResourceEx
Status: Not hooked
#: 258 Function Name: NtGdiResetDC
Status: Not hooked
#: 259 Function Name: NtGdiResizePalette
Status: Not hooked
#: 260 Function Name: NtGdiRestoreDC
Status: Not hooked
#: 261 Function Name: NtGdiRoundRect
Status: Not hooked
#: 262 Function Name: NtGdiSaveDC
Status: Not hooked
#: 263 Function Name: NtGdiScaleViewportExtEx
Status: Not hooked
#: 264 Function Name: NtGdiScaleWindowExtEx
Status: Not hooked
#: 265 Function Name: GreSelectBitmap
Status: Not hooked
#: 266 Function Name: NtGdiSelectBrush
Status: Not hooked
#: 267 Function Name: NtGdiSelectClipPath
Status: Not hooked
#: 268 Function Name: NtGdiSelectFont
Status: Not hooked
#: 269 Function Name: NtGdiSelectPen
Status: Not hooked
#: 270 Function Name: NtGdiSetBitmapAttributes
Status: Not hooked
#: 271 Function Name: NtGdiSetBitmapBits
Status: Not hooked
#: 272 Function Name: NtGdiSetBitmapDimension
Status: Not hooked
#: 273 Function Name: NtGdiSetBoundsRect
Status: Not hooked
#: 274 Function Name: NtGdiSetBrushAttributes
Status: Not hooked
#: 275 Function Name: NtGdiSetBrushOrg
Status: Not hooked
#: 276 Function Name: NtGdiSetColorAdjustment
Status: Not hooked
#: 277 Function Name: NtGdiSetColorSpace
Status: Not hooked
#: 278 Function Name: NtGdiSetDeviceGammaRamp
Status: Not hooked
#: 279 Function Name: NtGdiSetDIBitsToDeviceInternal
Status: Not hooked
#: 280 Function Name: NtGdiSetFontEnumeration
Status: Not hooked
#: 281 Function Name: NtGdiSetFontXform
Status: Not hooked
#: 282 Function Name: NtGdiSetIcmMode
Status: Not hooked
#: 283 Function Name: NtGdiSetLinkedUFIs
Status: Not hooked
#: 284 Function Name: NtGdiSetMagicColors
Status: Not hooked
#: 285 Function Name: NtGdiSetMetaRgn
Status: Not hooked
#: 286 Function Name: NtGdiSetMiterLimit
Status: Not hooked
#: 287 Function Name: NtGdiGetDeviceWidth
Status: Not hooked
#: 288 Function Name: NtGdiMirrorWindowOrg
Status: Not hooked
#: 289 Function Name: NtGdiSetLayout
Status: Not hooked
#: 290 Function Name: NtGdiSetOPMSigningKeyAndSequenceNumbers
Status: Not hooked
#: 291 Function Name: NtGdiSetPixel
Status: Not hooked
#: 292 Function Name: NtGdiSetPixelFormat
Status: Not hooked
#: 293 Function Name: NtGdiSetRectRgn
Status: Not hooked
#: 294 Function Name: NtGdiSetSystemPaletteUse
Status: Not hooked
#: 295 Function Name: NtGdiSetTextJustification
Status: Not hooked
#: 296 Function Name: NtGdiSetupPublicCFONT
Status: Not hooked
#: 297 Function Name: NtGdiSetVirtualResolution
Status: Not hooked
#: 298 Function Name: NtGdiSetSizeDevice
Status: Not hooked
#: 299 Function Name: NtGdiStartDoc
Status: Not hooked
#: 300 Function Name: NtGdiStartPage
Status: Not hooked
#: 301 Function Name: NtGdiStretchBlt
Status: Not hooked
#: 302 Function Name: NtGdiStretchDIBitsInternal
Status: Not hooked
#: 303 Function Name: NtGdiStrokeAndFillPath
Status: Not hooked
#: 304 Function Name: NtGdiStrokePath
Status: Not hooked
#: 305 Function Name: NtGdiSwapBuffers
Status: Not hooked
#: 306 Function Name: NtGdiTransformPoints
Status: Not hooked
#: 307 Function Name: NtGdiTransparentBlt
Status: Not hooked
#: 308 Function Name: DxgStubCanCreateSurface
Status: Not hooked
#: 309 Function Name: NtGdiUMPDEngFreeUserMem
