goatness

Win7 and Google Redirect Virus

47 posts in this topic

Hi,

My Malwarebyte is compromised as well, so I haven't been able to do anything really.

Thanks so much for the help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by mhsu at 14:26:11 on 2012-01-04

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1910.840 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\AtService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe

C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\vVX6000.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\vsnp2std.exe

C:\Program Files\gAlwaysIdle\gidle.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe

C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\mhsu\AppData\Roaming\Spotify\spotify.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\mhsu\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = proxy.seeconline.org:3128

uInternet Settings,ProxyOverride = hxxp://10.0.0.*;http://companyweb;https://companyweb;<local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [F.lux] "c:\users\mhsu\local settings\apps\f.lux\flux.exe" /noshow

uRun: [googletalk] c:\users\mhsu\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\users\mhsu\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [spotify] "c:\users\mhsu\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart

uRun: [Nativeapidrv] rundll32.exe "c:\users\mhsu\appdata\local\wmicfg.net\Nativeapidrv.dll",sysUserIde CdCommonPort

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [gidle] "c:\program files\galwaysidle\gidle.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{205D6DBF-0672-4653-B26F-8D9A7C7754D4} : NameServer = 208.67.222.222

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\14356434 : DhcpNameServer = 10.5.0.1 66.103.80.4 66.103.64.4

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\3496479702F66602D496E6E6561607F6C6963702055726C696360275966496 : DhcpNameServer = 206.55.176.53 206.55.176.52

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\35475667560224C616E6B6372E08993702960586F6E656 : DhcpNameServer = 172.26.38.1 172.26.38.2

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\35565636 : DhcpNameServer = 10.0.0.201

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\E49484D26596379647F62737D275C414E4 : DhcpNameServer = 128.231.128.251 128.231.64.1

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\F46756274627966756D2347363 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\F46756274627966756D2347363 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F} : NameServer = 208.67.222.222

TCP: Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F} : DhcpNameServer = 172.6.1.161

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mhsu\appdata\roaming\mozilla\firefox\profiles\hr8njggg.default\

FF - prefs.js: browser.startup.homepage - nytimes.com

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\mhsu\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\mhsu\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\mhsu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-11-20 17072]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-11-20 81920]

R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]

R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-4 114688]

R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]

R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-11-20 60928]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-28 366152]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-1 59904]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-20 42672]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-11-1 274984]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-1 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-1 246272]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-28 22216]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-27 1153368]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-1 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-1 38912]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-29 1343400]

.

=============== Created Last 30 ================

.

2012-01-04 04:27:19 280064 ----a-w- c:\users\mhsu\appdata\local\mvp.exe

2012-01-04 04:27:15 280064 ----a-w- c:\users\mhsu\appdata\local\jwb.exe

2012-01-04 02:31:15 276992 ----a-w- c:\users\mhsu\appdata\local\lpx.exe

2012-01-04 02:31:15 276992 ----a-w- c:\users\mhsu\appdata\local\hix.exe

2011-12-27 02:58:25 340480 ----a-w- c:\users\mhsu\appdata\local\qdi.exe

2011-12-27 02:12:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6b00b4cd-3f94-4a80-850b-302ca019200e}\offreg.dll

2011-12-27 02:12:40 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6b00b4cd-3f94-4a80-850b-302ca019200e}\mpengine.dll

2011-12-24 22:07:53 -------- d-----w- c:\users\mhsu\appdata\local\wmicfg.NET

2011-12-24 04:44:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-15 19:24:39 2340352 ----a-w- c:\windows\system32\win32k.sys

2011-12-15 19:24:35 2048 ----a-w- c:\windows\system32\tzres.dll

2011-12-15 19:24:23 534528 ----a-w- c:\windows\system32\EncDec.dll

2011-12-15 19:24:23 38912 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-15 19:24:21 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-12-15 19:24:21 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-12-13 20:19:07 -------- d-----w- c:\program files\Citrix

2011-12-13 20:13:36 60304 ----a-w- c:\users\mhsu\g2mdlhlpx.exe

.

==================== Find3M ====================

.

2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec

2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 14:27:10.06 ===============

Share this post


Link to post
Share on other sites

Hello,

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Reply with copy of the Eset scan log

Step 4

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Re-enable the antivirus program.

Step 5

Reply with copies of contents of The Eset scan log & the MBAM scan log for review.

If we do not hear back from you in 3 days, this thread will be closed.

Share this post


Link to post
Share on other sites

Hi, since it has been a while since the first post, I have reposted the DDS results below, please let me know if I should follow the same steps as listed above, thank you for responding.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.7600.16385

Run by mhsu at 0:15:51 on 2012-02-21

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1910.902 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyServer = proxy.seeconline.org:3128

uInternet Settings,ProxyOverride = hxxp://10.0.0.*;http://companyweb;https://companyweb;<local>;*.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [F.lux] "c:\users\mhsu\local settings\apps\f.lux\flux.exe" /noshow

uRun: [googletalk] c:\users\mhsu\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Google Update] "c:\users\mhsu\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [spotify] "c:\users\mhsu\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart

uRun: [CvtMouseUI] rundll32.exe "c:\users\mhsu\appdata\local\cvtmapapi\CvtMouseUI.dll",SecurityobjClock xpmapEnum

uRunOnce: [sminet64] cmd.exe /c RD /S /Q "c:\users\mhsu\appdata\local\isaMobileman"

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [uSCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [gidle] "c:\program files\galwaysidle\gidle.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe

mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe

dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office11\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{205D6DBF-0672-4653-B26F-8D9A7C7754D4} : NameServer = 208.67.222.222

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\14356434 : DhcpNameServer = 10.5.0.1 66.103.80.4 66.103.64.4

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\3496479702F66602D496E6E6561607F6C6963702055726C696360275966496 : DhcpNameServer = 206.55.176.53 206.55.176.52

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\35475667560224C616E6B6372E08993702960586F6E656 : DhcpNameServer = 172.26.38.1 172.26.38.2

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\35565636 : DhcpNameServer = 10.0.0.201

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\E49484D26596379647F62737D275C414E4 : DhcpNameServer = 128.231.128.251 128.231.64.1

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\F46756274627966756D2347363 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}\F46756274627966756D2347363 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F} : NameServer = 208.67.222.222

TCP: Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F} : DhcpNameServer = 172.6.1.161

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mhsu\appdata\roaming\mozilla\firefox\profiles\hr8njggg.default\

FF - prefs.js: browser.startup.homepage - nytimes.com

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\mhsu\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\users\mhsu\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\mhsu\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

============= SERVICES / DRIVERS ===============

.

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-11-20 17072]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-11-1 59904]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-11-20 42672]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-11-1 274984]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2010-11-20 81920]

S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-5-10 1803584]

S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2009-11-4 114688]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2010-8-24 388464]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]

S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-11-20 60928]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-28 366152]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-27 1153368]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 136176]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-11-1 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-11-1 246272]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-28 22216]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-11-1 48640]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-11-1 38912]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-5-20 2074480]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-29 1343400]

.

=============== Created Last 30 ================

.

2012-02-21 05:03:48 -------- d-----w- c:\windows\system32\wbem\repository

2012-02-21 02:31:58 724992 ----a-w- c:\programdata\microsoft\windows\drm\CC63.tmp

2012-02-21 02:31:32 130048 ----a-w- c:\programdata\microsoft\windows\drm\68D0.tmp

2012-02-09 17:06:11 -------- d-----w- c:\users\mhsu\appdata\local\Cvtmapapi

2012-01-31 15:17:38 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-01-31 15:17:38 224768 ----a-w- c:\windows\system32\schannel.dll

2012-01-31 15:17:38 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-01-31 15:17:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-31 15:17:37 99840 ----a-w- c:\windows\system32\sspicli.dll

2012-01-31 15:17:37 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-31 15:17:37 314368 ----a-w- c:\windows\system32\webio.dll

2012-01-31 15:17:37 22528 ----a-w- c:\windows\system32\lsass.exe

2012-01-31 15:17:37 22016 ----a-w- c:\windows\system32\secur32.dll

2012-01-31 15:17:37 15360 ----a-w- c:\windows\system32\sspisrv.dll

.

==================== Find3M ====================

.

2011-12-24 04:44:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-13 20:13:39 60304 ----a-w- c:\users\mhsu\g2mdlhlpx.exe

2011-11-24 04:23:31 2340352 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 0:17:05.81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/29/2010 10:19:15 AM

System Uptime: 2/21/2012 12:03:13 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 00K2MH

Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU 1 | 2394/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 134 GiB total, 65.053 GiB free.

