goatness
Honorary Members-
Posts
28 -
Joined
-
Last visited
Reputation
0 Neutral-
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
great, i have finished those steps. please let me know what to do next. -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
I am trying to perform the last step to tweak the trust exclusion in MBAM? I am around! Sorry, I was traveling this past weekend. Please let me know what to do, as always I very much appreciate the help. I am glad microsoft security essentials is running again. -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Also, how do I access AVG? Sorry if this is a stupid question, I am trying to do the last step. -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Hi, yes! I just finished the steps, and everything seems to be fine. Security essentials is up and running, and the google redirect hasnt been occuring at all. Is there anything else I should do? Thanks so much. -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
The system is fine, but I still cant turn on microsoft security essentials..should I download some other kind of software? The logs are attached, thank you! combolog314.txt RKreport-314.txt tsdkiller log.txt -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
I don't recall doing a bunch of research, how does it affect the system? Here are the logs, I attached the rest, it seemed too long to copy paste. Thanks as always. Results of screen317's Security Check version 0.99.31 Windows 7 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 McAfee Security Scan Plus Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy CCleaner Java™ 6 Update 31 Adobe Flash Player 11.1.102.55 Mozilla Firefox (10.0.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Microsoft Security Essentials msseces.exe ``````````End of Log```````````` log.txt info.txt -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
I deleted the folder. I couldn't find Microsoft Security Essentials in the entire list....?! everything available in both list is checked though I attached the file properly this time, thanks! -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
I updated Java. In kock was: 2WFEOGJG.txt GH3LNPGW.txt I attached the file list for the other folder, there were too many. My MSE wont start because it says 'it does not exist as an installed service?" thanks! -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Hi, here is the scan result: OTL logfile created on: 3/2/2012 10:46:49 AM - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\mhsu\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 43.08% Memory free 3.73 Gb Paging File | 2.04 Gb Available in Paging File | 54.61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 76.95 Gb Free Space | 57.27% Space Free | Partition Type: NTFS Drive D: | 14.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ES-E5410-1 | User Name: mhsu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/27 11:13:09 | 004,009,648 | ---- | M] (Spotify Ltd) -- C:\Users\mhsu\AppData\Roaming\Spotify\spotify.exe PRC - [2012/02/22 23:24:57 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\mhsu\Downloads\OTL.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\mhsu\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/19 13:40:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/23 15:39:01 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010/08/24 17:54:34 | 001,458,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe PRC - [2010/08/24 17:51:50 | 000,388,464 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe PRC - [2010/07/26 02:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010/07/21 17:01:38 | 000,147,840 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe PRC - [2010/06/22 12:33:38 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2010/06/04 06:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2010/05/31 08:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2010/05/31 05:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2010/05/26 03:54:36 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010/05/26 03:54:32 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe PRC - [2010/05/26 03:53:26 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe PRC - [2010/05/20 15:27:26 | 000,764,784 | ---- | M] (Microsoft Corporation ) -- C:\Windows\vVX6000.exe PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2010/05/10 16:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2010/03/29 13:45:46 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE PRC - [2010/02/02 05:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE PRC - [2010/02/02 05:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/11/04 19:19:26 | 000,114,688 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2005/08/13 10:16:08 | 000,348,160 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe ========== Modules (No Company Name) ========== MOD - [2012/02/29 03:32:16 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll MOD - [2012/02/29 03:29:20 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll MOD - [2012/02/29 03:29:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012/02/29 03:28:45 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll MOD - [2012/02/29 03:28:38 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll MOD - [2012/02/29 03:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012/02/29 03:28:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012/02/29 03:28:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2012/02/27 11:13:08 | 019,900,928 | ---- | M] () -- C:\Users\mhsu\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2011/12/23 23:44:58 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/10/14 02:32:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/06/19 13:40:39 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010/11/20 02:29:30 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll MOD - [2010/11/20 02:29:30 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/03/02 13:46:38 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll MOD - [2010/01/19 13:44:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll MOD - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe ========== Win32 Services (SafeList) ========== SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010/11/29 10:57:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/08/24 17:51:50 | 000,388,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010/05/26 03:54:32 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010/05/26 03:53:26 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010/05/10 16:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2010/02/03 18:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2009/11/04 19:19:26 | 000,114,688 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/11/20 04:05:47 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/09 11:08:18 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2010/06/21 12:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010/06/21 02:44:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/05/26 03:54:38 | 000,424,448 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010/05/20 15:27:26 | 002,074,480 | ---- | M] (Microsoft Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000) DRV - [2010/03/21 11:25:04 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2010/03/21 11:25:04 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci) DRV - [2010/03/21 11:25:04 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie) DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/02 05:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2010/01/19 13:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2010/01/18 08:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010/01/18 08:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stdfltn.sys -- (stdflt) DRV - [2009/10/15 09:50:30 | 000,085,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV) DRV - [2007/08/17 11:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 3E 3C 0E FD 00 3F 48 BE 55 2B 64 D2 82 CA 48 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://10.0.0.