Status: Not hooked
#: 310 Function Name: NtGdiUnrealizeObject
Status: Not hooked
#: 311 Function Name: NtGdiUpdateColors
Status: Not hooked
#: 312 Function Name: NtGdiWidenPath
Status: Not hooked
#: 313 Function Name: NtUserActivateKeyboardLayout
Status: Not hooked
#: 314 Function Name: NtUserAddClipboardFormatListener
Status: Not hooked
#: 315 Function Name: NtUserAlterWindowStyle
Status: Not hooked
#: 316 Function Name: NtUserAssociateInputContext
Status: Not hooked
#: 317 Function Name: NtUserAttachThreadInput
Status: Not hooked
#: 318 Function Name: NtUserBeginPaint
Status: Not hooked
#: 319 Function Name: NtUserBitBltSysBmp
Status: Not hooked
#: 320 Function Name: NtUserBlockInput
Status: Not hooked
#: 321 Function Name: NtUserBuildHimcList
Status: Not hooked
#: 322 Function Name: NtUserBuildHwndList
Status: Not hooked
#: 323 Function Name: NtUserBuildNameList
Status: Not hooked
#: 324 Function Name: NtUserBuildPropList
Status: Not hooked
#: 325 Function Name: NtUserCallHwnd
Status: Not hooked
#: 326 Function Name: NtUserCallHwndLock
Status: Not hooked
#: 327 Function Name: NtUserCallHwndOpt
Status: Not hooked
#: 328 Function Name: NtUserCallHwndParam
Status: Not hooked
#: 329 Function Name: NtUserCallHwndParamLock
Status: Not hooked
#: 330 Function Name: NtUserCallMsgFilter
Status: Not hooked
#: 331 Function Name: NtUserCallNextHookEx
Status: Not hooked
#: 332 Function Name: NtUserCallNoParam
Status: Not hooked
#: 333 Function Name: NtUserCallOneParam
Status: Not hooked
#: 334 Function Name: NtUserCallTwoParam
Status: Not hooked
#: 335 Function Name: NtUserChangeClipboardChain
Status: Not hooked
#: 336 Function Name: NtUserChangeDisplaySettings
Status: Not hooked
#: 337 Function Name: NtUserCheckAccessForIntegrityLevel
Status: Not hooked
#: 338 Function Name: NtUserCheckDesktopByThreadId
Status: Not hooked
#: 339 Function Name: NtUserCheckWindowThreadDesktop
Status: Not hooked
#: 340 Function Name: NtUserCheckImeHotKey
Status: Not hooked
#: 341 Function Name: NtUserCheckMenuItem
Status: Not hooked
#: 342 Function Name: NtUserChildWindowFromPointEx
Status: Not hooked
#: 343 Function Name: NtUserClipCursor
Status: Not hooked
#: 344 Function Name: NtUserCloseClipboard
Status: Not hooked
#: 345 Function Name: NtUserCloseDesktop
Status: Not hooked
#: 346 Function Name: NtUserCloseWindowStation
Status: Not hooked
#: 347 Function Name: NtUserConsoleControl
Status: Not hooked
#: 348 Function Name: NtUserConvertMemHandle
Status: Not hooked
#: 349 Function Name: NtUserCopyAcceleratorTable
Status: Not hooked
#: 350 Function Name: NtUserCountClipboardFormats
Status: Not hooked
#: 351 Function Name: NtUserCreateAcceleratorTable
Status: Not hooked
#: 352 Function Name: NtUserCreateCaret
Status: Not hooked
#: 353 Function Name: NtUserCreateDesktopEx
Status: Not hooked
#: 354 Function Name: NtUserCreateInputContext
Status: Not hooked
#: 355 Function Name: NtUserCreateLocalMemHandle
Status: Not hooked
#: 356 Function Name: NtUserCreateWindowEx
Status: Not hooked
#: 357 Function Name: NtUserCreateWindowStation
Status: Not hooked
#: 358 Function Name: NtUserDdeInitialize
Status: Not hooked
#: 359 Function Name: NtUserDeferWindowPos
Status: Not hooked