D: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP386: 2/1/2012 3:01:20 AM - Windows Update

RP387: 2/13/2012 2:45:36 PM - Scheduled Checkpoint

RP388: 2/16/2012 3:02:04 AM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP BiDi Channel Components Installer

AccelerometerP11

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Software

BioAPI Framework

Bonjour

Broadcom NetXtreme-I Netlink Driver and Management Installer

Canon MP Navigator 2.0

Canon MP150

Canon My Printer

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

D3DX10

Defraggler

Dell Backup and Recovery Manager

Dell Control Point

Dell ControlPoint Security Manager

Dell Edoc Viewer

Dell Embassy Trust Suite by Wave Systems

Dell Security Device Driver Pack

Dell System Manager

Dell Touchpad

Document Manager Lite

DW WLAN Card Utility

EMBASSY Security Center

EMBASSY Security Setup

ESC Home Page Plugin

F.lux

gAlwaysIdle

Gemalto

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

GoToMeeting 5.1.0.880

HUE HD Webcam

Intel® Graphics Media Accelerator Driver

iTunes

Java Auto Updater

Java™ 6 Update 22

Junk Mail filter update

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Corporation

Microsoft LifeCam

Microsoft Office Professional Edition 2003

Microsoft Search Enhancement Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NTRU TCG Software Stack

O2Micro OZ776 SCR Driver

OGA Notifier 2.0.0048.0

PowerDVD DX

Preboot Manager

Private Information Manager

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Wizards

Spotify

Spybot - Search & Destroy

Times Reader

Trusted Drive Manager

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

UPEK TouchChip Fingerprint Reader

Wave Infrastructure Installer

Wave Support Software

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)

Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Center

.

==== Event Viewer Messages From Past Week ========

.

2/21/2012 12:13:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2012 12:07:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/21/2012 12:05:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/21/2012 12:04:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/21/2012 12:04:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/21/2012 12:04:02 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv.dll Error Code: 21

2/21/2012 12:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

2/21/2012 12:03:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

2/21/2012 12:03:44 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

2/21/2012 12:03:44 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain SEEC-DOM due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

2/21/2012 12:03:42 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

2/21/2012 12:03:41 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8364fceb, 0xa9aaf424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022112-20342-01.

2/21/2012 12:03:19 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

2/20/2012 9:58:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a41ceb, 0x98aaf424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-18033-01.

2/20/2012 9:35:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a6bceb, 0x992af424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-17144-01.

2/20/2012 7:18:49 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

2/20/2012 7:16:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

2/20/2012 11:46:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/20/2012 11:46:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/20/2012 11:46:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/20/2012 11:45:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:30 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/20/2012 11:45:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83660ceb, 0xaa0a3424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-21075-01.

2/20/2012 11:30:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: akfmdd discache MpFilter spldr uyhekcgw Wanarpv6

2/20/2012 11:30:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a54ceb, 0x994a3424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-16052-01.

2/20/2012 11:29:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a78ceb, 0x9948f424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-19375-01.

2/20/2012 10:53:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: akfmdd discache MpFilter spldr Wanarpv6

2/20/2012 10:53:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a6aceb, 0x99483424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-19578-01.

2/20/2012 10:52:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a49ceb, 0x9908f424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-20841-01.

2/20/2012 10:00:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x88a74ceb, 0x8c48f424, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022012-18595-01.

2/20/2012 10:00:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD akfmdd CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

2/20/2012 1:11:01 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user SEEC-DOM\mhsu SID (S-1-5-21-278053664-2185810746-1395160328-7715) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

2/19/2012 9:58:47 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

2/17/2012 11:37:47 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{7732D151-615A-4924-BA48-D0FBABCC1278} because another computer on the network has the same name. The server could not start.

2/16/2012 3:01:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

I need for you to do all the steps I outlined in my previous response. !!

Then copy & paste "those logs" I asked for.

Share this post


Link to post
Share on other sites

Hi, My malwarebyte will not run, it says "run time error '5'".

Here is the ESET scan log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6b0966b6db2115469b4d766896bf27b6

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-22 01:58:14

# local_time=2012-02-21 08:58:14 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 66 94 37910130 81418164 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=137226

# found=21

# cleaned=21

# scan_time=2521

C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m6q5x8yd.default\extensions\{903bb742-9603-4925-b548-3b5a8a8dc0e6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\m6q5x8yd.default\extensions\{903bb742-9603-4925-b548-3b5a8a8dc0e6}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\mhsu\AppData\Roaming\Mozilla\Firefox\Profiles\hr8njggg.default\extensions\{8dff4ff9-de9e-4273-9380-64a2cbfeb625}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\mhsu\AppData\Roaming\Mozilla\Firefox\Profiles\hr8njggg.default\extensions\{8dff4ff9-de9e-4273-9380-64a2cbfeb625}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\mhsu\AppData\Roaming\Mozilla\Firefox\Profiles\hr8njggg.default\extensions\{903bb742-9603-4925-b548-3b5a8a8dc0e6}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\mhsu\AppData\Roaming\Mozilla\Firefox\Profiles\hr8njggg.default\extensions\{903bb742-9603-4925-b548-3b5a8a8dc0e6}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\hix.exe a variant of Win32/Kryptik.YKJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\jwb.exe a variant of Win32/Kryptik.YKJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\lpx.exe a variant of Win32/Kryptik.YKJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\mvp.exe a variant of Win32/Kryptik.YKJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\qdi.exe a variant of Win32/Kryptik.YBA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\isaMobileman\sminet64.dll probably a variant of Win32/Sefnit.CD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\mhsu\AppData\Local\SecurityMapnet\AppleMapCres.dll probably a variant of Win32/Sefnit.CD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1MLJAI79\d2ab60e9fa566c6fa90e364b181a7ba1[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Roaming\A9B012.exe a variant of Win32/Kryptik.ABBR trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\temp\3A05.tmp a variant of Win32/Kryptik.ABDK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\temp\cgqrvzhijdudjgetma.exe a variant of Win32/Kryptik.ABBO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\temp\F824.tmp a variant of Win32/Kryptik.XCV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\temp\Photo.class a variant of Java/TrojanDownloader.Agent.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\temp\upzxjssdquqaheeh.exe a variant of Win32/Kryptik.ABBO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Thank you.

Share this post


Link to post
Share on other sites

Step 1

Spybot's Teatimer will interfere with malware cleanups if it is ON. Let's turn it off & keep it OFF.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Step 2

Download and run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

Step 3

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows & I.E. browsers are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Windows 7/Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Step 4

Next Please download & save Malwarebytes Anti-Malware from

http://www.malwareby...am-download.php

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Step 5

Now, start MBAM and do a Full scan. It may take an hour or more, but well worth running.

Copy and Paste the contents of the MBAM scan log & the log from GooredFix.

Share this post


Link to post
Share on other sites

GooredFix by jpshortstuff (03.07.10.1)

Log created at 10:33 on 22/02/2012 (mhsu)

Firefox version 4.0.1 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:40 27/03/2011]

C:\Users\mhsu\Application Data\Mozilla\Firefox\Profiles\hr8njggg.default\extensions\

{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [15:59 27/01/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [20:39 23/12/2010]

-=E.O.F=-

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.22.03

Windows 7 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7600.16385

mhsu :: ES-E5410-1 [administrator]

2/22/2012 10:45:27 AM

mbam-log-2012-02-22 (12-26-19).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 343353

Time elapsed: 50 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 10

C:\Windows\temp\avhqospdlwnotgjyygoqehsca.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\bbueimmybdwpsckvgt.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\dovmbhkclhrejczqvezw.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\hbsabkuyoierynamashnkyne.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\ianfrucnfpcu.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\nnrvmsqztgwokkx.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\pfoifoemes.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\utzstxdofdqj.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\uvqrjfkppjovx.exe (Spyware.Password) -> No action taken.

C:\Windows\temp\0.26230816112653477.exe (Exploit.Drop.2) -> No action taken.

(end)

Share this post


Link to post
Share on other sites

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system! eusa_hand.gif

If you are not goatness and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Disable your anti-virus program How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download and SAVE this file -- to your Desktop -- (Do NOT run the file straight away from download) from any one of these sources:

Link 1

Link 2

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:

KILLALL::

Driver::
dplaysvr

Registry::
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dplaysvr"=-


File::
C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
C:\Windows\temp\avhqospdlwnotgjyygoqehsca.exe
C:\Windows\temp\bbueimmybdwpsckvgt.exe
C:\Windows\temp\dovmbhkclhrejczqvezw.exe
C:\Windows\temp\hbsabkuyoierynamashnkyne.exe
C:\Windows\temp\ianfrucnfpcu.exe
C:\Windows\temp\nnrvmsqztgwokkx.exe
C:\Windows\temp\pfoifoemes.exe
C:\Windows\temp\utzstxdofdqj.exe
C:\Windows\temp\uvqrjfkppjovx.exe
C:\Windows\temp\0.26230816112653477.exe

Folder::
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:

CFScript.gif

  • icon_exclaim.gif Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • A window may open with a warning. Type "1" (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Do not run ComboFix more than once icon_exclaim.gif

NEXT

Make sure Windows is running in Normal mode.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Share this post


Link to post
Share on other sites

My computer is unable to run in normal mode, I received a blue screen of death...

The log for combofix is attached, it is too long to post. Below is the mbam log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.22.05

Windows 7 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7600.16385

mhsu :: ES-E5410-1 [administrator]

2/22/2012 6:16:59 PM

mbam-log-2012-02-22 (18-16-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 212187

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ComboFix.txt

Share this post


Link to post
Share on other sites

My computer is unable to run in normal mode, I received a blue screen of death...

If so, please try one more time, and this time get for me the exact STOP code and the descriptive text, if any.

The STOP code is more often than not, helpful for research & fix.

Do that while I review your Combofix log. Thanx.

Share this post


Link to post
Share on other sites

Thank you for the quick response.

