Jump to content

goatness

Honorary Members
  • Posts

    28
  • Joined

  • Last visited

Reputation

0 Neutral
  1. great, i have finished those steps. please let me know what to do next.
  2. I am trying to perform the last step to tweak the trust exclusion in MBAM? I am around! Sorry, I was traveling this past weekend. Please let me know what to do, as always I very much appreciate the help. I am glad microsoft security essentials is running again.
  3. Also, how do I access AVG? Sorry if this is a stupid question, I am trying to do the last step.
  4. Hi, yes! I just finished the steps, and everything seems to be fine. Security essentials is up and running, and the google redirect hasnt been occuring at all. Is there anything else I should do? Thanks so much.
  5. The system is fine, but I still cant turn on microsoft security essentials..should I download some other kind of software? The logs are attached, thank you! combolog314.txt RKreport-314.txt tsdkiller log.txt
  6. I don't recall doing a bunch of research, how does it affect the system? Here are the logs, I attached the rest, it seemed too long to copy paste. Thanks as always. Results of screen317's Security Check version 0.99.31 Windows 7 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 McAfee Security Scan Plus Microsoft Security Essentials WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy CCleaner Java™ 6 Update 31 Adobe Flash Player 11.1.102.55 Mozilla Firefox (10.0.2) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Spybot Teatimer.exe is disabled! Microsoft Security Essentials msseces.exe ``````````End of Log```````````` log.txt info.txt
  7. I deleted the folder. I couldn't find Microsoft Security Essentials in the entire list....?! everything available in both list is checked though I attached the file properly this time, thanks!
  8. I updated Java. In kock was: 2WFEOGJG.txt GH3LNPGW.txt I attached the file list for the other folder, there were too many. My MSE wont start because it says 'it does not exist as an installed service?" thanks!
  9. Hi, here is the scan result: OTL logfile created on: 3/2/2012 10:46:49 AM - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\mhsu\Downloads Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.87 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 43.08% Memory free 3.73 Gb Paging File | 2.04 Gb Available in Paging File | 54.61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 76.95 Gb Free Space | 57.27% Space Free | Partition Type: NTFS Drive D: | 14.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ES-E5410-1 | User Name: mhsu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/02/27 11:13:09 | 004,009,648 | ---- | M] (Spotify Ltd) -- C:\Users\mhsu\AppData\Roaming\Spotify\spotify.exe PRC - [2012/02/22 23:24:57 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\mhsu\Downloads\OTL.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/12/09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\mhsu\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/06/19 13:40:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/12/23 15:39:01 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010/08/24 17:54:34 | 001,458,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe PRC - [2010/08/24 17:51:50 | 000,388,464 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe PRC - [2010/07/26 02:08:00 | 002,569,616 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2010/07/21 17:01:38 | 000,147,840 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe PRC - [2010/06/22 12:33:38 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2010/06/04 06:29:14 | 000,292,208 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2010/05/31 08:57:12 | 000,056,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2010/05/31 05:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2010/05/26 03:54:36 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2010/05/26 03:54:32 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe PRC - [2010/05/26 03:53:26 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe PRC - [2010/05/20 15:27:26 | 000,764,784 | ---- | M] (Microsoft Corporation ) -- C:\Windows\vVX6000.exe PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2010/05/10 16:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe PRC - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2010/03/29 13:45:46 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe PRC - [2010/02/17 15:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE PRC - [2010/02/02 05:20:44 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE PRC - [2010/02/02 05:19:10 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/11/04 19:19:26 | 000,114,688 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2005/08/13 10:16:08 | 000,348,160 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe ========== Modules (No Company Name) ========== MOD - [2012/02/29 03:32:16 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll MOD - [2012/02/29 03:29:20 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll MOD - [2012/02/29 03:29:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012/02/29 03:28:45 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll MOD - [2012/02/29 03:28:38 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll MOD - [2012/02/29 03:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012/02/29 03:28:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012/02/29 03:28:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2012/02/27 11:13:08 | 019,900,928 | ---- | M] () -- C:\Users\mhsu\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2011/12/23 23:44:58 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011/10/14 02:32:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/06/19 13:40:39 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2010/11/20 02:29:30 | 000,046,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.460.18066__f25c74fcad379103\Status Lib.dll MOD - [2010/11/20 02:29:30 | 000,014,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.460.18065__4ca2a925deedf37d\StatusInterfaces.dll MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/03/02 13:46:38 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll MOD - [2010/01/19 13:44:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe MOD - [2008/11/12 14:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll MOD - [2008/01/09 05:40:18 | 000,065,536 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.dll MOD - [2008/01/07 15:35:08 | 000,049,152 | ---- | M] () -- C:\Program Files\gAlwaysIdle\gidle.exe ========== Win32 Services (SafeList) ========== SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010/11/29 10:57:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/08/24 17:51:50 | 000,388,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010/05/26 03:54:32 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2010/05/26 03:53:26 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010/05/10 16:24:12 | 001,803,584 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService) SRV - [2010/03/29 13:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2010/02/03 18:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2010/02/02 05:20:46 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010/01/10 13:01:26 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2009/11/04 19:19:26 | 000,114,688 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/11/20 04:05:47 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/07/09 11:08:18 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2010/06/21 12:59:30 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010/06/21 02:44:36 | 000,246,272 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV - [2010/05/26 03:54:38 | 000,424,448 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2010/05/20 15:27:26 | 002,074,480 | ---- | M] (Microsoft Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000) DRV - [2010/03/21 11:25:04 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2010/03/21 11:25:04 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci) DRV - [2010/03/21 11:25:04 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie) DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/02 05:18:24 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2010/01/19 13:46:44 | 000,229,888 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2010/01/18 08:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler) DRV - [2010/01/18 08:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\stdfltn.sys -- (stdflt) DRV - [2009/10/15 09:50:30 | 000,085,504 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV) DRV - [2007/08/17 11:18:28 | 012,274,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 51 3E 3C 0E FD 00 3F 48 BE 55 2B 64 D2 82 CA 48 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://10.0.0.*;http://companyweb;https://companyweb;<local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.seeconline.org:3128 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "nytimes.com" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mhsu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mhsu\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/23 15:39:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/19 13:40:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/27 17:40:01 | 000,000,000 | ---D | M] [2010/11/29 14:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhsu\AppData\Roaming\mozilla\Extensions [2012/03/02 10:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mhsu\AppData\Roaming\mozilla\Firefox\Profiles\hr8njggg.default\extensions [2012/03/02 10:28:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\mhsu\AppData\Roaming\mozilla\Firefox\Profiles\hr8njggg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/03/27 17:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/12/23 15:39:21 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/06/19 13:40:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mhsu\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google Search = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\ CHR - Extension: Gmail = C:\Users\mhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2012/02/24 15:04:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft) O4 - HKLM..