*;http://companyweb;https://companyweb;<local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.seeconline.org:3128 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "nytimes.com" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mhsu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mhsu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 15:39:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 13:40:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 17:40:01 | 000,000,000 | ---D | M] [2010/11/29 14:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhsu\AppData\Roaming\mozilla\Extensions [2012/03/02 10:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhsu\AppData\Roaming\mozilla\Firefox\Profiles\hr8njggg.default\extensions [2012/03/02 10:28:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\mhsu\AppData\Roaming\mozilla\Firefox\Profiles\hr8njggg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/03/27 17:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/12/23 15:39:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/06/19 13:40:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\ CHR - Extension: Gmail = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/02/24 15:04:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKCU..\Run: [F.lux] C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [googletalk] C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [spotify] C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SEEC.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{205D6DBF-0672-4653-B26F-8D9A7C7754D4}: NameServer = 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F}: DhcpNameServer = 172.6.1.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F}: NameServer = 208.67.222.222 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/09/29 00:18:56 | 000,000,103 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/28 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\silerunner [2012/02/27 16:14:01 | 000,100,864 | ---- | C] (GMER) -- C:\agdiqpow.sys [2012/02/25 15:34:04 | 000,000,000 | ---D | C] -- C:\ARK [2012/02/24 15:26:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/02/24 15:21:51 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mhsu\Desktop\tdsskiller.exe [2012/02/24 15:09:54 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\mhsu\Desktop\aswMBR.exe [2012/02/24 15:04:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/24 11:39:12 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\xmldm [2012/02/24 11:39:12 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\kock [2012/02/23 22:46:30 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\RK_Quarantine [2012/02/22 18:05:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/02/22 17:59:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/02/22 17:45:30 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Local\temp [2012/02/22 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\Malwarebytes [2012/02/22 10:40:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/02/22 10:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/22 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/02/22 10:33:56 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\GooredFix Backups [2012/02/21 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/21 19:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/02/21 19:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/02/20 23:45:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/02/09 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Local\Cvtmapapi [52 C:\Users\mhsu\Desktop\*.tmp files -> C:\Users\mhsu\Desktop\*.tmp -> ] [1 C:\Users\mhsu\AppData\Roaming\*.tmp files -> C:\Users\mhsu\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/02 10:50:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715UA.job [2012/03/02 10:27:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/02 10:26:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/01 22:39:52 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/01 15:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715Core.job [2012/02/29 09:39:42 | 000,000,000 | ---- | M] () -- C:\Users\mhsu\AppData\Local\WavXMapDrive.bat [2012/02/29 03:34:45 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/29 03:34:45 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/29 03:31:49 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/02/29 03:31:49 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/02/29 03:27:28 | 000,355,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/02/29 03:26:37 | 1501,966,336 | -HS- | M] () -- C:\hiberfil.sys [2012/02/27 16:14:01 | 000,100,864 | ---- | M] (GMER) -- C:\agdiqpow.sys [2012/02/26 02:06:18 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/02/24 16:15:10 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715.job [2012/02/24 16:00:51 | 000,065,536 | ---- | M] () -- C:\Users\mhsu\AppData\Roaming\hr8njggg.default.dat [2012/02/24 15:22:24 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mhsu\Desktop\tdsskiller.exe [2012/02/24 15:11:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\mhsu\Desktop\aswMBR.exe [2012/02/24 15:04:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/02/24 14:50:48 | 218,637,640 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/02/22 17:33:35 | 000,001,398 | ---- | M] () -- C:\Users\mhsu\Desktop\ComboFix.exe - Shortcut.lnk [2012/02/22 10:40:48 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/21 19:36:40 | 000,000,877 | ---- | M] () -- C:\Users\mhsu\Desktop\ERUNT.lnk [2012/02/20 18:51:11 | 001,615,072 | ---- | M] () -- C:\Users\mhsu\Desktop\ParkingContest.Hsu.Mingwei.jpg [2012/02/15 13:58:05 | 000,002,072 | -H-- | M] () -- C:\Users\mhsu\Documents\Default.rdp [52 C:\Users\mhsu\Desktop\*.tmp files -> C:\Users\mhsu\Desktop\*.tmp -> ] [1 C:\Users\mhsu\AppData\Roaming\*.tmp files -> C:\Users\mhsu\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/24 11:39:12 | 000,065,536 | ---- | C] () -- C:\Users\mhsu\AppData\Roaming\hr8njggg.default.dat [2012/02/22 17:33:35 | 000,001,398 | ---- | C] () -- C:\Users\mhsu\Desktop\ComboFix.exe - Shortcut.lnk [2012/02/22 10:40:48 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/21 19:36:40 | 000,000,877 | ---- | C] () -- C:\Users\mhsu\Desktop\ERUNT.lnk [2012/02/21 09:36:21 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715.job [2012/02/21 09:27:25 | 218,637,640 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/02/20 18:51:32 | 001,615,072 | ---- | C] () -- C:\Users\mhsu\Desktop\ParkingContest.Hsu.Mingwei.jpg [2011/12/26 22:35:02 | 000,000,632 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/17 16:10:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/10/17 16:10:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/10/17 16:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/10/17 16:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/10/17 16:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/02/23 10:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/02 21:50:47 | 000,020,480 | ---- | C] () -- C:\Windows\FWnSM.exe [2011/02/02 21:50:47 | 000,020,480 | ---- | C] () -- C:\Windows\AutoGo.exe [2011/02/02 21:50:45 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2011/02/02 21:50:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2011/02/02 21:50:44 | 012,274,432 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2011/02/02 21:50:44 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2011/02/02 21:50:44 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2010/11/29 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\mhsu\AppData\Local\WavXMapDrive.bat [2010/11/29 10:37:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/11/20 02:25:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010/11/20 02:21:12 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2010/11/20 02:20:54 | 000,060,080 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/20 02:20:50 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2010/11/01 11:15:38 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010/11/01 11:15:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/11/01 11:15:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010/11/01 11:15:37 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010/11/01 11:15:37 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010/11/01 11:15:34 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/11/01 11:15:33 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== LOP Check ========== [2010/11/29 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Broadcom [2012/02/09 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Canon [2010/12/25 19:55:21 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2012/02/24 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\kock [2012/03/02 10:51:43 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Spotify [2010/11/29 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Wave Systems Corp [2012/02/24 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\xmldm [2011/04/26 16:18:40 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > I don't think the google redirect is happening, I've only used google a few times, and nothing has happened, though I try to avoid using it. The system seems to be fine in general. Thanks for all your help so far. -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