"STOP: 0x0000008E (0x0000005, 0x88A54CEB,0x9943A3424, 0x00000000)

iastor.sys - Address 88A54CEB base at 88A13000 Datestamp 4b8f1b5b"

Share this post


Link to post
Share on other sites

P.S. Is this system in a company/corporate environment? That's indicated from your log. I urge you to advise your company's IT help desk of this situation.

They can get you back & running faster.

Also, I noted F.lux\flux.exe in your log. What is the F.lux application ?

Share this post


Link to post
Share on other sites

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    themeui.dll
    beep.sys
    userinit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of just OTL.txt

Share this post


Link to post
Share on other sites

Flux is an app that dims the light as the time of day goes on.

OTL logfile created on: 2/22/2012 11:28:53 PM - Run 1

OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\mhsu\Downloads

Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.37 Gb Available Physical Memory | 19.70% Memory free

3.73 Gb Paging File | 1.74 Gb Available in Paging File | 46.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 134.36 Gb Total Space | 81.18 Gb Free Space | 60.42% Space Free | Partition Type: NTFS

Drive D: | 14.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ES-E5410-1 | User Name: mhsu | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/22 23:24:57 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\mhsu\Downloads\OTL.exe

PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/29 10:57:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/08/24 17:51:50 | 000,388,464 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)

SRV - [2010/05/26 03:54:32 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2010/05/26 03:53:26 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)

SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2010/05/10 16:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) [Auto | Stopped] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)

SRV - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)

SRV - [2010/02/03 18:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)

SRV - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)

SRV - [2009/11/04 19:19:26 | 000,114,688 | ---- | M] (Broadcom Corporation) [Auto | Stopped] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)

SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/11/20 04:05:47 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/07/09 11:08:18 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2010/06/21 12:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2010/06/21 02:44:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2010/05/26 03:54:38 | 000,424,448 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010/05/20 15:27:26 | 002,074,480 | ---- | M] (Microsoft Corporation

) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)

DRV - [2010/03/21 11:25:04 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)

DRV - [2010/03/21 11:25:04 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)

DRV - [2010/03/21 11:25:04 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)

DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/02 05:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2010/01/19 13:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)

DRV - [2010/01/18 08:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)

DRV - [2010/01/18 08:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stdfltn.sys -- (stdflt)

DRV - [2009/10/15 09:50:30 | 000,085,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)

DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)

DRV - [2007/08/17 11:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 3E 3C 0E FD 00 3F 48 BE 55 2B 64 D2 82 CA 48 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://10.0.0.*;http://companyweb;https://companyweb;<local>;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.seeconline.org:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "nytimes.com"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mhsu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mhsu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 15:39:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 13:40:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 17:40:01 | 000,000,000 | ---D | M]

[2010/11/29 14:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhsu\AppData\Roaming\mozilla\Extensions

[2012/02/21 01:25:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhsu\AppData\Roaming\mozilla\Firefox\Profiles\hr8njggg.default\extensions

[2012/02/21 01:27:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\mhsu\AppData\Roaming\mozilla\Firefox\Profiles\hr8njggg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011/03/27 17:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/23 15:39:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2011/06/19 13:40:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google Search = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\

CHR - Extension: Gmail = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2012/02/22 17:59:49 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)

O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe ()

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation

)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKCU..\Run: [F.lux] C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe ()

O4 - HKCU..\Run: [googletalk] C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKCU..\Run: [spotify] C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SEEC.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{205D6DBF-0672-4653-B26F-8D9A7C7754D4}: NameServer = 208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}: DhcpNameServer = 192.168.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F}: DhcpNameServer = 172.6.1.161

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F}: NameServer = 208.67.222.222

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/09/29 00:18:56 | 000,000,103 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/02/22 18:05:28 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/02/22 17:59:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/02/22 17:45:30 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Local\temp

[2012/02/22 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\Malwarebytes

[2012/02/22 10:40:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/02/22 10:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/02/22 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/22 10:33:56 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\GooredFix Backups

[2012/02/21 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/02/21 19:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/02/21 19:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/02/20 23:45:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/02/09 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Local\Cvtmapapi

[52 C:\Users\mhsu\Desktop\*.tmp files -> C:\Users\mhsu\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/22 23:28:41 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715.job

[2012/02/22 18:17:47 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/02/22 18:17:47 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/02/22 18:11:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/22 18:11:32 | 219,063,624 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/02/22 18:11:26 | 1501,966,336 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/22 17:59:49 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/02/22 17:33:35 | 000,001,398 | ---- | M] () -- C:\Users\mhsu\Desktop\ComboFix.exe - Shortcut.lnk

[2012/02/22 10:40:48 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/21 19:36:40 | 000,000,877 | ---- | M] () -- C:\Users\mhsu\Desktop\ERUNT.lnk

[2012/02/20 18:51:11 | 001,615,072 | ---- | M] () -- C:\Users\mhsu\Desktop\ParkingContest.Hsu.Mingwei.jpg

[2012/02/17 11:53:36 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/17 11:53:36 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/15 13:58:05 | 000,002,072 | -H-- | M] () -- C:\Users\mhsu\Documents\Default.rdp

[2012/02/01 03:01:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/01 03:01:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715UA.job

[2012/02/01 00:45:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715Core.job

[2012/01/31 21:37:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/25 13:44:32 | 002,974,610 | ---- | M] () -- C:\Users\mhsu\Desktop\Comic_FRS.pdf

[2012/01/24 21:13:51 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[52 C:\Users\mhsu\Desktop\*.tmp files -> C:\Users\mhsu\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/22 17:33:35 | 000,001,398 | ---- | C] () -- C:\Users\mhsu\Desktop\ComboFix.exe - Shortcut.lnk

[2012/02/22 10:40:48 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/21 19:36:40 | 000,000,877 | ---- | C] () -- C:\Users\mhsu\Desktop\ERUNT.lnk

[2012/02/21 09:36:21 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715.job

[2012/02/21 09:27:25 | 219,063,624 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/02/20 18:51:32 | 001,615,072 | ---- | C] () -- C:\Users\mhsu\Desktop\ParkingContest.Hsu.Mingwei.jpg

[2012/01/25 13:44:06 | 002,974,610 | ---- | C] () -- C:\Users\mhsu\Desktop\Comic_FRS.pdf

[2011/12/26 22:35:02 | 000,000,632 | ---- | C] () -- C:\Windows\wininit.ini

[2011/10/17 16:10:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/10/17 16:10:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/10/17 16:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/10/17 16:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/10/17 16:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/02/23 10:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/02/02 21:50:47 | 000,020,480 | ---- | C] () -- C:\Windows\FWnSM.exe

[2011/02/02 21:50:47 | 000,020,480 | ---- | C] () -- C:\Windows\AutoGo.exe

[2011/02/02 21:50:45 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys

[2011/02/02 21:50:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini

[2011/02/02 21:50:44 | 012,274,432 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys

[2011/02/02 21:50:44 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll

[2011/02/02 21:50:44 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll

[2010/11/29 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\mhsu\AppData\Local\WavXMapDrive.bat

[2010/11/29 10:37:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/11/20 02:25:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010/11/20 02:21:12 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

[2010/11/20 02:20:54 | 000,060,080 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/11/20 02:20:50 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini

[2010/11/01 11:15:38 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2010/11/01 11:15:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/11/01 11:15:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/11/01 11:15:37 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2010/11/01 11:15:37 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010/11/01 11:15:34 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2010/11/01 11:15:33 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/03/02 13:46:38 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >

[2010/12/25 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Adobe

[2010/11/30 11:51:05 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Apple Computer

[2010/11/29 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Broadcom

[2012/02/09 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Canon

[2010/12/25 19:55:21 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1

[2010/11/29 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\CyberLink

[2011/03/13 11:24:51 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Google

[2010/11/29 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Identities

[2011/02/02 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\InstallShield

[2010/11/29 14:14:13 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Macromedia

[2012/02/22 10:40:52 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Malwarebytes

[2009/07/14 02:49:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Media Center Programs

[2011/12/24 00:59:53 | 000,000,000 | --SD | M] -- C:\Users\mhsu\AppData\Roaming\Microsoft

[2012/01/16 12:34:29 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Mozilla

[2011/05/24 19:39:59 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Real

[2012/02/21 01:27:34 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Spotify

[2010/11/29 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Wave Systems Corp

< %APPDATA%\*.exe /s >

[2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe

[2011/03/13 11:24:52 | 000,079,367 | ---- | M] () -- C:\Users\mhsu\AppData\Roaming\Google\Google Talk\uninstall.exe

[2010/12/25 19:48:00 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\mhsu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012/01/25 18:25:57 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Users\mhsu\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.01\rnupgagent.exe

[2012/01/24 10:02:17 | 004,027,056 | ---- | M] (Spotify Ltd) -- C:\Users\mhsu\AppData\Roaming\Spotify\spotify.exe

[2012/01/30 12:48:36 | 018,354,768 | ---- | M] (Spotify Ltd) -- C:\Users\mhsu\AppData\Roaming\Spotify\Spotify_new.exe

[2011/11/22 22:14:35 | 000,090,044 | ---- | M] () -- C:\Users\mhsu\AppData\Roaming\Spotify\Uninstall.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys

[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: BEEP.SYS >

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\ERDNT\cache\beep.sys

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys

[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >

[2010/03/03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Drivers\storage\R268418\iaStor.sys

[2010/03/03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys

[2010/03/03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys

[2010/03/03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_ef709da8ed3a7ddf\iaStor.sys

< MD5 for: IASTORV.SYS >

[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011/03/11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >

[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: THEMEUI.DLL >

[2010/11/20 07:21:30 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=5992A9DF57FD5E6960FDCC2DB69867F7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7601.17514_none_8706005e79c34246\themeui.dll

[2009/07/13 20:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\System32\themeui.dll

[2009/07/13 20:16:16 | 002,755,072 | ---- | M] (Microsoft Corporation) MD5=BA25800813148F910A600B6DE1F78B2B -- C:\Windows\winsxs\x86_microsoft-windows-themeui_31bf3856ad364e35_6.1.7600.16385_none_84d4ec967cd4beac\themeui.dll

< MD5 for: USERINIT.EXE >

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll

[2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll

[2011/11/04 23:34:00 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< End of report >

Thank you!