\Run: [gidle] C:\Program Files\gAlwaysIdle\gidle.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation ) O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKCU..\Run: [F.lux] C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [googletalk] C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [spotify] C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SEEC.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{205D6DBF-0672-4653-B26F-8D9A7C7754D4}: NameServer = 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7732D151-615A-4924-BA48-D0FBABCC1278}: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F}: DhcpNameServer = 172.6.1.161 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D4379E3-D6AE-4DA8-8D08-0703A454023F}: NameServer = 208.67.222.222 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/09/29 00:18:56 | 000,000,103 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/28 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\silerunner [2012/02/27 16:14:01 | 000,100,864 | ---- | C] (GMER) -- C:\agdiqpow.sys [2012/02/25 15:34:04 | 000,000,000 | ---D | C] -- C:\ARK [2012/02/24 15:26:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/02/24 15:21:51 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mhsu\Desktop\tdsskiller.exe [2012/02/24 15:09:54 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\mhsu\Desktop\aswMBR.exe [2012/02/24 15:04:00 | 000,000,000 | ---D | C] -- C:\_OTL [2012/02/24 11:39:12 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\xmldm [2012/02/24 11:39:12 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\kock [2012/02/23 22:46:30 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\RK_Quarantine [2012/02/22 18:05:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/02/22 17:59:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/02/22 17:45:30 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Local\temp [2012/02/22 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Roaming\Malwarebytes [2012/02/22 10:40:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/02/22 10:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/02/22 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/02/22 10:33:56 | 000,000,000 | ---D | C] -- C:\Users\mhsu\Desktop\GooredFix Backups [2012/02/21 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/21 19:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/02/21 19:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/02/20 23:45:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/02/09 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\mhsu\AppData\Local\Cvtmapapi [52 C:\Users\mhsu\Desktop\*.tmp files -> C:\Users\mhsu\Desktop\*.tmp -> ] [1 C:\Users\mhsu\AppData\Roaming\*.tmp files -> C:\Users\mhsu\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/02 10:50:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715UA.job [2012/03/02 10:27:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/02 10:26:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/01 22:39:52 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/01 15:50:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715Core.job [2012/02/29 09:39:42 | 000,000,000 | ---- | M] () -- C:\Users\mhsu\AppData\Local\WavXMapDrive.bat [2012/02/29 03:34:45 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/29 03:34:45 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/29 03:31:49 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/02/29 03:31:49 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/02/29 03:27:28 | 000,355,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/02/29 03:26:37 | 1501,966,336 | -HS- | M] () -- C:\hiberfil.sys [2012/02/27 16:14:01 | 000,100,864 | ---- | M] (GMER) -- C:\agdiqpow.sys [2012/02/26 02:06:18 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/02/24 16:15:10 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715.job [2012/02/24 16:00:51 | 000,065,536 | ---- | M] () -- C:\Users\mhsu\AppData\Roaming\hr8njggg.default.dat [2012/02/24 15:22:24 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mhsu\Desktop\tdsskiller.exe [2012/02/24 15:11:12 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\mhsu\Desktop\aswMBR.exe [2012/02/24 15:04:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/02/24 14:50:48 | 218,637,640 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/02/22 17:33:35 | 000,001,398 | ---- | M] () -- C:\Users\mhsu\Desktop\ComboFix.exe - Shortcut.lnk [2012/02/22 10:40:48 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/21 19:36:40 | 000,000,877 | ---- | M] () -- C:\Users\mhsu\Desktop\ERUNT.lnk [2012/02/20 18:51:11 | 001,615,072 | ---- | M] () -- C:\Users\mhsu\Desktop\ParkingContest.Hsu.Mingwei.jpg [2012/02/15 13:58:05 | 000,002,072 | -H-- | M] () -- C:\Users\mhsu\Documents\Default.rdp [52 C:\Users\mhsu\Desktop\*.tmp files -> C:\Users\mhsu\Desktop\*.tmp -> ] [1 C:\Users\mhsu\AppData\Roaming\*.tmp files -> C:\Users\mhsu\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/24 11:39:12 | 000,065,536 | ---- | C] () -- C:\Users\mhsu\AppData\Roaming\hr8njggg.default.dat [2012/02/22 17:33:35 | 000,001,398 | ---- | C] () -- C:\Users\mhsu\Desktop\ComboFix.exe - Shortcut.lnk [2012/02/22 10:40:48 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/21 19:36:40 | 000,000,877 | ---- | C] () -- C:\Users\mhsu\Desktop\ERUNT.lnk [2012/02/21 09:36:21 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715.job [2012/02/21 09:27:25 | 218,637,640 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/02/20 18:51:32 | 001,615,072 | ---- | C] () -- C:\Users\mhsu\Desktop\ParkingContest.Hsu.Mingwei.jpg [2011/12/26 22:35:02 | 000,000,632 | ---- | C] () -- C:\Windows\wininit.ini [2011/10/17 16:10:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/10/17 16:10:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/10/17 16:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/10/17 16:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/10/17 16:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/02/23 10:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/02/02 21:50:47 | 000,020,480 | ---- | C] () -- C:\Windows\FWnSM.exe [2011/02/02 21:50:47 | 000,020,480 | ---- | C] () -- C:\Windows\AutoGo.exe [2011/02/02 21:50:45 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2011/02/02 21:50:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2011/02/02 21:50:44 | 012,274,432 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2011/02/02 21:50:44 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2011/02/02 21:50:44 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2010/11/29 13:44:00 | 000,000,000 | ---- | C] () -- C:\Users\mhsu\AppData\Local\WavXMapDrive.bat [2010/11/29 10:37:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/11/20 02:25:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010/11/20 02:21:12 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll [2010/11/20 02:20:54 | 000,060,080 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/11/20 02:20:50 | 000,000,206 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2010/11/01 11:15:38 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010/11/01 11:15:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/11/01 11:15:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010/11/01 11:15:37 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010/11/01 11:15:37 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010/11/01 11:15:34 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010/11/01 11:15:33 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== LOP Check ========== [2010/11/29 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Broadcom [2012/02/09 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Canon [2010/12/25 19:55:21 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2012/02/24 11:39:13 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\kock [2012/03/02 10:51:43 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Spotify [2010/11/29 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\Wave Systems Corp [2012/02/24 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\mhsu\AppData\Roaming\xmldm [2011/04/26 16:18:40 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > I don't think the google redirect is happening, I've only used google a few times, and nothing has happened, though I try to avoid using it. The system seems to be fine in general. Thanks for all your help so far.
  10. I ran the safety scanner, and it removed a bunch of stuff, but some were partially removed and required further steps, or some of detected but not removed. There were no logs available, should I do something about the unremoved ones? Thank you!
  11. Here it is: ========== PROCESSES ========== All processes killed ========== FILES ========== recycler not found in C:\ recycler not found in D:\ File\Folder c:\users\mhsu\appdata\local\mvp.exe not found. File\Folder c:\users\mhsu\appdata\local\jwb.exe not found. File\Folder c:\users\mhsu\appdata\local\lpx.exe not found. File\Folder c:\users\mhsu\appdata\local\hix.exe not found. File\Folder c:\users\mhsu\appdata\local\qdi.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: administrator ->Flash cache emptied: 810 bytes User: All Users User: Default ->Flash cache emptied: 56502 bytes User: Default User ->Flash cache emptied: 0 bytes User: jobs ->Flash cache emptied: 456 bytes User: mhsu ->Flash cache emptied: 140036 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02282012_204920 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Thanks!