I ran the safety scanner, and it removed a bunch of stuff, but some were partially removed and required further steps, or some of detected but not removed. There were no logs available, should I do something about the unremoved ones? Thank you! -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Here it is: ========== PROCESSES ========== All processes killed ========== FILES ========== recycler not found in C:\ recycler not found in D:\ File\Folder c:\users\mhsu\appdata\local\mvp.exe not found. File\Folder c:\users\mhsu\appdata\local\jwb.exe not found. File\Folder c:\users\mhsu\appdata\local\lpx.exe not found. File\Folder c:\users\mhsu\appdata\local\hix.exe not found. File\Folder c:\users\mhsu\appdata\local\qdi.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: administrator ->Flash cache emptied: 810 bytes User: All Users User: Default ->Flash cache emptied: 56502 bytes User: Default User ->Flash cache emptied: 0 bytes User: jobs ->Flash cache emptied: 456 bytes User: mhsu ->Flash cache emptied: 140036 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02282012_204920 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Thanks! -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Here is the silent runner log: "Silent Runners.vbs", revision 63, http://www.silentrunners.org/ Operating System: Windows 7 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "F.lux" = ""C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe" /noshow" [null data] "googletalk" = "C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart" ["Google"] "Spotify" = ""C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart" ["Spotify Ltd"] "Google Update" = ""C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "FlashPlayerUpdate" = "C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Apoint" = "C:\Program Files\DellTPad\Apoint.exe" ["Alps Electric Co., Ltd."] "SysTrayApp" = "C:\Program Files\IDT\WDM\sttray.exe" "IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"] "Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"] "Broadcom Wireless Manager UI" = "C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe" ["Dell Inc."] "WavXMgr" = "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" ["Wave Systems Corp."] "USCService" = "C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [null data] "PDVDDXSrv" = ""C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"" ["CyberLink Corp."] "DBRMTray" = "C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe" [null data] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "VX6000" = "C:\Windows\vVX6000.exe" ["Microsoft Corporation "] "LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS] "TkBellExe" = ""C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"] "Windows Mobile Device Center" = "C:\Windows\WindowsMobile\wmdc.exe" "CanonMyPrinter" = "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ["CANON INC."] "MSC" = ""c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey" [MS] "snp2std" = "C:\Windows\vsnp2std.exe" ["Sonix"] "gidle" = ""C:\Program Files\gAlwaysIdle\gidle.exe"" [null data] "dplaysvr" = "C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [file not found] "Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "DBRMTray" = "C:\Dell\DBRM\Reminder\TrayApp.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper" -> {HKLM...CLSID} = "Search Helper" \InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live ID Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EnabledUnlockedFDEIconOverlay\(Default) = "{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" -> {HKLM...CLSID} = "FdeInitIcon Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll" ["Wave Systems Corp."] UninitializedFdeIconOverlay\(Default) = "{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" -> {HKLM...CLSID} = "FdeUninitIcon Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll" ["Wave Systems Corp."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{09A47860-11B0-4DA5-AFA5-26D86198A780}" = "EPP" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "Userinit" = "C:\Windows\system32\userinit.exe,C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe," [MS], [null data] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider" -> {HKLM...CLSID} = "WLIDCredentialProvider" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS] <<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS] <<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}" -> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS] <<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}" -> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS] <<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}" -> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS] <<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}" -> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EncryptDocMgr\(Default) = "{52C70C7B-98B9-4626-8BD0-4D00FF028488}" -> {HKLM...CLSID} = "EncryptMenuItem Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll" ["Wave Systems Corp."] EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EncryptDocMgr\(Default) = "{52C70C7B-98B9-4626-8BD0-4D00FF028488}" -> {HKLM...CLSID} = "EncryptMenuItem Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll" ["Wave Systems Corp."] EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" -> {HKLM...CLSID} = "GraphicsShellExt Class" \InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoWelcomeScreen" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\System\ "ExcludeProfileDirs" = (REG_SZ) History; Local Settings;Temp; Temporary Internet Files;My Documents\My Music {unrecognized setting} "GroupPolicyRefreshTime" = (REG_DWORD) dword:0x0000003C {unrecognized setting} "GroupPolicyRefreshTimeOffset" = (REG_DWORD) dword:0x00000042 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\mhsu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CanonMPN20PictureOnArrival\ "Provider" = "MP Navigator Ver2.0" "InvokeProgID" = "MPNavigator20.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\MPNavigator20.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /AUTOPLAY %1" ["CANON INC."] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] MSLivePhotoAcqHWEventHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "Microsoft.LivePhotoAcqHWEventHandler" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS] MSLivePhotoAcquireDropHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveShowPicturesOnArrival\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveVideoCameraArrivalCaptureWizard\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler" "InitCmdLine" = "WLXVideoAcquireWizard" HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS] PDVDDXPlayDVDMovieOnArrival\ "Provider" = "PowerDVD DX" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPDVDDX" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."] PDVDDXPlaySuperVideoCDMovieOnArrival\ "Provider" = "PowerDVD DX" "InvokeProgID" = "SVCD" "InvokeVerb" = "PlayWithPDVDDX" HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."] PDVDDXPlayVideoCDMovieOnArrival\ "Provider" = "PowerDVD DX" "InvokeProgID" = "VCD" "InvokeVerb" = "PlayWithPDVDDX" HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPDVDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] WIA_{64103EF8-4CBE-47A3-A125-8C0C24B55083}\ "Provider" = "MP Navigator Ver2.0" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] Startup