Share this post


Link to post
Share on other sites

Next, I suggest you run Windows' System File checker.

To get an elevated command prompt, do the following:

Press the Start key:

in the text box at bottom, type in

cmd

when it shows a black icon with cmd.exe, move the mouse over it and do a RIGHT-Click, select Run as Administrator.

If you are prompted for an administrator password or for a confirmation, type the password, OR click Allow.

Next, you will see a black box window (command prompt)

it should show "c:\Windows\system32>

there type in sfc /scannow and press ENTER key

It will say Beginning system scan. This process will take some time.

Let it run and observe it from time to time.

I need to know what message you see when it is done.

P.s. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

Share this post


Link to post
Share on other sites

The scan was pretty quick, the message was:

"Windows Resource Protection did not find any integrity violations."

Thanks.

Share this post


Link to post
Share on other sites

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Share this post


Link to post
Share on other sites

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Safe mode with network support

User: mhsu [Admin rights]

Mode: Scan -- Date: 02/23/2012 22:46:51

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Spotify ("C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-278053664-2185810746-1395160328-7715[...]\Run : Spotify ("C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.seeconline.org:3128) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

94.63.147.16 www.google.com

94.63.147.17 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] dbdc834ccc86c171514943d937cf5f4c

[bSP] a49ea1d6f3f59a2fb9b94dc5e86227a9 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 382362b779f5f1bf917869bad68d6813

[bSP] ef939c1dac17887f823c287188b62de9 : PiHar MBR Code!

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 382362b779f5f1bf917869bad68d6813

[bSP] ef939c1dac17887f823c287188b62de9 : PiHar MBR Code!

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Thank you!

Share this post


Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for goatness only. If you are a casual viewer, do NOT try this on your system!

If you are not goatness and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Given you are running Windows 7, please remember that on most all tools you'll need to start them by Right-clicking, selecting Run as Administrator, AND allowing them to run at UAC prompt!

Let's have you run some additional diagnostic tools. Do as much as you can:

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :Commands
    [resethosts]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Go to Start button > Select RUN > type in

CMD

and press Enter-key

Copy and Paste or type the exact (entire) contents of Code box

ipconfig /flushdns

and press Enter-key

Close Command prompt window

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have (if you have).
  • Download TDSSKiller and save it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

Close all non-essential programs & windows that you have open.

Go here and download & SAVE Silent Runners.vbs (use IE to download it) to a new folder on your drive and run it. It generates a log too {name will start with "Startup Programs". It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your AV queries the script, allow it to run. It's not malicious. It simply generates a report on your system, and does not do any cleanup.

Step 7

Reply with copy of contents of aswmbr log,

the TDSSKILLER log,

the GMER log,

the Silent Runners log,

also provide an update on current status (eg, are things better, or are you still in Safe Mode with Networking)

Share this post


Link to post
Share on other sites

Hi, I have performed several of the steps, but since ARK may take 'infinite' time, I will have to perform it later as I will be unable to keep a laptop plugged in. I will try to have it done tonight when I am settled, but should definitely respond with all the logs tomorrow. Thanks for the help thus far, the scans so far have detected and eliminated some rootkits.

Share this post


Link to post
Share on other sites

<kibbitz>

I used the term "infinite patience". That didn't mean that any one tool would take infinite time. I'll look forward to your posting the logs, which you can do as each one is done.

Cheers.

Share this post


Link to post
Share on other sites

Here are some of the logs, I will finish the steps by the end of the weekend...my computer was able to boot up normally! The BSOD is gone!

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_150400

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-02-24 15:13:59

-----------------------------

15:13:59.708 OS Version: Windows 6.1.7600

15:13:59.708 Number of processors: 4 586 0x2505

15:13:59.709 ComputerName: ES-E5410-1 UserName: mhsu

15:14:03.384 Initialize success

15:20:02.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:20:02.535 Disk 0 Vendor: ST916031 D005 Size: 152627MB BusType: 3

15:20:02.537 Disk 0 MBR read successfully

15:20:02.540 Disk 0 MBR scan

15:20:02.542 Disk 0 TDL4@MBR code has been found

15:20:02.544 Disk 0 MBR hidden

15:20:02.548 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

15:20:02.564 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

15:20:02.608 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137586 MB offset 30801920

15:20:02.612 Disk 0 MBR [TDL4] **ROOTKIT**

15:20:02.615 Scan finished successfully

15:20:23.125 Disk 0 MBR has been saved successfully to "C:\Users\mhsu\Desktop\MBR.dat"

15:20:23.126 The log file has been saved successfully to "C:\Users\mhsu\Desktop\aswMBR.txt"

15:24:56.0229 2996 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49

15:24:58.0257 2996 ============================================================

15:24:58.0257 2996 Current date / time: 2012/02/24 15:24:58.0257

15:24:58.0257 2996 SystemInfo:

15:24:58.0257 2996

15:24:58.0257 2996 OS Version: 6.1.7600 ServicePack: 0.0

15:24:58.0257 2996 Product type: Workstation

15:24:58.0257 2996 ComputerName: ES-E5410-1

15:24:58.0257 2996 UserName: mhsu

15:24:58.0257 2996 Windows directory: C:\Windows

15:24:58.0257 2996 System windows directory: C:\Windows

15:24:58.0257 2996 Processor architecture: Intel x86

15:24:58.0257 2996 Number of processors: 4

15:24:58.0257 2996 Page size: 0x1000

15:24:58.0257 2996 Boot type: Safe boot with network

15:24:58.0257 2996 ============================================================

15:24:58.0834 2996 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:24:58.0850 2996 \Device\Harddisk0\DR0:

15:24:58.0850 2996 MBR used

15:24:58.0850 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000

15:24:58.0850 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0

15:24:58.0881 2996 Initialize success

15:24:58.0881 2996 ============================================================

15:25:24.0325 1080 ============================================================

15:25:24.0325 1080 Scan started

15:25:24.0325 1080 Mode: Manual; SigCheck; TDLFS;

15:25:24.0325 1080 ============================================================

15:25:27.0148 1080 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys

15:25:27.0273 1080 1394ohci - ok

15:25:27.0429 1080 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys

15:25:27.0601 1080 Acceler - ok

15:25:27.0757 1080 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

15:25:27.0772 1080 ACPI - ok

15:25:27.0881 1080 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

15:25:27.0959 1080 AcpiPmi - ok

15:25:28.0084 1080 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

15:25:28.0100 1080 adp94xx - ok

15:25:28.0162 1080 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

15:25:28.0178 1080 adpahci - ok

15:25:28.0209 1080 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

15:25:28.0209 1080 adpu320 - ok

15:25:28.0349 1080 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

15:25:28.0412 1080 AFD - ok

15:25:28.0427 1080 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

15:25:28.0443 1080 agp440 - ok

15:25:28.0521 1080 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

15:25:28.0537 1080 aic78xx - ok

15:25:28.0630 1080 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

15:25:28.0630 1080 aliide - ok

15:25:28.0677 1080 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

15:25:28.0693 1080 amdagp - ok

15:25:28.0739 1080 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

15:25:28.0739 1080 amdide - ok

15:25:28.0817 1080 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

15:25:28.0864 1080 AmdK8 - ok

15:25:28.0895 1080 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

15:25:28.0942 1080 AmdPPM - ok

15:25:29.0051 1080 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

15:25:29.0051 1080 amdsata - ok

15:25:29.0083 1080 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

15:25:29.0098 1080 amdsbs - ok

15:25:29.0145 1080 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

15:25:29.0161 1080 amdxata - ok

15:25:29.0239 1080 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys

15:25:29.0254 1080 ApfiltrService - ok

15:25:29.0317 1080 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

15:25:29.0441 1080 AppID - ok

15:25:29.0691 1080 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

15:25:29.0707 1080 arc - ok

15:25:29.0722 1080 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

15:25:29.0722 1080 arcsas - ok

15:25:29.0800 1080 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

15:25:29.0925 1080 AsyncMac - ok

15:25:30.0081 1080 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

15:25:30.0081 1080 atapi - ok

15:25:30.0253 1080 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

15:25:30.0331 1080 b06bdrv - ok

15:25:30.0440 1080 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys

15:25:30.0455 1080 b57nd60x - ok

15:25:30.0565 1080 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys

15:25:30.0565 1080 BCM42RLY - ok

15:25:30.0705 1080 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys

15:25:30.0830 1080 BCM43XX - ok

15:25:31.0001 1080 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

15:25:31.0048 1080 Beep - ok

15:25:31.0173 1080 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

15:25:31.0220 1080 blbdrive - ok

15:25:31.0282 1080 Blfp (8b9f91def5dbfb4f9b700db51e0d00cc) C:\Windows\system32\DRIVERS\basp.sys