  12. Here is the silent runner log: "Silent Runners.vbs", revision 63, http://www.silentrunners.org/ Operating System: Windows 7 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "F.lux" = ""C:\Users\mhsu\Local Settings\Apps\F.lux\flux.exe" /noshow" [null data] "googletalk" = "C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart" ["Google"] "Spotify" = ""C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart" ["Spotify Ltd"] "Google Update" = ""C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "FlashPlayerUpdate" = "C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Apoint" = "C:\Program Files\DellTPad\Apoint.exe" ["Alps Electric Co., Ltd."] "SysTrayApp" = "C:\Program Files\IDT\WDM\sttray.exe" "IgfxTray" = "C:\Windows\system32\igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "C:\Windows\system32\hkcmd.exe" ["Intel Corporation"] "Persistence" = "C:\Windows\system32\igfxpers.exe" ["Intel Corporation"] "Broadcom Wireless Manager UI" = "C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe" ["Dell Inc."] "WavXMgr" = "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" ["Wave Systems Corp."] "USCService" = "C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [null data] "PDVDDXSrv" = ""C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"" ["CyberLink Corp."] "DBRMTray" = "C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe" [null data] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "VX6000" = "C:\Windows\vVX6000.exe" ["Microsoft Corporation "] "LifeCam" = ""C:\Program Files\Microsoft LifeCam\LifeExp.exe"" [MS] "TkBellExe" = ""C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot" ["RealNetworks, Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"] "Windows Mobile Device Center" = "C:\Windows\WindowsMobile\wmdc.exe" "CanonMyPrinter" = "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" ["CANON INC."] "MSC" = ""c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey" [MS] "snp2std" = "C:\Windows\vsnp2std.exe" ["Sonix"] "gidle" = ""C:\Program Files\gAlwaysIdle\gidle.exe"" [null data] "dplaysvr" = "C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe" [file not found] "Malwarebytes' Anti-Malware" = ""C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray" ["Malwarebytes Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "DBRMTray" = "C:\Dell\DBRM\Reminder\TrayApp.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = "AcroIEHelperStub" -> {HKLM...CLSID} = "Adobe PDF Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll" ["Adobe Systems Incorporated"] {3049C3E9-B461-4BC5-8870-4C09146192CA}\(Default) = (no title provided) -> {HKLM...CLSID} = "RealPlayer Download and Record Plugin for Internet Explorer" \InProcServer32\(Default) = "C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll" ["RealPlayer"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\(Default) = "Search Helper" -> {HKLM...CLSID} = "Search Helper" \InProcServer32\(Default) = "C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll" [MS] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live ID Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ EnabledUnlockedFDEIconOverlay\(Default) = "{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}" -> {HKLM...CLSID} = "FdeInitIcon Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll" ["Wave Systems Corp."] UninitializedFdeIconOverlay\(Default) = "{CF08DA3E-C97D-4891-A66B-E39B28DD270F}" -> {HKLM...CLSID} = "FdeUninitIcon Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll" ["Wave Systems Corp."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{00F33137-EE26-412F-8D71-F84E4C2C6625}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" = "Windows Live Photo Gallery Viewer Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" = "Windows Live Photo Gallery Editor Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Editor Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" = "Windows Live Photo Gallery Autoplay Drop Target Shim" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{09A47860-11B0-4DA5-AFA5-26D86198A780}" = "EPP" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "Userinit" = "C:\Windows\system32\userinit.exe,C:\Windows\system32\config\systemprofile\AppData\Roaming\appconf32.exe," [MS], [null data] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> ("livessp" [MS]) "Security Packages" = "kerberos"|"msv1_0"|"schannel"|"wdigest"|"tspkg"|"pku2u"|"livessp" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = "WLIDCredentialProvider" -> {HKLM...CLSID} = "WLIDCredentialProvider" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> livecall\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS] <<!>> msnim\CLSID = "{828030A1-22C1-4009-854F-8E305202313F}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\msgrapp.dll" [MS] <<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}" -> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS] <<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}" -> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS] <<!>> wlmailhtml\CLSID = "{03C514A3-1EFB-4856-9F99-10D7BE1653C0}" -> {HKLM...CLSID} = "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Mail\mailcomm.dll" [MS] <<!>> wlpg\CLSID = "{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}" -> {HKLM...CLSID} = "Album Download IE Asynchronous Pluggable Protocol Interface" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EncryptDocMgr\(Default) = "{52C70C7B-98B9-4626-8BD0-4D00FF028488}" -> {HKLM...CLSID} = "EncryptMenuItem Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll" ["Wave Systems Corp."] EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ EncryptDocMgr\(Default) = "{52C70C7B-98B9-4626-8BD0-4D00FF028488}" -> {HKLM...CLSID} = "EncryptMenuItem Class" \InProcServer32\(Default) = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll" ["Wave Systems Corp."] EPP\(Default) = "{09A47860-11B0-4DA5-AFA5-26D86198A780}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "c:\PROGRA~1\MI8079~1\shellext.dll" [MS] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}" -> {HKLM...CLSID} = "GraphicsShellExt Class" \InProcServer32\(Default) = "C:\Windows\system32\igfxpph.dll" ["Intel Corporation"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoWelcomeScreen" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Policies\Microsoft\Windows\System\ "ExcludeProfileDirs" = (REG_SZ) History; Local Settings;Temp; Temporary Internet Files;My Documents\My Music {unrecognized setting} "GroupPolicyRefreshTime" = (REG_DWORD) dword:0x0000003C {unrecognized setting} "GroupPolicyRefreshTimeOffset" = (REG_DWORD) dword:0x00000042 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Switch to the secure desktop when prompting for elevation} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\mhsu\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ CanonMPN20PictureOnArrival\ "Provider" = "MP Navigator Ver2.0" "InvokeProgID" = "MPNavigator20.AutoplayHandler" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\MPNavigator20.AutoplayHandler\shell\open\command\(Default) = "C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /AUTOPLAY %1" ["CANON INC."] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] MSLivePhotoAcqHWEventHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "Microsoft.LivePhotoAcqHWEventHandler" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqHWEventHandler\CLSID\(Default) = "{3BD0ACD1-71CA-4475-92CC-E0AA0AAF843F}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe" [MS] MSLivePhotoAcquireDropHandler\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.LivePhotoAcqDTShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = "{00F33137-EE26-412F-8D71-F84E4C2C6625}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveShowPicturesOnArrival\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "InvokeProgID" = "Microsoft.Photos.LiveAutoplayShim.1" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" -> {HKLM...CLSID} = "Windows Live Photo Gallery Viewer Autoplay Shim" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll" [MS] MSLiveVideoCameraArrivalCaptureWizard\ "Provider" = "@%ProgramFiles%\Windows Live\Photo Gallery\regres.dll,-10" "ProgID" = "WLXAutoPlayMgr.WLXHWEventHandler" "InitCmdLine" = "WLXVideoAcquireWizard" HKLM\SOFTWARE\Classes\WLXAutoPlayMgr.WLXHWEventHandler\CLSID\(Default) = "{9B5C97F6-B3A5-4A6D-8B03-993EC7291A22}" -> {HKLM...CLSID} = "WLXWEventHandler Class" \LocalServer32\(Default) = ""C:\Program Files\Windows Live\Photo Gallery\WLXVideoCameraAutoPlayManager.exe"" [MS] PDVDDXPlayDVDMovieOnArrival\ "Provider" = "PowerDVD DX" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPDVDDX" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."] PDVDDXPlaySuperVideoCDMovieOnArrival\ "Provider" = "PowerDVD DX" "InvokeProgID" = "SVCD" "InvokeVerb" = "PlayWithPDVDDX" HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."] PDVDDXPlayVideoCDMovieOnArrival\ "Provider" = "PowerDVD DX" "InvokeProgID" = "VCD" "InvokeVerb" = "PlayWithPDVDDX" HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" RUNWITHWMC MOVIE "%L"" ["CyberLink Corp."] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Program Files\Real\RealPlayer\Update\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPDVDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.DVDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burndvd "%1"" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] WIA_{64103EF8-4CBE-47A3-A125-8C0C24B55083}\ "Provider" = "MP Navigator Ver2.0" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = "/WiaCmd;C:\Program Files\Canon\MP Navigator 2.0\mpn20.exe /StiDevice:%1 /StiEvent:%2;" -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\Windows\system32\WPDShextAutoplay.exe" [MS] Startup items in "mhsu" & "All Users" startup folders: ------------------------------------------------------ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "Dell System Manager" -> shortcut to: "C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe" ["Dell Inc."] "McAfee Security Scan Plus" -> shortcut to: "C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe" ["McAfee, Inc."] "TdmNotify" -> shortcut to: "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe" ["Wave Systems Corp."] Non-disabled Scheduled Tasks: ----------------------------- C:\Users\mhsu\AppData\Local\Microsoft\Windows Sidebar\Settings.ini C:\Windows\System32\Tasks "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715Core" -> launches: "C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-278053664-2185810746-1395160328-7715UA" -> launches: "C:\Users\mhsu\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] "JavaUpdateSched" -> launches: "%CommonProgramFiles%\Java\Java Update\jusched.exe" ["Sun Microsystems, Inc."] "RealUpgradeLogonTaskS-1-5-21-278053664-2185810746-1395160328-500" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."] "RealUpgradeLogonTaskS-1-5-21-278053664-2185810746-1395160328-7715" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /logoncheck" ["RealNetworks, Inc."] "RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-500" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."] "RealUpgradeScheduledTaskS-1-5-21-278053664-2185810746-1395160328-7715" -> launches: "C:\Program Files\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck" ["RealNetworks, Inc."] "{DBFE3B31-5192-43D0-BD01-C7DBC2883CD7}" -> launches: "C:\Windows\system32\pcalua.exe -a C:\Users\mhsu\Downloads\galwaysidlesetup.exe -d "C:\Program Files\Mozilla Firefox"" [MS] C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware "MP Scheduled Scan" -> (HIDDEN!) launches: "c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client "AD RMS Rights Policy Template Management (Manual)" -> launches: "{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}" -> {HKLM...CLSID} = "AD RMS Rights Policy Template Management (Manual) Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\msdrm.