items in "mhsu" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "Dell System Manager" -> shortcut to: "C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe" ["Dell Inc."] "McAfee Security Scan Plus" -> shortcut to: "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe" ["McAfee, Inc."] "TdmNotify" -> shortcut to: "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe" ["Wave Systems Corp."] Non-disabled Scheduled Tasks: ----------------------------- C:\Users\mhsu\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:\Windows\System32\Tasks "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715Core" -> launches: "C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715UA" -> launches: "C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "JavaUpdateSched" -> launches: "%CommonProgramFiles%\Java\Java Update\jusched.exe" ["Sun Microsystems, Inc."] "RealUpgradeLogonTaskS-1-5-21-278053664-2185810746-1395160328-500" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."] "RealUpgradeLogonTaskS-1-5-21-278053664-2185810746-1395160328-7715" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."] "RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-500" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."] "RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."] "{DBFE3B31-5192-43D0-BD01-C7DBC2883CD7}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\mhsu\Downloads\galwaysidlesetup.exe -d "C:\Program Files\Mozilla Firefox"" [MS] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience "AitAgent" -> launches: "aitagent" [MS] "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}" -> {HKLM...CLSID} = "KernelCeipCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS] "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}" -> {HKLM...CLSID} = "UsbCeip" \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}" -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance "WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}" -> {HKLM...CLSID} = "WinSAT Task Manger Task" \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS] "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS] "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS] "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS] "mcupdate_scheduled" -> launches: "%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" [MS] "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS] "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS] "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS] "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS] "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS] "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS] "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS] "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS] "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS] "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS] "StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace "GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}" -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler" \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}" -> {HKLM...CLSID} = "RasMobilityManager" \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}" -> {HKLM...CLSID} = "RegistryIdleBackupHandler" \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}" -> {HKLM...CLSID} = "RunTask" \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies "ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS] "ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing "UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE "Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}" -> {HKLM...CLSID} = "Windows Live Social Object Extractor Engine Definition Updater" \InProcServer32\(Default) = "C:\Program Files\Windows Live\SOXE\wlsoxe.dll" [MS] C:\Windows\System32\Tasks\WPD "SqmUpload_S-1-5-21-278053664-2185810746-1395160328-7715" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000007\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS] 000000000008\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS] 000000000009\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 36 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ "ButtonText" = "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" "MenuText" = "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003" "CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}" -> {HKLM...CLSID} = "BlogThisToolbarButton Class" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-222" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-223" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HOSTS file ---------- C:\Windows\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Andrea ST Filters Service, AESTFilters, "C:\Program Files\IDT\WDM\aestsrv.exe" ["Andrea Electronics Corporation"] Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."] Audio Service, STacSV, "C:\Program Files\IDT\WDM\STacSV.exe" ["IDT, Inc."] AuthenTec Fingerprint Service, ATService, "C:\Program Files\Fingerprint Sensor\AtService.exe" ["AuthenTec, Inc."] Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."] Broadcom Management Agent, BrcmMgmtAgent, ""C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service" ["Broadcom Corporation"] Dell System Manager Service, dcpsysmgrsvc, ""c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe"" ["Dell Inc."] DW WLAN Tray Service, wltrysvc, ""C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe"" ["Dell Inc."] FF Install Filter Service, InstallFilterService, "C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe" [null data] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"] MSCamSvc, MSCamSvc, ""C:\Program Files\Microsoft LifeCam\MSCamS32.exe"" [MS] SBSD Security Center Service, SBSDWSCService, "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."] SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS] TdmService, TdmService, ""C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe"" ["Wave Systems Corp."] Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS] Windows Mobile-2003-based device connectivity, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]} Windows Mobile-based device connectivity, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor3_2\Driver = "CNBLM3_2.DLL" ["CANON INC."] Canon BJ Language Monitor MP150\Driver = "CNMLM7K.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2012-02-28 19:35:38) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 70 seconds, including 22 seconds for message boxes) Thank you! -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Here is the ARK log, will do the last scan now: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-28 19:24:00 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.D005 Running: 9nebzd2r.exe; Driver: C:\Users\mhsu\AppData\Local\Temp\agdiqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8F5D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!LdrLoadDll 7700F425 5 Bytes JMP 00E01410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe[3804] USER32.dll!GetLastInputInfo + 13 77126D67 4 Bytes [80, 2B, 4F, 02] .text C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe[5400] ntdll.dll!DbgBreakPoint 76FE3258 1 Byte [C3] .text C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe[5400] ntdll.dll!DbgUiRemoteBreakin 7704D5CB 5 Bytes JMP 770137A9 C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!SetWindowLongA 7711B1E3 5 Bytes JMP 5D198DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!SetWindowLongW 77126614 5 Bytes JMP 5D198D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!GetWindowInfo 77126A82 5 Bytes JMP 5CFC7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!TrackPopupMenu 77144B3B 5 Bytes JMP 5CFC7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Real\RealPlayer\update\realsched.exe[7360] kernel32.dll!SetUnhandledExceptionFilter 767C30E2 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Thanks! -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Here are some of the logs, I will finish the steps by the end of the weekend...my computer was able to boot up normally! The BSOD is gone! ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.2 log created on 02242012_150400 aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-02-24 15:13:59 ----------------------------- 15:13:59.708 OS Version: Windows 6.1.7600 15:13:59.708 Number of processors: 4 586 0x2505 15:13:59.709 ComputerName: ES-E5410-1 UserName: mhsu 15:14:03.384 Initialize success 15:20:02.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 15:20:02.535 Disk 0 Vendor: ST916031 D005 Size: 152627MB BusType: 3 15:20:02.537 Disk 0 MBR read successfully 15:20:02.540 Disk 0 MBR scan 15:20:02.542 Disk 0 TDL4@MBR code has been found 15:20:02.544 Disk 0 MBR hidden 15:20:02.548 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 15:20:02.564 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 15:20:02.608 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137586 MB offset 30801920 15:20:02.612 Disk 0 MBR [TDL4] **ROOTKIT** 15:20:02.615 Scan finished successfully 15:20:23.125 Disk 0 MBR has been saved successfully to "C:\Users\mhsu\Desktop\MBR.dat" 15:20:23.126 The log file has been saved successfully to "C:\Users\mhsu\Desktop\aswMBR.txt" 15:24:56.0229 2996 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49 15:24:58.0257 2996 ============================================================ 15:24:58.0257 2996 Current date / time: 2012/02/24 15:24:58.0257 15:24:58.0257 2996 SystemInfo: 15:24:58.0257 2996 15:24:58.0257 2996 OS Version: 6.1.7600 ServicePack: 0.0 15:24:58.0257 2996 Product type: Workstation 15:24:58.0257 2996 ComputerName: ES-E5410-1 15:24:58.0257 2996 UserName: mhsu 15:24:58.0257 2996 Windows directory: C:\Windows 15:24:58.0257 2996 System windows directory: C:\Windows 15:24:58.0257 2996 Processor architecture: Intel x86 15:24:58.0257 2996 Number of processors: 4 15:24:58.0257 2996 Page size: 0x1000 15:24:58.0257 2996 Boot type: Safe boot with network 15:24:58.0257 2996 ============================================================ 15:24:58.0834 2996 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:24:58.0850 2996 \Device\Harddisk0\DR0: 15:24:58.0850 2996 MBR used 15:24:58.0850 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 15:24:58.0850 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0 15:24:58.0881 2996 Initialize success 15:24:58.0881 2996 ============================================================ 15:25:24.0325 1080 ============================================================ 15:25:24.0325 1080 Scan started 15:25:24.0325 1080 Mode: Manual; SigCheck; TDLFS; 15:25:24.0325 1080 ============================================================ 15:25:27.0148 1080 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys 15:25:27.0273 1080 1394ohci - ok 15:25:27.0429 1080 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys 15:25:27.0601 1080 Acceler - ok 15:25:27.0757 1080 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 15:25:27.0772 1080 ACPI - ok 15:25:27.0881 1080 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 15:25:27.0959 1080 AcpiPmi - ok 15:25:28.0084 1080 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 15:25:28.0100 1080 adp94xx - ok 15:25:28.0162 1080 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 15:25:28.0178 1080 adpahci - ok 15:25:28.0209 1080 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 15:25:28.0209 1080 adpu320 - ok 15:25:28.0349 1080 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 15:25:28.0412 1080 AFD - ok 15:25:28.0427 1080 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 15:25:28.0443 1080 agp440 - ok 15:25:28.0521 1080 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 15:25:28.0537 1080 aic78xx - ok 15:25:28.0630 1080 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 15:25:28.0630 1080 aliide - ok 15:25:28.0677 1080 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 15:25:28.0693 1080 amdagp - ok 15:25:28.0739 1080 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 15:25:28.0739 1080 amdide - ok 15:25:28.0817 1080 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 15:25:28.0864 1080 AmdK8 - ok 15:25:28.0895 1080 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 15:25:28.0942 1080 AmdPPM - ok 15:25:29.0051 1080 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 15:25:29.0051 1080 amdsata - ok 15:25:29.0083 1080 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 15:25:29.0098 1080 amdsbs - ok 15:25:29.0145 1080 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 15:25:29.0161 1080 amdxata - ok 15:25:29.0239 1080 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys 15:25:29.0254 1080 ApfiltrService - ok 15:25:29.0317 1080 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 15:25:29.0441 1080 AppID - ok 15:25:29.0691 1080 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 15:25:29.0707 1080 arc - ok 15:25:29.0722 1080 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 15:25:29.0722 1080 arcsas - ok 15:25:29.0800 1080 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 15:25:29.0925 1080 AsyncMac - ok 15:25:30.0081 1080 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 15:25:30.0081 1080 atapi - ok 15:25:30.0253 1080 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 15:25:30.0331 1080 b06bdrv - ok 15:25:30.0440 1080 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:25:30.0455 1080 b57nd60x - ok 15:25:30.0565 1080 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys 15:25:30.0565 1080 BCM42RLY - ok 15:25:30.0705 1080 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys 15:25:30.0830 1080 BCM43XX - ok 15:25:31.0001 1080 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 15:25:31.0048 1080 Beep - ok 15:25:31.0173 1080 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 15:25:31.0220 1080 blbdrive - ok 15:25:31.0282 1080 Blfp (8b9f91def5dbfb4f9b700db51e0d00cc) C:\Windows\system32\DRIVERS\basp.sys 15:25:31.0345 1080 Blfp - ok 15:25:31.0547 1080 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 15:25:31.0594 1080 bowser - ok 15:25:31.0672 1080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:25:31.0703 1080 BrFiltLo - ok 15:25:31.0735 1080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:25:31.0781 1080 BrFiltUp - ok 15:25:31.0906 1080 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 15:25:31.0969 1080 BridgeMP - ok 15:25:32.0109 1080 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 15:25:32.0156 1080 Brserid - ok 15:25:32.0187 1080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 15:25:32.0234 1080 BrSerWdm - ok 15:25:32.0296 1080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:25:32.0343 1080 BrUsbMdm - ok 15:25:32.0359 1080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 15:25:32.0390 1080 BrUsbSer - ok 15:25:32.0421 1080 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 15:25:32.0452 1080 BTHMODEM - ok 15:25:32.0608 1080 catchme - ok 15:25:32.0764 1080 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 15:25:32.0811 1080 cdfs - ok 15:25:32.0920 1080 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 15:25:32.0951 1080 cdrom - ok 15:25:33.0076 1080 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 15:25:33.0217 1080 circlass - ok 15:25:33.0295 1080 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 15:25:33.0310 1080 CLFS - ok 15:25:33.0482 1080 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 15:25:33.0513 1080 CmBatt - ok 15:25:33.0575 1080 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 15:25:33.0575 1080 cmdide - ok 15:25:33.0653 1080 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 15:25:33.0700 1080 CNG - ok 15:25:33.0809 1080 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 15:25:33.0809 1080 Compbatt - ok 15:25:33.0856 1080 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:25:33.0887 1080 CompositeBus - ok 15:25:33.0919 1080 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 15:25:33.0934 1080 crcdisk - ok 15:25:34.0028 1080 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 15:25:34.0090 1080 CSC - ok 15:25:34.0168 1080 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 15:25:34.0199 1080 DfsC - ok 15:25:34.0262 1080 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 15:25:34.0309 1080 discache - ok 15:25:34.0402 1080 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 15:25:34.0402 1080 Disk - ok 15:25:34.0480 1080 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 15:25:34.0511 1080 drmkaud - ok 15:25:34.0574 1080 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 15:25:34.0605 1080 DXGKrnl - ok 