15:25:31.0345 1080 Blfp - ok

15:25:31.0547 1080 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

15:25:31.0594 1080 bowser - ok

15:25:31.0672 1080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:25:31.0703 1080 BrFiltLo - ok

15:25:31.0735 1080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:25:31.0781 1080 BrFiltUp - ok

15:25:31.0906 1080 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

15:25:31.0969 1080 BridgeMP - ok

15:25:32.0109 1080 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

15:25:32.0156 1080 Brserid - ok

15:25:32.0187 1080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

15:25:32.0234 1080 BrSerWdm - ok

15:25:32.0296 1080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:25:32.0343 1080 BrUsbMdm - ok

15:25:32.0359 1080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

15:25:32.0390 1080 BrUsbSer - ok

15:25:32.0421 1080 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

15:25:32.0452 1080 BTHMODEM - ok

15:25:32.0608 1080 catchme - ok

15:25:32.0764 1080 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

15:25:32.0811 1080 cdfs - ok

15:25:32.0920 1080 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

15:25:32.0951 1080 cdrom - ok

15:25:33.0076 1080 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

15:25:33.0217 1080 circlass - ok

15:25:33.0295 1080 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

15:25:33.0310 1080 CLFS - ok

15:25:33.0482 1080 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

15:25:33.0513 1080 CmBatt - ok

15:25:33.0575 1080 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

15:25:33.0575 1080 cmdide - ok

15:25:33.0653 1080 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

15:25:33.0700 1080 CNG - ok

15:25:33.0809 1080 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

15:25:33.0809 1080 Compbatt - ok

15:25:33.0856 1080 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:25:33.0887 1080 CompositeBus - ok

15:25:33.0919 1080 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

15:25:33.0934 1080 crcdisk - ok

15:25:34.0028 1080 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

15:25:34.0090 1080 CSC - ok

15:25:34.0168 1080 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

15:25:34.0199 1080 DfsC - ok

15:25:34.0262 1080 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

15:25:34.0309 1080 discache - ok

15:25:34.0402 1080 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

15:25:34.0402 1080 Disk - ok

15:25:34.0480 1080 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

15:25:34.0511 1080 drmkaud - ok

15:25:34.0574 1080 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

15:25:34.0605 1080 DXGKrnl - ok

15:25:34.0730 1080 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

15:25:34.0901 1080 ebdrv - ok

15:25:34.0979 1080 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

15:25:35.0011 1080 elxstor - ok

15:25:35.0057 1080 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

15:25:35.0089 1080 ErrDev - ok

15:25:35.0151 1080 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

15:25:35.0182 1080 exfat - ok

15:25:35.0245 1080 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

15:25:35.0291 1080 fastfat - ok

15:25:35.0385 1080 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

15:25:35.0416 1080 fdc - ok

15:25:35.0463 1080 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

15:25:35.0463 1080 FileInfo - ok

15:25:35.0494 1080 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

15:25:35.0572 1080 Filetrace - ok

15:25:35.0603 1080 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

15:25:35.0635 1080 flpydisk - ok

15:25:35.0713 1080 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

15:25:35.0728 1080 FltMgr - ok

15:25:35.0791 1080 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

15:25:35.0806 1080 FsDepends - ok

15:25:35.0884 1080 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

15:25:35.0884 1080 Fs_Rec - ok

15:25:35.0947 1080 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

15:25:35.0962 1080 fvevol - ok

15:25:36.0040 1080 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:25:36.0056 1080 gagp30kx - ok

15:25:36.0149 1080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:25:36.0149 1080 GEARAspiWDM - ok

15:25:36.0259 1080 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

15:25:36.0305 1080 hcw85cir - ok

15:25:36.0368 1080 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:25:36.0399 1080 HDAudBus - ok

15:25:36.0430 1080 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys

15:25:36.0493 1080 HECI - ok

15:25:36.0539 1080 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

15:25:36.0539 1080 HidBatt - ok

15:25:36.0586 1080 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

15:25:36.0617 1080 HidBth - ok

15:25:36.0649 1080 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

15:25:36.0680 1080 HidIr - ok

15:25:36.0836 1080 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

15:25:36.0898 1080 HidUsb - ok

15:25:36.0976 1080 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:25:36.0992 1080 HpSAMD - ok

15:25:37.0070 1080 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

15:25:37.0132 1080 HTTP - ok

15:25:37.0179 1080 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

15:25:37.0179 1080 hwpolicy - ok

15:25:37.0241 1080 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

15:25:37.0288 1080 i8042prt - ok

15:25:37.0366 1080 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys

15:25:37.0382 1080 iaStor - ok

15:25:37.0475 1080 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

15:25:37.0491 1080 iaStorV - ok

15:25:37.0725 1080 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys

15:25:38.0021 1080 igfx - ok

15:25:38.0131 1080 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

15:25:38.0131 1080 iirsp - ok

15:25:38.0162 1080 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys

15:25:38.0224 1080 Impcd - ok

15:25:38.0287 1080 IntcDAud (af6d1e38bce11daba4c01d6a6de94410) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:25:38.0349 1080 IntcDAud - ok

15:25:38.0380 1080 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

15:25:38.0380 1080 intelide - ok

15:25:38.0489 1080 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

15:25:38.0552 1080 intelppm - ok

15:25:38.0614 1080 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:25:38.0661 1080 IpFilterDriver - ok

15:25:38.0708 1080 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:25:38.0739 1080 IPMIDRV - ok

15:25:38.0801 1080 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

15:25:38.0848 1080 IPNAT - ok

15:25:38.0879 1080 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

15:25:38.0957 1080 IRENUM - ok

15:25:39.0020 1080 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

15:25:39.0020 1080 isapnp - ok

15:25:39.0067 1080 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

15:25:39.0082 1080 iScsiPrt - ok

15:25:39.0176 1080 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:25:39.0176 1080 kbdclass - ok

15:25:39.0269 1080 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

15:25:39.0301 1080 kbdhid - ok

15:25:39.0363 1080 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

15:25:39.0379 1080 KSecDD - ok

15:25:39.0425 1080 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

15:25:39.0425 1080 KSecPkg - ok

15:25:39.0550 1080 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

15:25:39.0613 1080 lltdio - ok

15:25:39.0737 1080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:25:39.0753 1080 LSI_FC - ok

15:25:39.0784 1080 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:25:39.0800 1080 LSI_SAS - ok

15:25:39.0847 1080 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:25:39.0862 1080 LSI_SAS2 - ok

15:25:39.0878 1080 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:25:39.0893 1080 LSI_SCSI - ok

15:25:39.0987 1080 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

15:25:40.0049 1080 luafv - ok

15:25:40.0205 1080 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

15:25:40.0205 1080 megasas - ok

15:25:40.0299 1080 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

15:25:40.0315 1080 MegaSR - ok

15:25:40.0471 1080 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

15:25:40.0533 1080 Modem - ok

15:25:40.0627 1080 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

15:25:40.0658 1080 monitor - ok

15:25:40.0751 1080 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

15:25:40.0751 1080 mouclass - ok

15:25:40.0829 1080 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

15:25:40.0861 1080 mouhid - ok

15:25:40.0923 1080 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

15:25:40.0923 1080 mountmgr - ok

15:25:41.0048 1080 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

15:25:41.0063 1080 MpFilter - ok

15:25:41.0141 1080 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

15:25:41.0157 1080 mpio - ok

15:25:41.0313 1080 MpKsl09281dd6 - ok

15:25:41.0375 1080 MpKsl1421d255 - ok

15:25:41.0469 1080 MpKsl16e26d17 - ok

15:25:41.0469 1080 MpKsl1b82f2a0 - ok

15:25:41.0563 1080 MpKsl37e0fe2b - ok

15:25:41.0594 1080 MpKsl6dc19cc6 - ok

15:25:41.0609 1080 MpKsl72bb9f19 - ok

15:25:41.0656 1080 MpKsla7f0cc5e - ok

15:25:41.0781 1080 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

15:25:41.0781 1080 MpNWMon - ok

15:25:41.0843 1080 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

15:25:42.0015 1080 mpsdrv - ok

15:25:42.0109 1080 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

15:25:42.0140 1080 MRxDAV - ok

15:25:42.0218 1080 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:25:42.0265 1080 mrxsmb - ok

15:25:42.0311 1080 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:25:42.0343 1080 mrxsmb10 - ok

15:25:42.0389 1080 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:25:42.0389 1080 mrxsmb20 - ok