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience "AitAgent" -> launches: "aitagent" [MS] "ProgramDataUpdater" -> launches: "%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk "Proxy" -> launches: "%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth "UninstallDeviceTask" -> launches: "BthUdTask.exe $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient "SystemTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] "UserTask" -> launches: "{58fb76b9-ac85-4e55-ac04-427593b1d060}" -> {HKLM...CLSID} = "Certificate Services Client Task Handler" \InProcServer32\(Default) = "C:\Windows\system32\dimsjob.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program "Consolidator" -> launches: "%SystemRoot%\System32\wsqmcons.exe" [MS] "KernelCeipTask" -> (HIDDEN!) launches: "{e7ed314f-2816-4c26-aeb5-54a34d02404c}" -> {HKLM...CLSID} = "KernelCeipCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\kernelceip.dll" [MS] "UsbCeip" -> (HIDDEN!) launches: "{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}" -> {HKLM...CLSID} = "UsbCeip" \InProcServer32\(Default) = "C:\Windows\System32\usbceip.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag "ScheduledDefrag" -> launches: "%windir%\system32\defrag.exe -c" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis "Scheduled" -> (HIDDEN!) launches: "{c1f85ef8-bcc2-4606-bb39-70c523715eb3}" -> {HKLM...CLSID} = "ScheduledDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\sdiagschd.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location "Notifications" -> launches: "%windir%\System32\LocationNotifications.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance "WinSAT" -> launches: "{A9A33436-678B-4C9C-A211-7CC38785E79D}" -> {HKLM...CLSID} = "WinSAT Task Manger Task" \InProcServer32\(Default) = "C:\Windows\system32\WinSATAPI.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center "ActivateWindowsSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch" [MS] "ConfigureInternetTimeService" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService" [MS] "DispatchRecoveryTasks" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)" [MS] "ehDRMInit" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DRMInit" [MS] "InstallPlayReady" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)" [MS] "mcupdate" -> launches: "%SystemRoot%\ehome\mcupdate $(Arg0)" [MS] "mcupdate_scheduled" -> launches: "%SystemRoot%\ehome\mcupdate -crl -hms -pscn 15" [MS] "MediaCenterRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask" [MS] "ObjectStoreRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask" [MS] "OCURActivate" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate" [MS] "OCURDiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)" [MS] "PBDADiscovery" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery" [MS] "PBDADiscoveryW1" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery" [MS] "PBDADiscoveryW2" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery" [MS] "PvrRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask" [MS] "PvrScheduleTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -PvrSchedule" [MS] "RegisterSearch" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)" [MS] "ReindexSearchRoot" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot" [MS] "SqlLiteRecoveryTask" -> launches: "%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask" [MS] "StartRecording" -> launches: "%SystemRoot%\ehome\ehrec /StartRecording" [MS] "UpdateRecordPath" -> launches: "%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic "CorruptionDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] "DecompressionFailureDetector" -> (HIDDEN!) launches: "{190BA3F6-0205-4f46-B589-95C6822899D2}" -> {HKLM...CLSID} = "MemoryDiagnosticCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\memdiag.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC "HotStart" -> launches: "{06DA0625-9701-43da-BFD7-FBEEA2180A1E}" -> {HKLM...CLSID} = "HotStart User Agent" \InProcServer32\(Default) = "C:\Windows\System32\HotStartUserAgent.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI "LPRemove" -> launches: "%windir%\system32\lpremove.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia "SystemSoundsService" -> launches: "{2DEA658F-54C1-4227-AF9B-260AB5FC3543}" -> {HKLM...CLSID} = "Microsoft PlaySoundService Class" \InProcServer32\(Default) = "C:\Windows\System32\PlaySndSrv.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace "GatherNetworkInfo" -> launches: "%windir%\system32\gatherNetworkInfo.vbs" [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics "AnalyzeSystem" -> launches: "%SystemRoot%\System32\powercfg.exe -energy -auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC "RacTask" -> (HIDDEN!) launches: "{42060D27-CA53-41f5-96E4-B1E8169308A6}" -> {HKLM...CLSID} = "ReliabilityAnalysisCustomHandler" \InProcServer32\(Default) = "C:\Windows\system32\RacEngn.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras "MobilityManager" -> launches: "{c463a0fc-794f-4fdf-9201-01938ceacafa}" -> {HKLM...CLSID} = "RasMobilityManager" \InProcServer32\(Default) = "C:\Windows\system32\rasmbmgr.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry "RegIdleBackup" -> (HIDDEN!) launches: "{ca767aa8-9157-4604-b64b-40747123d5f2}" -> {HKLM...CLSID} = "RegistryIdleBackupHandler" \InProcServer32\(Default) = "C:\Windows\System32\regidle.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance "RemoteAssistanceTask" -> (HIDDEN!) launches: "%windir%\system32\RAServer.exe /offerraupdate" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow "GadgetManager" -> launches: "{FF87090D-4A9A-4f47-879B-29A80C355D61}" -> {HKLM...CLSID} = "GadgetsManager Class" \InProcServer32\(Default) = "C:\Windows\System32\AuxiliaryDisplayServices.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore "SR" -> launches: "%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager "Interactive" -> (HIDDEN!) launches: "{855fec53-d2e4-4999-9e87-3414e9cf0ff4}" -> {HKLM...CLSID} = "RunTask" \InProcServer32\(Default) = "C:\Windows\system32\wdc.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip "IpAddressConflict1" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem" [MS] "IpAddressConflict2" -> launches: "%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework "MsCtfMonitor" -> (HIDDEN!) launches: "{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}" -> {HKLM...CLSID} = "MsCtfMonitor task handler" \InProcServer32\(Default) = "C:\Windows\system32\MsCtfMonitor.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization "SynchronizeTime" -> launches: "%windir%\system32\sc.exe start w32time task_started" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP "UPnPHostConfig" -> launches: "sc.exe config upnphost start= auto" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI "ResolutionHost" -> (HIDDEN!) launches: "{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}" -> {HKLM...CLSID} = "DiagnosticInfrastructureCustomHandler" \InProcServer32\(Default) = "C:\Windows\System32\wdi.dll" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies "ValidationTask" -> (HIDDEN!) launches: "%SystemRoot%\system32\Wat\WatAdminSvc.exe /run" [MS] "ValidationTaskDeadline" -> (HIDDEN!) launches: "%SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting "QueueReporting" -> launches: "%windir%\system32\wermgr.exe -queuereporting" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform "BfeOnServiceStartTypeChange" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing "UpdateLibrary" -> launches: ""%ProgramFiles%\Windows Media Player\wmpnscfg.exe"" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup "ConfigNotification" -> launches: "%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION" [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE "Extractor Definitions Update Task" -> launches: "{3519154C-227E-47F3-9CC9-12C3F05817F1}" -> {HKLM...CLSID} = "Windows Live Social Object Extractor Engine Definition Updater" \InProcServer32\(Default) = "C:\Program Files\Windows Live\SOXE\wlsoxe.dll" [MS] C:\Windows\System32\Tasks\WPD "SqmUpload_S-1-5-21-278053664-2185810746-1395160328-7715" -> (HIDDEN!) launches: "%windir%\system32\rundll32.exe portabledeviceapi.dll,#1" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000007\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS] 000000000008\LibraryPath = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL" [MS] 000000000009\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 36 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\ "ButtonText" = "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" "MenuText" = "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003" "CLSIDExtension" = "{5F7B1267-94A9-47F5-98DB-E99415F33AEC}" -> {HKLM...CLSID} = "BlogThisToolbarButton Class" \InProcServer32\(Default) = "C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll" [MS] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-222" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "@C:\Windows\WindowsMobile\INetRepl.dll,-223" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\Windows\WindowsMobile\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] HOSTS file ---------- C:\Windows\System32\drivers\etc\HOSTS maps: 3 domain names to IP addresses, 2 of the IP addresses are *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Andrea ST Filters Service, AESTFilters, "C:\Program Files\IDT\WDM\aestsrv.exe" ["Andrea Electronics Corporation"] Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."] Audio Service, STacSV, "C:\Program Files\IDT\WDM\STacSV.exe" ["IDT, Inc."] AuthenTec Fingerprint Service, ATService, "C:\Program Files\Fingerprint Sensor\AtService.exe" ["AuthenTec, Inc."] Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."] Broadcom Management Agent, BrcmMgmtAgent, ""C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe" -service" ["Broadcom Corporation"] Dell System Manager Service, dcpsysmgrsvc, ""c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe"" ["Dell Inc."] DW WLAN Tray Service, wltrysvc, ""C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE" "C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe"" ["Dell Inc."] FF Install Filter Service, InstallFilterService, "C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe" [null data] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] MBAMService, MBAMService, ""C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"" ["Malwarebytes Corporation"] MSCamSvc, MSCamSvc, ""C:\Program Files\Microsoft LifeCam\MSCamS32.exe"" [MS] SBSD Security Center Service, SBSDWSCService, "C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe" ["Safer Networking Ltd."] SeaPort, SeaPort, ""C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"" [MS] TdmService, TdmService, ""C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe"" ["Wave Systems Corp."] Windows Live ID Sign-in Assistant, wlidsvc, ""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"" [MS] Windows Mobile-2003-based device connectivity, WcesComm, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\wcescomm.dll" [MS]} Windows Mobile-based device connectivity, RapiMgr, "C:\Windows\system32\svchost.exe -k WindowsMobile" {"C:\Windows\WindowsMobile\rapimgr.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor3_2\Driver = "CNBLM3_2.DLL" ["CANON INC."] Canon BJ Language Monitor MP150\Driver = "CNMLM7K.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2012-02-28 19:35:38) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 70 seconds, including 22 seconds for message boxes) Thank you!