15:25:34.0730 1080 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 15:25:34.0901 1080 ebdrv - ok 15:25:34.0979 1080 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 15:25:35.0011 1080 elxstor - ok 15:25:35.0057 1080 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 15:25:35.0089 1080 ErrDev - ok 15:25:35.0151 1080 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 15:25:35.0182 1080 exfat - ok 15:25:35.0245 1080 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 15:25:35.0291 1080 fastfat - ok 15:25:35.0385 1080 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 15:25:35.0416 1080 fdc - ok 15:25:35.0463 1080 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 15:25:35.0463 1080 FileInfo - ok 15:25:35.0494 1080 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 15:25:35.0572 1080 Filetrace - ok 15:25:35.0603 1080 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 15:25:35.0635 1080 flpydisk - ok 15:25:35.0713 1080 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 15:25:35.0728 1080 FltMgr - ok 15:25:35.0791 1080 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 15:25:35.0806 1080 FsDepends - ok 15:25:35.0884 1080 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 15:25:35.0884 1080 Fs_Rec - ok 15:25:35.0947 1080 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 15:25:35.0962 1080 fvevol - ok 15:25:36.0040 1080 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:25:36.0056 1080 gagp30kx - ok 15:25:36.0149 1080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:25:36.0149 1080 GEARAspiWDM - ok 15:25:36.0259 1080 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 15:25:36.0305 1080 hcw85cir - ok 15:25:36.0368 1080 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:25:36.0399 1080 HDAudBus - ok 15:25:36.0430 1080 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 15:25:36.0493 1080 HECI - ok 15:25:36.0539 1080 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 15:25:36.0539 1080 HidBatt - ok 15:25:36.0586 1080 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 15:25:36.0617 1080 HidBth - ok 15:25:36.0649 1080 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 15:25:36.0680 1080 HidIr - ok 15:25:36.0836 1080 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 15:25:36.0898 1080 HidUsb - ok 15:25:36.0976 1080 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:25:36.0992 1080 HpSAMD - ok 15:25:37.0070 1080 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 15:25:37.0132 1080 HTTP - ok 15:25:37.0179 1080 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 15:25:37.0179 1080 hwpolicy - ok 15:25:37.0241 1080 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 15:25:37.0288 1080 i8042prt - ok 15:25:37.0366 1080 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 15:25:37.0382 1080 iaStor - ok 15:25:37.0475 1080 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 15:25:37.0491 1080 iaStorV - ok 15:25:37.0725 1080 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys 15:25:38.0021 1080 igfx - ok 15:25:38.0131 1080 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 15:25:38.0131 1080 iirsp - ok 15:25:38.0162 1080 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys 15:25:38.0224 1080 Impcd - ok 15:25:38.0287 1080 IntcDAud (af6d1e38bce11daba4c01d6a6de94410) C:\Windows\system32\DRIVERS\IntcDAud.sys 15:25:38.0349 1080 IntcDAud - ok 15:25:38.0380 1080 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 15:25:38.0380 1080 intelide - ok 15:25:38.0489 1080 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 15:25:38.0552 1080 intelppm - ok 15:25:38.0614 1080 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:25:38.0661 1080 IpFilterDriver - ok 15:25:38.0708 1080 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:25:38.0739 1080 IPMIDRV - ok 15:25:38.0801 1080 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 15:25:38.0848 1080 IPNAT - ok 15:25:38.0879 1080 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 15:25:38.0957 1080 IRENUM - ok 15:25:39.0020 1080 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 15:25:39.0020 1080 isapnp - ok 15:25:39.0067 1080 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 15:25:39.0082 1080 iScsiPrt - ok 15:25:39.0176 1080 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:25:39.0176 1080 kbdclass - ok 15:25:39.0269 1080 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 15:25:39.0301 1080 kbdhid - ok 15:25:39.0363 1080 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 15:25:39.0379 1080 KSecDD - ok 15:25:39.0425 1080 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 15:25:39.0425 1080 KSecPkg - ok 15:25:39.0550 1080 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 15:25:39.0613 1080 lltdio - ok 15:25:39.0737 1080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:25:39.0753 1080 LSI_FC - ok 15:25:39.0784 1080 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:25:39.0800 1080 LSI_SAS - ok 15:25:39.0847 1080 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:25:39.0862 1080 LSI_SAS2 - ok 15:25:39.0878 1080 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:25:39.0893 1080 LSI_SCSI - ok 15:25:39.0987 1080 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 15:25:40.0049 1080 luafv - ok 15:25:40.0205 1080 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 15:25:40.0205 1080 megasas - ok 15:25:40.0299 1080 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 15:25:40.0315 1080 MegaSR - ok 15:25:40.0471 1080 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 15:25:40.0533 1080 Modem - ok 15:25:40.0627 1080 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 15:25:40.0658 1080 monitor - ok 15:25:40.0751 1080 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 15:25:40.0751 1080 mouclass - ok 15:25:40.0829 1080 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 15:25:40.0861 1080 mouhid - ok 15:25:40.0923 1080 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 15:25:40.0923 1080 mountmgr - ok 15:25:41.0048 1080 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys 15:25:41.0063 1080 MpFilter - ok 15:25:41.0141 1080 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 15:25:41.0157 1080 mpio - ok 15:25:41.0313 1080 MpKsl09281dd6 - ok 15:25:41.0375 1080 MpKsl1421d255 - ok 15:25:41.0469 1080 MpKsl16e26d17 - ok 15:25:41.0469 1080 MpKsl1b82f2a0 - ok 15:25:41.0563 1080 MpKsl37e0fe2b - ok 15:25:41.0594 1080 MpKsl6dc19cc6 - ok 15:25:41.0609 1080 MpKsl72bb9f19 - ok 15:25:41.0656 1080 MpKsla7f0cc5e - ok 15:25:41.0781 1080 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys 15:25:41.0781 1080 MpNWMon - ok 15:25:41.0843 1080 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 15:25:42.0015 1080 mpsdrv - ok 15:25:42.0109 1080 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 15:25:42.0140 1080 MRxDAV - ok 15:25:42.0218 1080 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:25:42.0265 1080 mrxsmb - ok 15:25:42.0311 1080 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:25:42.0343 1080 mrxsmb10 - ok 15:25:42.0389 1080 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:25:42.0389 1080 mrxsmb20 - ok 15:25:42.0436 1080 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys 15:25:42.0452 1080 msahci - ok 15:25:42.0530 1080 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 15:25:42.0545 1080 msdsm - ok 15:25:42.0577 1080 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 15:25:42.0608 1080 Msfs - ok 15:25:42.0639 1080 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 15:25:42.0670 1080 mshidkmdf - ok 15:25:42.0748 1080 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 15:25:42.0764 1080 msisadrv - ok 15:25:42.0842 1080 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 15:25:42.0889 1080 MSKSSRV - ok 15:25:42.0920 1080 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 15:25:42.0967 1080 MSPCLOCK - ok 15:25:43.0013 1080 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 15:25:43.0060 1080 MSPQM - ok 15:25:43.0107 1080 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 15:25:43.0123 1080 MsRPC - ok 15:25:43.0154 1080 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 15:25:43.0169 1080 mssmbios - ok 15:25:43.0232 1080 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 15:25:43.0279 1080 MSTEE - ok 15:25:43.0388 1080 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 