15:25:42.0436 1080 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys

15:25:42.0452 1080 msahci - ok

15:25:42.0530 1080 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

15:25:42.0545 1080 msdsm - ok

15:25:42.0577 1080 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

15:25:42.0608 1080 Msfs - ok

15:25:42.0639 1080 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

15:25:42.0670 1080 mshidkmdf - ok

15:25:42.0748 1080 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

15:25:42.0764 1080 msisadrv - ok

15:25:42.0842 1080 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

15:25:42.0889 1080 MSKSSRV - ok

15:25:42.0920 1080 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

15:25:42.0967 1080 MSPCLOCK - ok

15:25:43.0013 1080 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

15:25:43.0060 1080 MSPQM - ok

15:25:43.0107 1080 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

15:25:43.0123 1080 MsRPC - ok

15:25:43.0154 1080 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

15:25:43.0169 1080 mssmbios - ok

15:25:43.0232 1080 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

15:25:43.0279 1080 MSTEE - ok

15:25:43.0388 1080 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

15:25:43.0419 1080 MTConfig - ok

15:25:43.0450 1080 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

15:25:43.0450 1080 Mup - ok

15:25:43.0528 1080 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

15:25:43.0575 1080 NativeWifiP - ok

15:25:43.0653 1080 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

15:25:43.0669 1080 NDIS - ok

15:25:43.0762 1080 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

15:25:43.0809 1080 NdisCap - ok

15:25:43.0871 1080 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

15:25:43.0918 1080 NdisTapi - ok

15:25:43.0965 1080 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

15:25:44.0012 1080 Ndisuio - ok

15:25:44.0059 1080 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

15:25:44.0090 1080 NdisWan - ok

15:25:44.0137 1080 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

15:25:44.0168 1080 NDProxy - ok

15:25:44.0246 1080 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

15:25:44.0293 1080 NetBIOS - ok

15:25:44.0339 1080 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

15:25:44.0402 1080 NetBT - ok

15:25:44.0511 1080 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

15:25:44.0511 1080 nfrd960 - ok

15:25:44.0605 1080 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:25:44.0620 1080 NisDrv - ok

15:25:44.0698 1080 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

15:25:44.0745 1080 Npfs - ok

15:25:44.0807 1080 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

15:25:44.0839 1080 nsiproxy - ok

15:25:44.0932 1080 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

15:25:44.0995 1080 Ntfs - ok

15:25:45.0010 1080 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

15:25:45.0057 1080 Null - ok

15:25:45.0135 1080 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

15:25:45.0151 1080 nvraid - ok

15:25:45.0182 1080 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

15:25:45.0197 1080 nvstor - ok

15:25:45.0275 1080 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

15:25:45.0291 1080 nv_agp - ok

15:25:45.0353 1080 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

15:25:45.0400 1080 ohci1394 - ok

15:25:45.0494 1080 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

15:25:45.0541 1080 Parport - ok

15:25:45.0587 1080 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

15:25:45.0587 1080 partmgr - ok

15:25:45.0650 1080 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

15:25:45.0681 1080 Parvdm - ok

15:25:45.0743 1080 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

15:25:45.0743 1080 PBADRV - ok

15:25:45.0821 1080 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

15:25:45.0837 1080 pci - ok

15:25:45.0853 1080 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

15:25:45.0868 1080 pciide - ok

15:25:45.0931 1080 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

15:25:45.0946 1080 pcmcia - ok

15:25:45.0993 1080 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

15:25:46.0009 1080 pcw - ok

15:25:46.0040 1080 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

15:25:46.0102 1080 PEAUTH - ok

15:25:46.0180 1080 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

15:25:46.0227 1080 PptpMiniport - ok

15:25:46.0274 1080 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

15:25:46.0305 1080 Processor - ok

15:25:46.0399 1080 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

15:25:46.0461 1080 Psched - ok

15:25:46.0508 1080 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

15:25:46.0570 1080 ql2300 - ok

15:25:46.0586 1080 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

15:25:46.0601 1080 ql40xx - ok

15:25:46.0664 1080 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

15:25:46.0664 1080 QWAVEdrv - ok

15:25:46.0695 1080 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

15:25:46.0742 1080 RasAcd - ok

15:25:46.0773 1080 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:25:46.0820 1080 RasAgileVpn - ok

15:25:46.0867 1080 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:25:46.0929 1080 Rasl2tp - ok

15:25:46.0976 1080 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

15:25:47.0038 1080 RasPppoe - ok

15:25:47.0069 1080 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

15:25:47.0101 1080 RasSstp - ok

15:25:47.0132 1080 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

15:25:47.0163 1080 rdbss - ok

15:25:47.0210 1080 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

15:25:47.0257 1080 rdpbus - ok

15:25:47.0303 1080 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:25:47.0335 1080 RDPCDD - ok

15:25:47.0366 1080 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

15:25:47.0428 1080 RDPDR - ok

15:25:47.0537 1080 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

15:25:47.0584 1080 RDPENCDD - ok

15:25:47.0615 1080 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

15:25:47.0662 1080 RDPREFMP - ok

15:25:47.0709 1080 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

15:25:47.0740 1080 RDPWD - ok

15:25:47.0834 1080 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

15:25:47.0834 1080 rdyboost - ok

15:25:47.0896 1080 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys

15:25:47.0943 1080 rimspci - ok

15:25:47.0974 1080 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys

15:25:48.0021 1080 risdpcie - ok

15:25:48.0068 1080 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys

15:25:48.0083 1080 rixdpcie - ok

15:25:48.0193 1080 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

15:25:48.0224 1080 rspndr - ok

15:25:48.0271 1080 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

15:25:48.0333 1080 s3cap - ok

15:25:48.0395 1080 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

15:25:48.0395 1080 sbp2port - ok

15:25:48.0489 1080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

15:25:48.0520 1080 scfilter - ok

15:25:48.0629 1080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:25:48.0676 1080 secdrv - ok

15:25:48.0739 1080 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

15:25:48.0754 1080 Serenum - ok

15:25:48.0817 1080 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

15:25:48.0848 1080 Serial - ok

15:25:48.0895 1080 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

15:25:48.0895 1080 sermouse - ok

15:25:48.0957 1080 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

15:25:48.0988 1080 sffdisk - ok

15:25:49.0004 1080 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:25:49.0035 1080 sffp_mmc - ok

15:25:49.0066 1080 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:25:49.0066 1080 sffp_sd - ok

15:25:49.0097 1080 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

15:25:49.0113 1080 sfloppy - ok

15:25:49.0129 1080 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

15:25:49.0144 1080 sisagp - ok

15:25:49.0269 1080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:25:49.0285 1080 SiSRaid2 - ok

15:25:49.0300 1080 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

15:25:49.0316 1080 SiSRaid4 - ok

15:25:49.0378 1080 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

15:25:49.0425 1080 Smb - ok

15:25:49.0831 1080 SNP2STD (ecc9293ffa708e0bb552fe9a84d6a300) C:\Windows\system32\DRIVERS\snp2sxp.sys

15:25:50.0236 1080 SNP2STD - ok

15:25:50.0361 1080 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

15:25:50.0361 1080 spldr - ok

15:25:50.0439 1080 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

15:25:50.0470 1080 srv - ok

15:25:50.0533 1080 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

15:25:50.0564 1080 srv2 - ok

15:25:50.0611 1080 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

15:25:50.0626 1080 srvnet - ok

15:25:50.0767 1080 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys

15:25:50.0782 1080 stdflt - ok

15:25:50.0845 1080 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

15:25:50.0860 1080 stexstor - ok

15:25:50.0954 1080 STHDA (698e186ac2df982b2d26428428155de1) C:\Windows\system32\DRIVERS\stwrt.sys

15:25:51.0016 1080 STHDA - ok

15:25:51.0063 1080 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

15:25:51.0079 1080 storflt - ok

15:25:51.0094 1080 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

15:25:51.0125 1080 storvsc - ok

15:25:51.0188 1080 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

15:25:51.0203 1080 swenum - ok

15:25:51.0297 1080 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

15:25:51.0359 1080 Tcpip - ok

15:25:51.0437 1080 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

15:25:51.0469 1080 TCPIP6 - ok

15:25:51.0531 1080 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

15:25:51.0578 1080 tcpipreg - ok

15:25:51.0593 1080 tcuoowsq - ok

15:25:51.0640 1080 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

15:25:51.0671 1080 TDPIPE - ok

15:25:51.0703 1080 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

15:25:51.0749 1080 TDTCP - ok

15:25:51.0812 1080 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

15:25:51.0874 1080 tdx - ok

15:25:51.0905 1080 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

15:25:51.0905 1080 TermDD - ok

15:25:51.0999 1080 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:25:52.0046 1080 tssecsrv - ok

15:25:52.0108 1080 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

15:25:52.0155 1080 tunnel - ok

15:25:52.0186 1080 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

15:25:52.0186 1080 uagp35 - ok

15:25:52.0264 1080 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys

15:25:52.0295 1080 udfs - ok

15:25:52.0358 1080 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:25:52.0373 1080 uliagpkx - ok