  13. Here is the ARK log, will do the last scan now: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-28 19:24:00 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.D005 Running: 9nebzd2r.exe; Driver: C:\Users\mhsu\AppData\Local\Temp\agdiqpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E8F5D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB4092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3004] ntdll.dll!LdrLoadDll 7700F425 5 Bytes JMP 00E01410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Users\mhsu\AppData\Roaming\Google\Google Talk\googletalk.exe[3804] USER32.dll!GetLastInputInfo + 13 77126D67 4 Bytes [80, 2B, 4F, 02] .text C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe[5400] ntdll.dll!DbgBreakPoint 76FE3258 1 Byte [C3] .text C:\Users\mhsu\AppData\Roaming\Spotify\Spotify.exe[5400] ntdll.dll!DbgUiRemoteBreakin 7704D5CB 5 Bytes JMP 770137A9 C:\Windows\SYSTEM32\ntdll.dll (NT Layer DLL/Microsoft Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!SetWindowLongA 7711B1E3 5 Bytes JMP 5D198DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!SetWindowLongW 77126614 5 Bytes JMP 5D198D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!GetWindowInfo 77126A82 5 Bytes JMP 5CFC7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[6224] USER32.dll!TrackPopupMenu 77144B3B 5 Bytes JMP 5CFC7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Real\RealPlayer\update\realsched.exe[7360] kernel32.dll!SetUnhandledExceptionFilter 767C30E2 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe[2036] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75055E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Thanks!
  14. Here are some of the logs, I will finish the steps by the end of the weekend...my computer was able to boot up normally! The BSOD is gone! ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.33.2 log created on 02242012_150400 aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software Run date: 2012-02-24 15:13:59 ----------------------------- 15:13:59.708 OS Version: Windows 6.1.7600 15:13:59.708 Number of processors: 4 586 0x2505 15:13:59.709 ComputerName: ES-E5410-1 UserName: mhsu 15:14:03.384 Initialize success 15:20:02.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 15:20:02.535 Disk 0 Vendor: ST916031 D005 Size: 152627MB BusType: 3 15:20:02.537 Disk 0 MBR read successfully 15:20:02.540 Disk 0 MBR scan 15:20:02.542 Disk 0 TDL4@MBR code has been found 15:20:02.544 Disk 0 MBR hidden 15:20:02.548 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 15:20:02.564 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 15:20:02.608 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137586 MB offset 30801920 15:20:02.612 Disk 0 MBR [TDL4] **ROOTKIT** 15:20:02.615 Scan finished successfully 15:20:23.125 Disk 0 MBR has been saved successfully to "C:\Users\mhsu\Desktop\MBR.dat" 15:20:23.126 The log file has been saved successfully to "C:\Users\mhsu\Desktop\aswMBR.txt" 15:24:56.0229 2996 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49 15:24:58.0257 2996 ============================================================ 15:24:58.0257 2996 Current date / time: 2012/02/24 15:24:58.0257 15:24:58.0257 2996 SystemInfo: 15:24:58.0257 2996 15:24:58.0257 2996 OS Version: 6.1.7600 ServicePack: 0.0 15:24:58.0257 2996 Product type: Workstation 15:24:58.0257 2996 ComputerName: ES-E5410-1 15:24:58.0257 2996 UserName: mhsu 15:24:58.0257 2996 Windows directory: C:\Windows 15:24:58.0257 2996 System windows directory: C:\Windows 15:24:58.0257 2996 Processor architecture: Intel x86 15:24:58.0257 2996 Number of processors: 4 15:24:58.0257 2996 Page size: 0x1000 15:24:58.0257 2996 Boot type: Safe boot with network 15:24:58.0257 2996 ============================================================ 15:24:58.0834 2996 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:24:58.0850 2996 \Device\Harddisk0\DR0: 15:24:58.0850 2996 MBR used 15:24:58.0850 2996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 15:24:58.0850 2996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x10CB96B0 15:24:58.0881 2996 Initialize success 15:24:58.0881 2996 ============================================================ 15:25:24.0325 1080 ============================================================ 15:25:24.0325 1080 Scan started 15:25:24.0325 1080 Mode: Manual; SigCheck; TDLFS; 15:25:24.0325 1080 ============================================================ 15:25:27.0148 1080 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys 15:25:27.0273 1080 1394ohci - ok 15:25:27.0429 1080 Acceler (af1f178b0218b44876e63bf0b019e96b) C:\Windows\system32\DRIVERS\Accelern.sys 15:25:27.0601 1080 Acceler - ok 15:25:27.0757 1080 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 15:25:27.0772 1080 ACPI - ok 15:25:27.0881 1080 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 15:25:27.0959 1080 AcpiPmi - ok 15:25:28.0084 1080 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 15:25:28.0100 1080 adp94xx - ok 15:25:28.0162 1080 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 15:25:28.0178 1080 adpahci - ok 15:25:28.0209 1080 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 15:25:28.0209 1080 adpu320 - ok 15:25:28.0349 1080 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys 15:25:28.0412 1080 AFD - ok 15:25:28.0427 1080 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 15:25:28.0443 1080 agp440 - ok 15:25:28.0521 1080 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 15:25:28.0537 1080 aic78xx - ok 15:25:28.0630 1080 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 15:25:28.0630 1080 aliide - ok 15:25:28.0677 1080 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 15:25:28.0693 1080 amdagp - ok 15:25:28.0739 1080 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 15:25:28.0739 1080 amdide - ok 15:25:28.0817 1080 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 15:25:28.0864 1080 AmdK8 - ok 15:25:28.0895 1080 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 15:25:28.0942 1080 AmdPPM - ok 15:25:29.0051 1080 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys 15:25:29.0051 1080 amdsata - ok 15:25:29.0083 1080 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 15:25:29.0098 1080 amdsbs - ok 15:25:29.0145 1080 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys 15:25:29.0161 1080 amdxata - ok 15:25:29.0239 1080 ApfiltrService (e8a8e6072cb7e2032e85e7735daa511f) C:\Windows\system32\DRIVERS\Apfiltr.sys 15:25:29.0254 1080 ApfiltrService - ok 15:25:29.0317 1080 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 15:25:29.0441 1080 AppID - ok 15:25:29.0691 1080 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 15:25:29.0707 1080 arc - ok 15:25:29.0722 1080 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 15:25:29.0722 1080 arcsas - ok 15:25:29.0800 1080 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 15:25:29.0925 1080 AsyncMac - ok 15:25:30.0081 1080 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 15:25:30.0081 1080 atapi - ok 15:25:30.0253 1080 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 15:25:30.0331 1080 b06bdrv - ok 15:25:30.0440 1080 b57nd60x (958438198ed140c6eb6348cf8a35b36c) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:25:30.0455 1080 b57nd60x - ok 15:25:30.0565 1080 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys 15:25:30.0565 1080 BCM42RLY - ok 15:25:30.0705 1080 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys 15:25:30.0830 1080 BCM43XX - ok 15:25:31.0001 1080 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 15:25:31.0048 1080 Beep - ok 15:25:31.0173 1080 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 15:25:31.0220 1080 blbdrive - ok 15:25:31.0282 1080 Blfp (8b9f91def5dbfb4f9b700db51e0d00cc) C:\Windows\system32\DRIVERS\basp.sys 15:25:31.0345 1080 Blfp - ok 15:25:31.0547 1080 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys 15:25:31.0594 1080 bowser - ok 15:25:31.0672 1080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:25:31.0703 1080 BrFiltLo - ok 15:25:31.0735 1080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:25:31.0781 1080 BrFiltUp - ok 15:25:31.0906 1080 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys 15:25:31.0969 1080 BridgeMP - ok 15:25:32.0109 1080 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 15:25:32.0156 1080 Brserid - ok 15:25:32.0187 1080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 15:25:32.0234 1080 BrSerWdm - ok 15:25:32.0296 1080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:25:32.0343 1080 BrUsbMdm - ok 15:25:32.0359 1080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 15:25:32.0390 1080 BrUsbSer - ok 15:25:32.0421 1080 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 15:25:32.0452 1080 BTHMODEM - ok 15:25:32.0608 1080 catchme - ok 15:25:32.0764 1080 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 