15:25:43.0419 1080 MTConfig - ok 15:25:43.0450 1080 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 15:25:43.0450 1080 Mup - ok 15:25:43.0528 1080 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 15:25:43.0575 1080 NativeWifiP - ok 15:25:43.0653 1080 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 15:25:43.0669 1080 NDIS - ok 15:25:43.0762 1080 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 15:25:43.0809 1080 NdisCap - ok 15:25:43.0871 1080 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 15:25:43.0918 1080 NdisTapi - ok 15:25:43.0965 1080 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 15:25:44.0012 1080 Ndisuio - ok 15:25:44.0059 1080 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 15:25:44.0090 1080 NdisWan - ok 15:25:44.0137 1080 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 15:25:44.0168 1080 NDProxy - ok 15:25:44.0246 1080 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 15:25:44.0293 1080 NetBIOS - ok 15:25:44.0339 1080 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 15:25:44.0402 1080 NetBT - ok 15:25:44.0511 1080 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 15:25:44.0511 1080 nfrd960 - ok 15:25:44.0605 1080 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:25:44.0620 1080 NisDrv - ok 15:25:44.0698 1080 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 15:25:44.0745 1080 Npfs - ok 15:25:44.0807 1080 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 15:25:44.0839 1080 nsiproxy - ok 15:25:44.0932 1080 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 15:25:44.0995 1080 Ntfs - ok 15:25:45.0010 1080 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 15:25:45.0057 1080 Null - ok 15:25:45.0135 1080 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 15:25:45.0151 1080 nvraid - ok 15:25:45.0182 1080 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 15:25:45.0197 1080 nvstor - ok 15:25:45.0275 1080 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 15:25:45.0291 1080 nv_agp - ok 15:25:45.0353 1080 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 15:25:45.0400 1080 ohci1394 - ok 15:25:45.0494 1080 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 15:25:45.0541 1080 Parport - ok 15:25:45.0587 1080 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 15:25:45.0587 1080 partmgr - ok 15:25:45.0650 1080 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 15:25:45.0681 1080 Parvdm - ok 15:25:45.0743 1080 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys 15:25:45.0743 1080 PBADRV - ok 15:25:45.0821 1080 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 15:25:45.0837 1080 pci - ok 15:25:45.0853 1080 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 15:25:45.0868 1080 pciide - ok 15:25:45.0931 1080 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 15:25:45.0946 1080 pcmcia - ok 15:25:45.0993 1080 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 15:25:46.0009 1080 pcw - ok 15:25:46.0040 1080 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 15:25:46.0102 1080 PEAUTH - ok 15:25:46.0180 1080 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 15:25:46.0227 1080 PptpMiniport - ok 15:25:46.0274 1080 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 15:25:46.0305 1080 Processor - ok 15:25:46.0399 1080 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 15:25:46.0461 1080 Psched - ok 15:25:46.0508 1080 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 15:25:46.0570 1080 ql2300 - ok 15:25:46.0586 1080 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 15:25:46.0601 1080 ql40xx - ok 15:25:46.0664 1080 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 15:25:46.0664 1080 QWAVEdrv - ok 15:25:46.0695 1080 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 15:25:46.0742 1080 RasAcd - ok 15:25:46.0773 1080 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:25:46.0820 1080 RasAgileVpn - ok 15:25:46.0867 1080 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:25:46.0929 1080 Rasl2tp - ok 15:25:46.0976 1080 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 15:25:47.0038 1080 RasPppoe - ok 15:25:47.0069 1080 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 15:25:47.0101 1080 RasSstp - ok 15:25:47.0132 1080 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 15:25:47.0163 1080 rdbss - ok 15:25:47.0210 1080 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 15:25:47.0257 1080 rdpbus - ok 15:25:47.0303 1080 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:25:47.0335 1080 RDPCDD - ok 15:25:47.0366 1080 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 15:25:47.0428 1080 RDPDR - ok 15:25:47.0537 1080 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 15:25:47.0584 1080 RDPENCDD - ok 15:25:47.0615 1080 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 15:25:47.0662 1080 RDPREFMP - ok 15:25:47.0709 1080 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 15:25:47.0740 1080 RDPWD - ok 15:25:47.0834 1080 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 15:25:47.0834 1080 rdyboost - ok 15:25:47.0896 1080 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys 15:25:47.0943 1080 rimspci - ok 15:25:47.0974 1080 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys 15:25:48.0021 1080 risdpcie - ok 15:25:48.0068 1080 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys 15:25:48.0083 1080 rixdpcie - ok 15:25:48.0193 1080 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 15:25:48.0224 1080 rspndr - ok 15:25:48.0271 1080 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 15:25:48.0333 1080 s3cap - ok 15:25:48.0395 1080 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 15:25:48.0395 1080 sbp2port - ok 15:25:48.0489 1080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 15:25:48.0520 1080 scfilter - ok 15:25:48.0629 1080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:25:48.0676 1080 secdrv - ok 15:25:48.0739 1080 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 15:25:48.0754 1080 Serenum - ok 15:25:48.0817 1080 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 15:25:48.0848 1080 Serial - ok 15:25:48.0895 1080 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 15:25:48.0895 1080 sermouse - ok 15:25:48.0957 1080 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 15:25:48.0988 1080 sffdisk - ok 15:25:49.0004 1080 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:25:49.0035 1080 sffp_mmc - ok 15:25:49.0066 1080 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:25:49.0066 1080 sffp_sd - ok 15:25:49.0097 1080 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 15:25:49.0113 1080 sfloppy - ok 15:25:49.0129 1080 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 15:25:49.0144 1080 sisagp - ok 15:25:49.0269 1080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:25:49.0285 1080 SiSRaid2 - ok 15:25:49.0300 1080 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 15:25:49.0316 1080 SiSRaid4 - ok 15:25:49.0378 1080 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 15:25:49.0425 1080 Smb - ok 15:25:49.0831 1080 SNP2STD (ecc9293ffa708e0bb552fe9a84d6a300) C:\Windows\system32\DRIVERS\snp2sxp.sys 15:25:50.0236 1080 SNP2STD - ok 15:25:50.0361 1080 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 15:25:50.0361 1080 spldr - ok 15:25:50.0439 1080 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 15:25:50.0470 1080 srv - ok 15:25:50.0533 1080 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 15:25:50.0564 1080 srv2 - ok 15:25:50.0611 1080 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 15:25:50.0626 1080 srvnet - ok 15:25:50.0767 1080 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys 15:25:50.0782 1080 stdflt - ok 15:25:50.0845 1080 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 15:25:50.0860 1080 stexstor - ok 15:25:50.0954 1080 STHDA (698e186ac2df982b2d26428428155de1) C:\Windows\system32\DRIVERS\stwrt.sys 15:25:51.0016 1080 STHDA - ok 15:25:51.0063 1080 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 15:25:51.0079 1080 storflt - ok 15:25:51.0094 1080 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 15:25:51.0125 1080 storvsc - ok 15:25:51.0188 1080 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 15:25:51.0203 1080 swenum - ok 15:25:51.0297 1080 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 15:25:51.0359 1080 Tcpip - ok 15:25:51.0437 1080 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 15:25:51.0469 1080 TCPIP6 - ok 15:25:51.0531 1080 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 15:25:51.0578 1080 tcpipreg - ok 15:25:51.0593 1080 tcuoowsq - ok 15:25:51.0640 1080 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 15:25:51.0671 1080 TDPIPE - ok 15:25:51.0703 1080 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 15:25:51.0749 1080 TDTCP - ok 15:25:51.0812 1080 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 15:25:51.0874 1080 tdx - ok 15:25:51.0905 1080 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 15:25:51.0905 1080 TermDD - ok 15:25:51.0999 1080 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:25:52.0046 1080 tssecsrv - ok 15:25:52.0108 1080 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 15:25:52.0155 1080 tunnel - ok 15:25:52.0186 1080 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 15:25:52.0186 1080 uagp35 - ok 15:25:52.0264 1080 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys 15:25:52.0295 1080 udfs - ok 15:25:52.0358 1080 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:25:52.0373 1080 uliagpkx - ok 15:25:52.0451 1080 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 15:25:52.0483 1080 umbus - ok 15:25:52.0545 1080 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 15:25:52.0561 1080 UmPass - ok 15:25:52.0623 1080 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 15:25:52.0685 1080 USBAAPL - ok 15:25:52.0810 1080 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 15:25:52.0841 1080 usbaudio - ok 15:25:52.0919 1080 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys 15:25:52.0935 1080 usbccgp - ok 15:25:52.0997 1080 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 15:25:53.0013 1080 usbcir - ok 15:25:53.0060 1080 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys 15:25:53.0075 1080 usbehci - ok 15:25:53.0153 1080 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys 15:25:53.0200 1080 usbhub - ok 15:25:53.0325 1080 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys 15:25:53.0372 1080 usbohci - ok 15:25:53.0497 1080 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 15:25:53.0528 1080 usbprint - ok 15:25:53.0606 1080 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 15:25:53.0637 1080 usbscan - ok 15:25:53.0699 1080 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:25:53.0762 1080 USBSTOR - ok 15:25:53.0871 1080 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys 15:25:53.0887 1080 usbuhci - ok 15:25:53.0949 1080 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 15:25:53.0965 1080 usb_rndisx - ok 15:25:54.0027 1080 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:25:54.0043 1080 vdrvroot - ok 15:25:54.0058 1080 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 15:25:54.0105 1080 vga - ok 15:25:54.0152 1080 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 15:25:54.0183 1080 VgaSave - ok 15:25:54.0245 1080 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 15:25:54.0261 1080 vhdmp - ok 15:25:54.0355 1080 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 15:25:54.0386 1080 viaagp - ok 15:25:54.0433 1080 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 15:25:54.0464 1080 ViaC7 - ok 15:25:54.0511 1080 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 15:25:54.0526 1080 viaide - ok 15:25:54.0557 1080 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 15:25:54.0573 1080 vmbus - ok 15:25:54.0635 1080 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 15:25:54.0635 1080 VMBusHID - ok 15:25:54.0698 1080 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 15:25:54.0698 1080 volmgr - ok 15:25:54.0729 1080 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 15:25:54.0745 1080 volmgrx - ok 15:25:54.0791 1080 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 15:25:54.0807 1080 volsnap - ok 15:25:54.0885 1080 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 15:25:54.0901 1080 vsmraid - ok 15:25:54.0916 1080 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 15:25:54.0963 1080 vwifibus - ok 15:25:54.0994 1080 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 15:25:55.0010 1080 vwififlt - ok 15:25:55.0072 1080 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 15:25:55.0088 1080 vwifimp - ok 15:25:55.0337 1080 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys 15:25:55.0447 1080 VX6000 - ok 15:25:55.0571 1080 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 15:25:55.0587 1080 WacomPen - ok 15:25:55.0681 1080 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:25:55.0743 1080 WANARP - ok 15:25:55.0743 1080 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:25:55.0774 1080 Wanarpv6 - ok 15:25:55.0930 1080 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys 15:25:55.0961 1080 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning 15:25:55.0961 1080 WavxDMgr - detected UnsignedFile.Multi.Generic (1) 15:25:56.0039 1080 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 15:25:56.0055 1080 Wd - ok 15:25:56.0117 1080 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:25:56.0149 1080 Wdf01000 - ok 15:25:56.0227 1080 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 15:25:56.0258 1080 WfpLwf - ok 15:25:56.0305 1080 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 15:25:56.0320 1080 WIMMount - ok 15:25:56.0507 1080 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 15:25:56.0570 1080 WinUsb - ok 15:25:56.0663 1080 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:25:56.0695 1080 WmiAcpi - ok 15:25:56.0757 1080 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 15:25:56.0819 1080 ws2ifsl - ok 15:25:56.0960 1080 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys 15:25:56.0975 1080 WudfPf - ok 15:25:57.0053 1080 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:25:57.0085 1080 WUDFRd - ok 15:25:57.0256 1080 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0 15:25:57.0287 1080 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 15:25:57.0287 1080 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 15:25:57.0350 1080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:25:57.0350 1080 \Device\Harddisk0\DR0 - detected TDSS File System (1) 15:25:57.0397 1080 Boot (0x1200) (e6770bc84d46a6f735f1749946058e02) \Device\Harddisk0\DR0\Partition0 15:25:57.0412 1080 \Device\Harddisk0\DR0\Partition0 - ok 15:25:57.0428 1080 Boot (0x1200) (48828941207369cc391da89b3c4a78c9) \Device\Harddisk0\DR0\Partition1 15:25:57.0428 1080 \Device\Harddisk0\DR0\Partition1 - ok 15:25:57.0428 1080 ============================================================ 15:25:57.0428 1080 Scan finished 15:25:57.0428 1080 ============================================================ 15:25:57.0475 2760 Detected object count: 3 15:25:57.0475 2760 Actual detected object count: 3 15:26:54.0228 2760 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user 15:26:54.0228 2760 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:26:54.0384 2760 \Device\Harddisk0\DR0\# - copied to quarantine 15:26:54.0384 2760 \Device\Harddisk0\DR0 - copied to quarantine 15:26:54.0508 2760 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 15:26:54.0524 2760 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:26:54.0524 2760 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 15:26:54.0555 2760 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 15:26:54.0586 2760 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 15:26:54.0633 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 15:26:54.0633 2760 \Device\Harddisk0\DR0 - ok 15:26:54.0696 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 15:26:54.0696 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 15:26:54.0696 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 15:26:58.0767 3692 Deinitialize success -
Win7 and Google Redirect Virus
goatness replied to goatness's topic in Resolved Malware Removal Logs
Hi, I have performed several of the steps, but since ARK may take 'infinite' time, I will have to perform it later as I will be unable to keep a laptop plugged in. I will try to have it done tonight when I am settled, but should definitely respond with all the logs tomorrow. Thanks for the help thus far, the scans so far have detected and eliminated some rootkits.