15:25:52.0451 1080 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

15:25:52.0483 1080 umbus - ok

15:25:52.0545 1080 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

15:25:52.0561 1080 UmPass - ok

15:25:52.0623 1080 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

15:25:52.0685 1080 USBAAPL - ok

15:25:52.0810 1080 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

15:25:52.0841 1080 usbaudio - ok

15:25:52.0919 1080 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys

15:25:52.0935 1080 usbccgp - ok

15:25:52.0997 1080 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

15:25:53.0013 1080 usbcir - ok

15:25:53.0060 1080 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys

15:25:53.0075 1080 usbehci - ok

15:25:53.0153 1080 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys

15:25:53.0200 1080 usbhub - ok

15:25:53.0325 1080 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys

15:25:53.0372 1080 usbohci - ok

15:25:53.0497 1080 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

15:25:53.0528 1080 usbprint - ok

15:25:53.0606 1080 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

15:25:53.0637 1080 usbscan - ok

15:25:53.0699 1080 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:25:53.0762 1080 USBSTOR - ok

15:25:53.0871 1080 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys

15:25:53.0887 1080 usbuhci - ok

15:25:53.0949 1080 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

15:25:53.0965 1080 usb_rndisx - ok

15:25:54.0027 1080 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:25:54.0043 1080 vdrvroot - ok

15:25:54.0058 1080 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

15:25:54.0105 1080 vga - ok

15:25:54.0152 1080 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

15:25:54.0183 1080 VgaSave - ok

15:25:54.0245 1080 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

15:25:54.0261 1080 vhdmp - ok

15:25:54.0355 1080 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

15:25:54.0386 1080 viaagp - ok

15:25:54.0433 1080 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

15:25:54.0464 1080 ViaC7 - ok

15:25:54.0511 1080 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

15:25:54.0526 1080 viaide - ok

15:25:54.0557 1080 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

15:25:54.0573 1080 vmbus - ok

15:25:54.0635 1080 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

15:25:54.0635 1080 VMBusHID - ok

15:25:54.0698 1080 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

15:25:54.0698 1080 volmgr - ok

15:25:54.0729 1080 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

15:25:54.0745 1080 volmgrx - ok

15:25:54.0791 1080 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

15:25:54.0807 1080 volsnap - ok

15:25:54.0885 1080 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

15:25:54.0901 1080 vsmraid - ok

15:25:54.0916 1080 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

15:25:54.0963 1080 vwifibus - ok

15:25:54.0994 1080 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

15:25:55.0010 1080 vwififlt - ok

15:25:55.0072 1080 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

15:25:55.0088 1080 vwifimp - ok

15:25:55.0337 1080 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys

15:25:55.0447 1080 VX6000 - ok

15:25:55.0571 1080 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

15:25:55.0587 1080 WacomPen - ok

15:25:55.0681 1080 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

15:25:55.0743 1080 WANARP - ok

15:25:55.0743 1080 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

15:25:55.0774 1080 Wanarpv6 - ok

15:25:55.0930 1080 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys

15:25:55.0961 1080 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning

15:25:55.0961 1080 WavxDMgr - detected UnsignedFile.Multi.Generic (1)

15:25:56.0039 1080 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

15:25:56.0055 1080 Wd - ok

15:25:56.0117 1080 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

15:25:56.0149 1080 Wdf01000 - ok

15:25:56.0227 1080 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

15:25:56.0258 1080 WfpLwf - ok

15:25:56.0305 1080 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

15:25:56.0320 1080 WIMMount - ok

15:25:56.0507 1080 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys

15:25:56.0570 1080 WinUsb - ok

15:25:56.0663 1080 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:25:56.0695 1080 WmiAcpi - ok

15:25:56.0757 1080 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

15:25:56.0819 1080 ws2ifsl - ok

15:25:56.0960 1080 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys

15:25:56.0975 1080 WudfPf - ok

15:25:57.0053 1080 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:25:57.0085 1080 WUDFRd - ok

15:25:57.0256 1080 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

15:25:57.0287 1080 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

15:25:57.0287 1080 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

15:25:57.0350 1080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

15:25:57.0350 1080 \Device\Harddisk0\DR0 - detected TDSS File System (1)

15:25:57.0397 1080 Boot (0x1200) (e6770bc84d46a6f735f1749946058e02) \Device\Harddisk0\DR0\Partition0

15:25:57.0412 1080 \Device\Harddisk0\DR0\Partition0 - ok

15:25:57.0428 1080 Boot (0x1200) (48828941207369cc391da89b3c4a78c9) \Device\Harddisk0\DR0\Partition1

15:25:57.0428 1080 \Device\Harddisk0\DR0\Partition1 - ok

15:25:57.0428 1080 ============================================================

15:25:57.0428 1080 Scan finished

15:25:57.0428 1080 ============================================================

15:25:57.0475 2760 Detected object count: 3

15:25:57.0475 2760 Actual detected object count: 3

15:26:54.0228 2760 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user

15:26:54.0228 2760 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:26:54.0384 2760 \Device\Harddisk0\DR0\# - copied to quarantine

15:26:54.0384 2760 \Device\Harddisk0\DR0 - copied to quarantine

15:26:54.0508 2760 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

15:26:54.0524 2760 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

15:26:54.0524 2760 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

15:26:54.0555 2760 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

15:26:54.0586 2760 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

15:26:54.0633 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

15:26:54.0633 2760 \Device\Harddisk0\DR0 - ok

15:26:54.0696 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

15:26:54.0696 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

15:26:54.0696 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

15:26:58.0767 3692 Deinitialize success

Share this post


Link to post
Share on other sites

I am happy to know that you can run in Normal mode ! :) Please do understand that there is a lot more to do.

The TDSSKILLER log squashed a rootkit, but we will need some more diagnosis.

I am looking for the Gmer run & log & the results from Silent Runners.

also, enforce a quarantine on this pc --- no websurfing, only go to this forum & the sites I guide you to. :excl:

Share this post


Link to post
Share on other sites

Here is the ARK log, will do the last scan now:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-28 19:24:00

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.D005

Running: 9nebzd2r.exe; Driver: C:\Users\mhsu\AppData\Local\Temp\agdiqpow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8F5D9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!LdrLoadDll 7700F425 5 Bytes JMP 00E01410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe[3804] USER32.dll!GetLastInputInfo + 13 77126D67 4 Bytes [80, 2B, 4F, 02]

.text C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe[5400] ntdll.dll!DbgBreakPoint 76FE3258 1 Byte [C3]

.text C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe[5400] ntdll.dll!DbgUiRemoteBreakin 7704D5CB 5 Bytes JMP 770137A9 C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!SetWindowLongA 7711B1E3 5 Bytes JMP 5D198DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!SetWindowLongW 77126614 5 Bytes JMP 5D198D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!GetWindowInfo 77126A82 5 Bytes JMP 5CFC7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!TrackPopupMenu 77144B3B 5 Bytes JMP 5CFC7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[7360] kernel32.dll!SetUnhandledExceptionFilter 767C30E2 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Thanks!

Share this post


Link to post
Share on other sites

Here is the silent runner log:

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/

Operating System: Windows 7

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"F.lux" = ""C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe" /noshow" [null data]

"googletalk" = "C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart" ["Google"]

"Spotify" = ""C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart" ["Spotify Ltd"]

"Google Update" = ""C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"FlashPlayerUpdate" = "C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Apoint" = "C:\Program Files\DellTPad\Apoint.exe" ["Alps Electric Co., Ltd."]

"SysTrayApp" = "C:\Program Files\IDT\WDM\sttray.exe"

"IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"]

"Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"]

"Broadcom Wireless Manager UI" = "C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe" ["Dell Inc."]

"WavXMgr" = "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" ["Wave Systems Corp."]

"USCService" = "C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [null data]

"PDVDDXSrv" = ""C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"" ["CyberLink Corp."]

"DBRMTray" = "C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe" [null data]

"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]

"VX6000" = "C:\Windows\vVX6000.exe" ["Microsoft Corporation "]

"LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS]

"TkBellExe" = ""C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."]

"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]

"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]

"Windows Mobile Device Center" = "C:\Windows\WindowsMobile\wmdc.exe"

"CanonMyPrinter" = "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ["CANON INC."]

"MSC" = ""c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey" [MS]

"snp2std" = "C:\Windows\vsnp2std.exe" ["Sonix"]

"gidle" = ""C:\Program Files\gAlwaysIdle\gidle.exe"" [null data]

"dplaysvr" = "C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [file not found]

"Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

"DBRMTray" = "C:\Dell\DBRM\Reminder\TrayApp.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub"

-> {HKLM...CLSID} = "Adobe PDF Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"]

{3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided)

-> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer"

\InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper"

-> {HKLM...CLSID} = "Search Helper"

\InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Windows Live ID Sign-in Helper"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper"

\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

EnabledUnlockedFDEIconOverlay\(Default) = "{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"

-> {HKLM...CLSID} = "FdeInitIcon Class"

\InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll" ["Wave Systems Corp."]

UninitializedFdeIconOverlay\(Default) = "{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"

-> {HKLM...CLSID} = "FdeUninitIcon Class"

\InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll" ["Wave Systems Corp."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided)

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

"{09A47860-11B0-4DA5-AFA5-26D86198A780}" = "EPP"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

<<!>> "Userinit" = "C:\Windows\system32\userinit.exe,C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe," [MS], [null data]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\

<<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider"

-> {HKLM...CLSID} = "WLIDCredentialProvider"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS]

<<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS]

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"

-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"

-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"

\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

<<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}"

-> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS]

<<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}"

-> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

EncryptDocMgr\(Default) = "{52C70C7B-98B9-4626-8BD0-4D00FF028488}"

-> {HKLM...CLSID} = "EncryptMenuItem Class"

\InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll" ["Wave Systems Corp."]

EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EncryptDocMgr\(Default) = "{52C70C7B-98B9-4626-8BD0-4D00FF028488}"

-> {HKLM...CLSID} = "EncryptMenuItem Class"

\InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll" ["Wave Systems Corp."]

EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"

-> {HKLM...CLSID} = "GraphicsShellExt Class"

\InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"

-> {HKLM...CLSID} = "MBAMShlExt Class"

\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Default executables:

--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

"NoDrives" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

HKCU\Software\Policies\Microsoft\Windows\System\

"ExcludeProfileDirs" = (REG_SZ) History; Local Settings;Temp; Temporary Internet Files;My Documents\My Music

{unrecognized setting}

"GroupPolicyRefreshTime" = (REG_DWORD) dword:0x0000003C

{unrecognized setting}

"GroupPolicyRefreshTimeOffset" = (REG_DWORD) dword:0x00000042

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

User Account Control: Switch to the secure desktop when prompting for elevation}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Users\mhsu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CanonMPN20PictureOnArrival\

"Provider" = "MP Navigator Ver2.0"

"InvokeProgID" = "MPNavigator20.AutoplayHandler"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\MPNavigator20.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /AUTOPLAY %1" ["CANON INC."]

iTunesBurnCDOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.BurnCD"

"InvokeVerb" = "burn"

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ImportSongsOnCD"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.PlaySongsOnCD"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\

"Provider" = "iTunes"

"InvokeProgID" = "iTunes.ShowSongsOnCD"

"InvokeVerb" = "showsongs"

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSLivePhotoAcqHWEventHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "Microsoft.LivePhotoAcqHWEventHandler"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS]

MSLivePhotoAcquireDropHandler\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveShowPicturesOnArrival\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1"

"InvokeVerb" = "open"

HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}"

-> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS]

MSLiveVideoCameraArrivalCaptureWizard\

"Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10"

"ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler"

"InitCmdLine" = "WLXVideoAcquireWizard"

HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}"

-> {HKLM...CLSID} = "WLXWEventHandler Class"

\LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS]

PDVDDXPlayDVDMovieOnArrival\

"Provider" = "PowerDVD DX"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPDVDDX"

HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."]

PDVDDXPlaySuperVideoCDMovieOnArrival\

"Provider" = "PowerDVD DX"

"InvokeProgID" = "SVCD"

"InvokeVerb" = "PlayWithPDVDDX"

HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."]

PDVDDXPlayVideoCDMovieOnArrival\

"Provider" = "PowerDVD DX"

"InvokeProgID" = "VCD"

"InvokeVerb" = "PlayWithPDVDDX"

HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."]

RPCDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.CDBurn.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\

"Provider" = "RealPlayer"

"ProgID" = "RealPlayer.HWEventHandler"

HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"

-> {HKLM...CLSID} = "RealNetworks Scheduler"

\LocalServer32\(Default) = ""C:\Program Files\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPDVDBurningOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVDBurn.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AudioCD.6"

"InvokeVerb" = "play"

HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.DVD.6"

"InvokeVerb" = "play"

HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\

"Provider" = "RealPlayer"

"InvokeProgID" = "RealPlayer.AutoPlay.6"

"InvokeVerb" = "open"

HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]

WIA_{64103EF8-4CBE-47A3-A125-8C0C24B55083}\

"Provider" = "MP Navigator Ver2.0"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = "/WiaCmd;C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /StiDevice:%1 /StiEvent:%2;"

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS]

Startup items in "mhsu" & "All Users" startup folders:

------------------------------------------------------

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

"Dell System Manager" -> shortcut to: "C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe" ["Dell Inc."]

"McAfee Security Scan Plus" -> shortcut to: "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe" ["McAfee, Inc."]

"TdmNotify" -> shortcut to: "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe" ["Wave Systems Corp."]

Non-disabled Scheduled Tasks:

-----------------------------

C:\Users\mhsu\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

C:\Windows\System32\Tasks

"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]

"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

"GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715Core" -> launches: "C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]

"GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715UA" -> launches: "C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]

"JavaUpdateSched" -> launches: "%CommonProgramFiles%\Java\Java Update\jusched.exe" ["Sun Microsystems, Inc."]

"RealUpgradeLogonTaskS-1-5-21-278053664-2185810746-1395160328-500" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]

"RealUpgradeLogonTaskS-1-5-21-278053664-2185810746-1395160328-7715" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."]

"RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-500" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]

"RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."]

"{DBFE3B31-5192-43D0-BD01-C7DBC2883CD7}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\mhsu\Downloads\galwaysidlesetup.exe -d "C:\Program Files\Mozilla Firefox"" [MS]

C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware

"MP Scheduled Scan" -> (HIDDEN!) launches: "c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client

"AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}"

-> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience

"AitAgent" -> launches: "aitagent" [MS]

"ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk

"Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth

"UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient

"SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

"UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}"

-> {HKLM...CLSID} = "Certificate Services Client Task Handler"

\InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program

"Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS]

"KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}"

-> {HKLM...CLSID} = "KernelCeipCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS]

"UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}"

-> {HKLM...CLSID} = "UsbCeip"

\InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag

"ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis

"Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}"

-> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location

"Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance

"WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}"

-> {HKLM...CLSID} = "WinSAT Task Manger Task"

\InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center

"ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS]

"ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS]

"DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS]

"ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS]

"InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS]

"mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS]

"mcupdate_scheduled" -> launches: "%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" [MS]

"MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS]

"ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS]

"OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS]

"OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS]

"PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS]

"PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS]

"PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS]

"PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS]

"PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS]

"RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS]

"ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS]

"SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS]

"StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS]

"UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic

"CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"

-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

"DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}"

-> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC

"HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}"

-> {HKLM...CLSID} = "HotStart User Agent"

\InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI

"LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia

"SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}"

-> {HKLM...CLSID} = "Microsoft PlaySoundService Class"

\InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace

"GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics

"AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC

"RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}"

-> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler"

\InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras

"MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}"

-> {HKLM...CLSID} = "RasMobilityManager"

\InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry

"RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}"

-> {HKLM...CLSID} = "RegistryIdleBackupHandler"

\InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance

"RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow

"GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}"

-> {HKLM...CLSID} = "GadgetsManager Class"

\InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore

"SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager

"Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}"

-> {HKLM...CLSID} = "RunTask"

\InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip

"IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS]

"IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework

"MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}"

-> {HKLM...CLSID} = "MsCtfMonitor task handler"

\InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization

"SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP

"UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI

"ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}"

-> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler"

\InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies

"ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS]

"ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting

"QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform

"BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing

"UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup

"ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE

"Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}"

-> {HKLM...CLSID} = "Windows Live Social Object Extractor Engine Definition Updater"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\SOXE\wlsoxe.dll" [MS]

C:\Windows\System32\Tasks\WPD

"SqmUpload_S-1-5-21-278053664-2185810746-1395160328-7715" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS]

000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS]

000000000007\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]

000000000008\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS]

000000000009\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 36

Toolbars, Explorer Bars, Extensions:

------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\

"ButtonText" = "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004"

"MenuText" = "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003"

"CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}"

-> {HKLM...CLSID} = "BlogThisToolbarButton Class"

\InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-222"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-223"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\

"MenuText" = "Spybot - Search & Destroy Configuration"

"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"

-> {HKLM...CLSID} = "Spybot-S&D IE Protection"

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HOSTS file

----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,

2 of the IP addresses are *not* localhost!

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Andrea ST Filters Service, AESTFilters, "C:\Program Files\IDT\WDM\aestsrv.exe" ["Andrea Electronics Corporation"]

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]

Audio Service, STacSV, "C:\Program Files\IDT\WDM\STacSV.exe" ["IDT, Inc."]

AuthenTec Fingerprint Service, ATService, "C:\Program Files\Fingerprint Sensor\AtService.exe" ["AuthenTec, Inc."]

Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]

Broadcom Management Agent, BrcmMgmtAgent, ""C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service" ["Broadcom Corporation"]

Dell System Manager Service, dcpsysmgrsvc, ""c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe"" ["Dell Inc."]

DW WLAN Tray Service, wltrysvc, ""C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe"" ["Dell Inc."]

FF Install Filter Service, InstallFilterService, "C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe" [null data]

iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]

MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"]

MSCamSvc, MSCamSvc, ""C:\Program Files\Microsoft LifeCam\MSCamS32.exe"" [MS]

SBSD Security Center Service, SBSDWSCService, "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."]

SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS]

TdmService, TdmService, ""C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe"" ["Wave Systems Corp."]

Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS]

Windows Mobile-2003-based device connectivity, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]}

Windows Mobile-based device connectivity, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]}

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

BJ Language Monitor3_2\Driver = "CNBLM3_2.DLL" ["CANON INC."]

Canon BJ Language Monitor MP150\Driver = "CNMLM7K.DLL" ["CANON INC."]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

---------- (launch time: 2012-02-28 19:35:38)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 70 seconds, including 22 seconds for message boxes)

Thank you!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.