15:25:32.0811 1080 cdfs - ok 15:25:32.0920 1080 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 15:25:32.0951 1080 cdrom - ok 15:25:33.0076 1080 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 15:25:33.0217 1080 circlass - ok 15:25:33.0295 1080 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 15:25:33.0310 1080 CLFS - ok 15:25:33.0482 1080 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 15:25:33.0513 1080 CmBatt - ok 15:25:33.0575 1080 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 15:25:33.0575 1080 cmdide - ok 15:25:33.0653 1080 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 15:25:33.0700 1080 CNG - ok 15:25:33.0809 1080 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 15:25:33.0809 1080 Compbatt - ok 15:25:33.0856 1080 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:25:33.0887 1080 CompositeBus - ok 15:25:33.0919 1080 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 15:25:33.0934 1080 crcdisk - ok 15:25:34.0028 1080 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 15:25:34.0090 1080 CSC - ok 15:25:34.0168 1080 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys 15:25:34.0199 1080 DfsC - ok 15:25:34.0262 1080 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 15:25:34.0309 1080 discache - ok 15:25:34.0402 1080 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 15:25:34.0402 1080 Disk - ok 15:25:34.0480 1080 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 15:25:34.0511 1080 drmkaud - ok 15:25:34.0574 1080 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 15:25:34.0605 1080 DXGKrnl - ok 15:25:34.0730 1080 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 15:25:34.0901 1080 ebdrv - ok 15:25:34.0979 1080 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 15:25:35.0011 1080 elxstor - ok 15:25:35.0057 1080 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 15:25:35.0089 1080 ErrDev - ok 15:25:35.0151 1080 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 15:25:35.0182 1080 exfat - ok 15:25:35.0245 1080 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 15:25:35.0291 1080 fastfat - ok 15:25:35.0385 1080 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 15:25:35.0416 1080 fdc - ok 15:25:35.0463 1080 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 15:25:35.0463 1080 FileInfo - ok 15:25:35.0494 1080 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 15:25:35.0572 1080 Filetrace - ok 15:25:35.0603 1080 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 15:25:35.0635 1080 flpydisk - ok 15:25:35.0713 1080 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 15:25:35.0728 1080 FltMgr - ok 15:25:35.0791 1080 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 15:25:35.0806 1080 FsDepends - ok 15:25:35.0884 1080 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 15:25:35.0884 1080 Fs_Rec - ok 15:25:35.0947 1080 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 15:25:35.0962 1080 fvevol - ok 15:25:36.0040 1080 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:25:36.0056 1080 gagp30kx - ok 15:25:36.0149 1080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:25:36.0149 1080 GEARAspiWDM - ok 15:25:36.0259 1080 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 15:25:36.0305 1080 hcw85cir - ok 15:25:36.0368 1080 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:25:36.0399 1080 HDAudBus - ok 15:25:36.0430 1080 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys 15:25:36.0493 1080 HECI - ok 15:25:36.0539 1080 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 15:25:36.0539 1080 HidBatt - ok 15:25:36.0586 1080 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 15:25:36.0617 1080 HidBth - ok 15:25:36.0649 1080 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 15:25:36.0680 1080 HidIr - ok 15:25:36.0836 1080 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 15:25:36.0898 1080 HidUsb - ok 15:25:36.0976 1080 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:25:36.0992 1080 HpSAMD - ok 15:25:37.0070 1080 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 15:25:37.0132 1080 HTTP - ok 15:25:37.0179 1080 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 15:25:37.0179 1080 hwpolicy - ok 15:25:37.0241 1080 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 15:25:37.0288 1080 i8042prt - ok 15:25:37.0366 1080 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 15:25:37.0382 1080 iaStor - ok 15:25:37.0475 1080 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys 15:25:37.0491 1080 iaStorV - ok 15:25:37.0725 1080 igfx (c5589781f75de0bfb26e221649c80d00) C:\Windows\system32\DRIVERS\igdkmd32.sys 15:25:38.0021 1080 igfx - ok 15:25:38.0131 1080 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 15:25:38.0131 1080 iirsp - ok 15:25:38.0162 1080 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys 15:25:38.0224 1080 Impcd - ok 15:25:38.0287 1080 IntcDAud (af6d1e38bce11daba4c01d6a6de94410) C:\Windows\system32\DRIVERS\IntcDAud.sys 15:25:38.0349 1080 IntcDAud - ok 15:25:38.0380 1080 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 15:25:38.0380 1080 intelide - ok 15:25:38.0489 1080 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 15:25:38.0552 1080 intelppm - ok 15:25:38.0614 1080 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:25:38.0661 1080 IpFilterDriver - ok 15:25:38.0708 1080 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:25:38.0739 1080 IPMIDRV - ok 15:25:38.0801 1080 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 15:25:38.0848 1080 IPNAT - ok 15:25:38.0879 1080 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 15:25:38.0957 1080 IRENUM - ok 15:25:39.0020 1080 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 15:25:39.0020 1080 isapnp - ok 15:25:39.0067 1080 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 15:25:39.0082 1080 iScsiPrt - ok 15:25:39.0176 1080 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:25:39.0176 1080 kbdclass - ok 15:25:39.0269 1080 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 15:25:39.0301 1080 kbdhid - ok 15:25:39.0363 1080 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 15:25:39.0379 1080 KSecDD - ok 15:25:39.0425 1080 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 15:25:39.0425 1080 KSecPkg - ok 15:25:39.0550 1080 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 15:25:39.0613 1080 lltdio - ok 15:25:39.0737 1080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:25:39.0753 1080 LSI_FC - ok 15:25:39.0784 1080 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:25:39.0800 1080 LSI_SAS - ok 15:25:39.0847 1080 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:25:39.0862 1080 LSI_SAS2 - ok 15:25:39.0878 1080 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:25:39.0893 1080 LSI_SCSI - ok 15:25:39.0987 1080 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 15:25:40.0049 1080 luafv - ok 15:25:40.0205 1080 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 15:25:40.0205 1080 megasas - ok 15:25:40.0299 1080 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 15:25:40.0315 1080 MegaSR - ok 15:25:40.0471 1080 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 15:25:40.0533 1080 Modem - ok 15:25:40.0627 1080 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 15:25:40.0658 1080 monitor - ok 15:25:40.0751 1080 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 15:25:40.0751 1080 mouclass - ok 15:25:40.0829 1080 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 15:25:40.0861 1080 mouhid - ok 15:25:40.0923 1080 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 15:25:40.0923 1080 mountmgr - ok 15:25:41.0048 1080 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys 15:25:41.0063 1080 MpFilter - ok 15:25:41.0141 1080 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 15:25:41.0157 1080 mpio - ok 15:25:41.0313 1080 MpKsl09281dd6 - ok 15:25:41.0375 1080 MpKsl1421d255 - ok 15:25:41.0469 1080 MpKsl16e26d17 - ok 15:25:41.0469 1080 MpKsl1b82f2a0 - ok 15:25:41.0563 1080 MpKsl37e0fe2b - ok 15:25:41.0594 1080 MpKsl6dc19cc6 - ok 15:25:41.0609 1080 MpKsl72bb9f19 - ok 15:25:41.0656 1080 MpKsla7f0cc5e - ok 15:25:41.0781 1080 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys 15:25:41.0781 1080 MpNWMon - ok 15:25:41.0843 1080 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 15:25:42.0015 1080 mpsdrv - ok 15:25:42.0109 1080 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 15:25:42.0140 1080 MRxDAV - ok 15:25:42.0218 1080 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:25:42.0265 1080 mrxsmb - ok 15:25:42.0311 1080 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:25:42.0343 1080 mrxsmb10 - ok 15:25:42.0389 1080 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:25:42.0389 1080 mrxsmb20 - ok 15:25:42.0436 1080 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys 15:25:42.0452 1080 