#: 360 Function Name: NtUserDefSetText
Status: Not hooked
#: 361 Function Name: NtUserDeleteMenu
Status: Not hooked
#: 362 Function Name: NtUserDestroyAcceleratorTable
Status: Not hooked
#: 363 Function Name: NtUserDestroyCursor
Status: Not hooked
#: 364 Function Name: NtUserDestroyInputContext
Status: Not hooked
#: 365 Function Name: NtUserDestroyMenu
Status: Not hooked
#: 366 Function Name: NtUserDestroyWindow
Status: Not hooked
#: 367 Function Name: NtUserDisableThreadIme
Status: Not hooked
#: 368 Function Name: NtUserDispatchMessage
Status: Not hooked
#: 369 Function Name: NtUserDoSoundConnect
Status: Not hooked
#: 370 Function Name: NtUserDoSoundDisconnect
Status: Not hooked
#: 371 Function Name: NtUserDragDetect
Status: Not hooked
#: 372 Function Name: NtUserDragObject
Status: Not hooked
#: 373 Function Name: NtUserDrawAnimatedRects
Status: Not hooked
#: 374 Function Name: NtUserDrawCaption
Status: Not hooked
#: 375 Function Name: NtUserDrawCaptionTemp
Status: Not hooked
#: 376 Function Name: NtUserDrawIconEx
Status: Not hooked
#: 377 Function Name: NtUserDrawMenuBarTemp
Status: Not hooked
#: 378 Function Name: NtUserEmptyClipboard
Status: Not hooked
#: 379 Function Name: NtUserEnableMenuItem
Status: Not hooked
#: 380 Function Name: NtUserEnableScrollBar
Status: Not hooked
#: 381 Function Name: NtUserEndDeferWindowPosEx
Status: Not hooked
#: 382 Function Name: NtUserEndMenu
Status: Not hooked
#: 383 Function Name: NtUserEndPaint
Status: Not hooked
#: 384 Function Name: NtUserEnumDisplayDevices
Status: Not hooked
#: 385 Function Name: NtUserEnumDisplayMonitors
Status: Not hooked
#: 386 Function Name: NtUserEnumDisplaySettings
Status: Not hooked
#: 387 Function Name: NtUserEvent
Status: Not hooked
#: 388 Function Name: NtUserExcludeUpdateRgn
Status: Not hooked
#: 389 Function Name: NtUserFillWindow
Status: Not hooked
#: 390 Function Name: NtUserFindExistingCursorIcon
Status: Not hooked
#: 391 Function Name: NtUserFindWindowEx
Status: Not hooked
#: 392 Function Name: NtUserFlashWindowEx
Status: Not hooked
#: 393 Function Name: NtUserFrostCrashedWindow
Status: Not hooked
#: 394 Function Name: NtUserGetAltTabInfo
Status: Not hooked
#: 395 Function Name: NtUserGetAncestor
Status: Not hooked
#: 396 Function Name: NtUserGetAppImeLevel
Status: Not hooked
#: 397 Function Name: NtUserGetAsyncKeyState
Status: Not hooked
#: 398 Function Name: NtUserGetAtomName
Status: Not hooked
#: 399 Function Name: NtUserGetCaretBlinkTime
Status: Not hooked
#: 400 Function Name: NtUserGetCaretPos
Status: Not hooked
#: 401 Function Name: NtUserGetClassInfoEx
Status: Not hooked
#: 402 Function Name: NtUserGetClassName
Status: Not hooked
#: 403 Function Name: NtUserGetClipboardData
Status: Not hooked
#: 404 Function Name: NtUserGetClipboardFormatName
Status: Not hooked
#: 405 Function Name: NtUserGetClipboardOwner
Status: Not hooked
#: 406 Function Name: NtUserGetClipboardSequenceNumber
Status: Not hooked
#: 407 Function Name: NtUserGetClipboardViewer
Status: Not hooked
#: 408 Function Name: NtUserGetClipCursor
Status: Not hooked
#: 409 Function Name: NtUserGetComboBoxInfo
Status: Not hooked
#: 410 Function Name: NtUserGetControlBrush
Status: Not hooked
#: 411 Function Name: NtUserGetControlColor
Status: Not hooked
#: 412 Function Name: NtUserGetCPD
Status: Not hooked
#: 413 Function Name: NtUserGetCursorFrameInfo
Status: Not hooked
#: 414 Function Name: NtUserGetCursorInfo
Status: Not hooked
#: 415 Function Name: NtUserGetDC
Status: Not hooked
#: 416 Function Name: NtUserGetDCEx
Status: Not hooked
#: 417 Function Name: NtUserGetDoubleClickTime
Status: Not hooked
#: 418 Function Name: NtUserGetForegroundWindow
Status: Not hooked
#: 419 Function Name: NtUserGetGuiResources
Status: Not hooked
#: 420 Function Name: NtUserGetGUIThreadInfo
Status: Not hooked
#: 421 Function Name: NtUserGetIconInfo
Status: Not hooked
#: 422 Function Name: NtUserGetIconSize
Status: Not hooked
#: 423 Function Name: NtUserGetImeHotKey
Status: Not hooked
#: 424 Function Name: NtUserGetImeInfoEx
Status: Not hooked
#: 425 Function Name: NtUserGetInternalWindowPos
Status: Not hooked
#: 426 Function Name: NtUserGetKeyboardLayoutList
Status: Not hooked
#: 427 Function Name: NtUserGetKeyboardLayoutName
Status: Not hooked
#: 428 Function Name: NtUserGetKeyboardState
Status: Not hooked
#: 429 Function Name: NtUserGetKeyNameText
Status: Not hooked
#: 430 Function Name: NtUserGetKeyState
Status: Not hooked
#: 431 Function Name: NtUserGetListBoxInfo
Status: Not hooked
#: 432 Function Name: NtUserGetMenuBarInfo
Status: Not hooked
#: 433 Function Name: NtUserGetMenuIndex
Status: Not hooked
#: 434 Function Name: NtUserGetMenuItemRect
Status: Not hooked
#: 435 Function Name: NtUserGetMessage
Status: Not hooked
#: 436 Function Name: NtUserGetMouseMovePointsEx
Status: Not hooked
#: 437 Function Name: NtUserGetObjectInformation
Status: Not hooked
#: 438 Function Name: NtUserGetOpenClipboardWindow
Status: Not hooked
#: 439 Function Name: NtUserGetPriorityClipboardFormat
Status: Not hooked
#: 440 Function Name: NtUserGetProcessWindowStation
Status: Not hooked
#: 441 Function Name: NtUserGetRawInputBuffer
Status: Not hooked
#: 442 Function Name: NtUserGetRawInputData
Status: Not hooked
#: 443 Function Name: NtUserGetRawInputDeviceInfo
Status: Not hooked
#: 444 Function Name: NtUserGetRawInputDeviceList
Status: Not hooked
#: 445 Function Name: NtUserGetRegisteredRawInputDevices
Status: Not hooked
#: 446 Function Name: NtUserGetScrollBarInfo
Status: Not hooked
#: 447 Function Name: NtUserGetSystemMenu
Status: Not hooked
#: 448 Function Name: NtUserGetThreadDesktop
Status: Not hooked
#: 449 Function Name: NtUserGetThreadState
Status: Not hooked
#: 450 Function Name: NtUserGetTitleBarInfo
Status: Not hooked
#: 451 Function Name: NtUserGet
-
RootRepeal File check Failed a hour in to it.
This is the error report from RootRepeal
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP2
Exception Code: 0xc0000005
Exception Address: 0x0040ab12
Attempt to write to address: 0x00000004
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
C:\Users\pc\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
E:\Users\Raper\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
-
Ran Scan with internet explorer.I think i downloaded IMF-setup.exe from http://download.cnet.com so not sure how thats infected.
-
How's your computer running now? Any other issues?