msahci - ok 15:25:42.0530 1080 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 15:25:42.0545 1080 msdsm - ok 15:25:42.0577 1080 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 15:25:42.0608 1080 Msfs - ok 15:25:42.0639 1080 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 15:25:42.0670 1080 mshidkmdf - ok 15:25:42.0748 1080 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 15:25:42.0764 1080 msisadrv - ok 15:25:42.0842 1080 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 15:25:42.0889 1080 MSKSSRV - ok 15:25:42.0920 1080 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 15:25:42.0967 1080 MSPCLOCK - ok 15:25:43.0013 1080 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 15:25:43.0060 1080 MSPQM - ok 15:25:43.0107 1080 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 15:25:43.0123 1080 MsRPC - ok 15:25:43.0154 1080 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 15:25:43.0169 1080 mssmbios - ok 15:25:43.0232 1080 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 15:25:43.0279 1080 MSTEE - ok 15:25:43.0388 1080 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 15:25:43.0419 1080 MTConfig - ok 15:25:43.0450 1080 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 15:25:43.0450 1080 Mup - ok 15:25:43.0528 1080 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 15:25:43.0575 1080 NativeWifiP - ok 15:25:43.0653 1080 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 15:25:43.0669 1080 NDIS - ok 15:25:43.0762 1080 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 15:25:43.0809 1080 NdisCap - ok 15:25:43.0871 1080 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 15:25:43.0918 1080 NdisTapi - ok 15:25:43.0965 1080 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 15:25:44.0012 1080 Ndisuio - ok 15:25:44.0059 1080 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 15:25:44.0090 1080 NdisWan - ok 15:25:44.0137 1080 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 15:25:44.0168 1080 NDProxy - ok 15:25:44.0246 1080 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 15:25:44.0293 1080 NetBIOS - ok 15:25:44.0339 1080 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 15:25:44.0402 1080 NetBT - ok 15:25:44.0511 1080 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 15:25:44.0511 1080 nfrd960 - ok 15:25:44.0605 1080 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:25:44.0620 1080 NisDrv - ok 15:25:44.0698 1080 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 15:25:44.0745 1080 Npfs - ok 15:25:44.0807 1080 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 15:25:44.0839 1080 nsiproxy - ok 15:25:44.0932 1080 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys 15:25:44.0995 1080 Ntfs - ok 15:25:45.0010 1080 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 15:25:45.0057 1080 Null - ok 15:25:45.0135 1080 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys 15:25:45.0151 1080 nvraid - ok 15:25:45.0182 1080 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys 15:25:45.0197 1080 nvstor - ok 15:25:45.0275 1080 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 15:25:45.0291 1080 nv_agp - ok 15:25:45.0353 1080 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 15:25:45.0400 1080 ohci1394 - ok 15:25:45.0494 1080 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 15:25:45.0541 1080 Parport - ok 15:25:45.0587 1080 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 15:25:45.0587 1080 partmgr - ok 15:25:45.0650 1080 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 15:25:45.0681 1080 Parvdm - ok 15:25:45.0743 1080 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys 15:25:45.0743 1080 PBADRV - ok 15:25:45.0821 1080 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 15:25:45.0837 1080 pci - ok 15:25:45.0853 1080 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 15:25:45.0868 1080 pciide - ok 15:25:45.0931 1080 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 15:25:45.0946 1080 pcmcia - ok 15:25:45.0993 1080 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 15:25:46.0009 1080 pcw - ok 15:25:46.0040 1080 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 15:25:46.0102 1080 PEAUTH - ok 15:25:46.0180 1080 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 15:25:46.0227 1080 PptpMiniport - ok 15:25:46.0274 1080 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 15:25:46.0305 1080 Processor - ok 15:25:46.0399 1080 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 15:25:46.0461 1080 Psched - ok 15:25:46.0508 1080 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 15:25:46.0570 1080 ql2300 - ok 15:25:46.0586 1080 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 15:25:46.0601 1080 ql40xx - ok 15:25:46.0664 1080 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 15:25:46.0664 1080 QWAVEdrv - ok 15:25:46.0695 1080 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 15:25:46.0742 1080 RasAcd - ok 15:25:46.0773 1080 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:25:46.0820 1080 RasAgileVpn - ok 15:25:46.0867 1080 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:25:46.0929 1080 Rasl2tp - ok 15:25:46.0976 1080 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 15:25:47.0038 1080 RasPppoe - ok 15:25:47.0069 1080 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 15:25:47.0101 1080 RasSstp - ok 15:25:47.0132 1080 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 15:25:47.0163 1080 rdbss - ok 15:25:47.0210 1080 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 15:25:47.0257 1080 rdpbus - ok 15:25:47.0303 1080 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:25:47.0335 1080 RDPCDD - ok 15:25:47.0366 1080 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 15:25:47.0428 1080 RDPDR - ok 15:25:47.0537 1080 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 15:25:47.0584 1080 RDPENCDD - ok 15:25:47.0615 1080 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 15:25:47.0662 1080 RDPREFMP - ok 15:25:47.0709 1080 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 15:25:47.0740 1080 RDPWD - ok 15:25:47.0834 1080 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 15:25:47.0834 1080 rdyboost - ok 15:25:47.0896 1080 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys 15:25:47.0943 1080 rimspci - ok 15:25:47.0974 1080 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys 15:25:48.0021 1080 risdpcie - ok 15:25:48.0068 1080 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\Windows\system32\DRIVERS\rixdpe86.sys 15:25:48.0083 1080 rixdpcie - ok 15:25:48.0193 1080 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 15:25:48.0224 1080 rspndr - ok 15:25:48.0271 1080 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 15:25:48.0333 1080 s3cap - ok 15:25:48.0395 1080 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 15:25:48.0395 1080 sbp2port - ok 15:25:48.0489 1080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 15:25:48.0520 1080 scfilter - ok 15:25:48.0629 1080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:25:48.0676 1080 secdrv - ok 15:25:48.0739 1080 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 15:25:48.0754 1080 Serenum - ok 15:25:48.0817 1080 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 15:25:48.0848 1080 Serial - ok 15:25:48.0895 1080 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 15:25:48.0895 1080 sermouse - ok 15:25:48.0957 1080 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 15:25:48.0988 1080 sffdisk - ok 15:25:49.0004 1080 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:25:49.0035 1080 sffp_mmc - ok 15:25:49.0066 1080 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:25:49.0066 1080 sffp_sd - ok 15:25:49.0097 1080 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 15:25:49.0113 1080 sfloppy - ok 15:25:49.0129 1080 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 15:25:49.0144 1080 sisagp - ok 15:25:49.0269 1080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:25:49.0285 1080 SiSRaid2 - ok 15:25:49.0300 1080 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 15:25:49.0316 1080 SiSRaid4 - ok 15:25:49.0378 1080 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 15:25:49.0425 1080 Smb - ok 15:25:49.0831 1080 SNP2STD (ecc9293ffa708e0bb552fe9a84d6a300) C:\Windows\system32\DRIVERS\snp2sxp.sys 15:25:50.0236 1080 SNP2STD - ok 15:25:50.0361 1080 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 15:25:50.0361 1080 spldr - ok 15:25:50.0439 1080 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys 15:25:50.0470 1080 srv - ok 15:25:50.0533 1080 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys 15:25:50.0564 1080 srv2 - ok 15:25:50.0611 1080 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys 15:25:50.0626 1080 srvnet - ok 15:25:50.0767 1080 stdflt (a5b83c8050572622e5c43b5b3326a129) C:\Windows\system32\DRIVERS\stdfltn.sys 15:25:50.0782 1080 stdflt - ok 15:25:50.0845 1080 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 15:25:50.0860 1080 stexstor - ok 15:25:50.0954 1080 STHDA (698e186ac2df982b2d26428428155de1) C:\Windows\system32\DRIVERS\stwrt.sys 15:25:51.0016 1080 STHDA - ok 15:25:51.0063 1080 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 15:25:51.0079 1080 storflt - ok 15:25:51.0094 1080 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 15:25:51.0125 1080 storvsc - ok 15:25:51.0188 1080 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 15:25:51.0203 1080 swenum - ok 15:25:51.0297 1080 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys 15:25:51.0359 1080 Tcpip - ok 15:25:51.0437 1080 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys 15:25:51.0469 1080 TCPIP6 - ok 15:25:51.0531 1080 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 15:25:51.0578 1080 tcpipreg - ok 15:25:51.0593 1080 tcuoowsq - ok 15:25:51.0640 1080 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 15:25:51.0671 1080 TDPIPE - ok 15:25:51.0703 1080 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 15:25:51.0749 1080 TDTCP - ok 15:25:51.0812 1080 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 15:25:51.0874 1080 tdx - ok 15:25:51.0905 1080 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 15:25:51.0905 1080 TermDD - ok 15:25:51.0999 1080 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:25:52.0046 1080 tssecsrv - ok 15:25:52.0108 1080 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 15:25:52.0155 1080 tunnel - ok 15:25:52.0186 1080 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 15:25:52.0186 1080 uagp35 - ok 15:25:52.0264 1080 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys 15:25:52.0295 1080 udfs - ok 15:25:52.0358 1080 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:25:52.0373 1080 uliagpkx - ok 15:25:52.0451 1080 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 15:25:52.0483 1080 umbus - ok 15:25:52.0545 1080 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 15:25:52.0561 1080 UmPass - ok 15:25:52.0623 1080 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 15:25:52.0685 1080 USBAAPL - ok 15:25:52.0810 1080 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 15:25:52.0841 1080 usbaudio - ok 15:25:52.0919 1080 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys 15:25:52.0935 1080 usbccgp - ok 15:25:52.0997 1080 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 15:25:53.0013 1080 usbcir - ok 15:25:53.0060 1080 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys 15:25:53.0075 1080 usbehci - ok 15:25:53.0153 1080 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys 15:25:53.0200 1080 usbhub - ok 15:25:53.0325 1080 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys 15:25:53.0372 1080 usbohci - ok 15:25:53.0497 1080 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 15:25:53.0528 1080 usbprint - ok 15:25:53.0606 1080 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 15:25:53.0637 1080 usbscan - ok 15:25:53.0699 1080 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:25:53.0762 1080 USBSTOR - ok 15:25:53.0871 1080 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys 15:25:53.0887 1080 usbuhci - ok 15:25:53.0949 1080 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys 15:25:53.0965 1080 usb_rndisx - ok 15:25:54.0027 1080 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:25:54.0043 1080 vdrvroot - ok 15:25:54.0058 1080 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 15:25:54.0105 1080 vga - ok 15:25:54.0152 1080 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 15:25:54.0183 1080 VgaSave - ok 15:25:54.0245 1080 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 15:25:54.0261 1080 vhdmp - ok 15:25:54.0355 1080 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 15:25:54.0386 1080 viaagp - ok 15:25:54.0433 1080 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 15:25:54.0464 1080 ViaC7 - ok 15:25:54.0511 1080 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 15:25:54.0526 1080 viaide - ok 15:25:54.0557 1080 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 15:25:54.0573 1080 vmbus - ok 15:25:54.0635 1080 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 15:25:54.0635 1080 VMBusHID - ok 15:25:54.0698 1080 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 15:25:54.0698 1080 volmgr - ok 15:25:54.0729 1080 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 15:25:54.0745 1080 volmgrx - ok 15:25:54.0791 1080 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 15:25:54.0807 1080 volsnap - ok 15:25:54.0885 1080 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 15:25:54.0901 1080 vsmraid - ok 15:25:54.0916 1080 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 15:25:54.0963 1080 vwifibus - ok 15:25:54.0994 1080 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 15:25:55.0010 1080 vwififlt - ok 15:25:55.0072 1080 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 15:25:55.0088 1080 vwifimp - ok 15:25:55.0337 1080 VX6000 (719bac5b5a9c2c1fdf7323fb7e36ca32) C:\Windows\system32\DRIVERS\VX6000Xp.sys 15:25:55.0447 1080 VX6000 - ok 15:25:55.0571 1080 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 15:25:55.0587 1080 WacomPen - ok 15:25:55.0681 1080 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:25:55.0743 1080 WANARP - ok 15:25:55.0743 1080 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:25:55.0774 1080 Wanarpv6 - ok 15:25:55.0930 1080 WavxDMgr (fbf43b275efc98799e76d57e5437edee) C:\Windows\system32\DRIVERS\WavxDMgr.sys 15:25:55.0961 1080 WavxDMgr ( UnsignedFile.Multi.Generic ) - warning 15:25:55.0961 1080 WavxDMgr - detected UnsignedFile.Multi.Generic (1) 15:25:56.0039 1080 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 15:25:56.0055 1080 Wd - ok 15:25:56.0117 1080 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:25:56.0149 1080 Wdf01000 - ok 15:25:56.0227 1080 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 15:25:56.0258 1080 WfpLwf - ok 15:25:56.0305 1080 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 15:25:56.0320 1080 WIMMount - ok 15:25:56.0507 1080 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys 15:25:56.0570 1080 WinUsb - ok 15:25:56.0663 1080 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:25:56.0695 1080 WmiAcpi - ok 15:25:56.0757 1080 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 15:25:56.0819 1080 ws2ifsl - ok 15:25:56.0960 1080 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys 15:25:56.0975 1080 WudfPf - ok 15:25:57.0053 1080 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:25:57.0085 1080 WUDFRd - ok 15:25:57.0256 1080 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0 15:25:57.0287 1080 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 15:25:57.0287 1080 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 15:25:57.0350 1080 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 15:25:57.0350 1080 \Device\Harddisk0\DR0 - detected TDSS File System (1) 15:25:57.0397 1080 Boot (0x1200) (e6770bc84d46a6f735f1749946058e02) \Device\Harddisk0\DR0\Partition0 15:25:57.0412 1080 \Device\Harddisk0\DR0\Partition0 - ok 15:25:57.0428 1080 Boot (0x1200) (48828941207369cc391da89b3c4a78c9) \Device\Harddisk0\DR0\Partition1 15:25:57.0428 1080 \Device\Harddisk0\DR0\Partition1 - ok 15:25:57.0428 1080 ============================================================ 15:25:57.0428 1080 Scan finished 15:25:57.0428 1080 ============================================================ 15:25:57.0475 2760 Detected object count: 3 15:25:57.0475 2760 Actual detected object count: 3 15:26:54.0228 2760 WavxDMgr ( UnsignedFile.Multi.Generic ) - skipped by user 15:26:54.0228 2760 WavxDMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:26:54.0384 2760 \Device\Harddisk0\DR0\# - copied to quarantine 15:26:54.0384 2760 \Device\Harddisk0\DR0 - copied to quarantine 15:26:54.0508 2760 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 15:26:54.0524 2760 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:26:54.0524 2760 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 15:26:54.0555 2760 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 15:26:54.0571 2760 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 15:26:54.0586 2760 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 15:26:54.0633 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 15:26:54.0633 2760 \Device\Harddisk0\DR0 - ok 15:26:54.0696 2760 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 15:26:54.0696 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 15:26:54.0696 2760 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 15:26:58.0767 3692 Deinitialize success
  15. Hi, I have performed several of the steps, but since ARK may take 'infinite' time, I will have to perform it later as I will be unable to keep a laptop plugged in. I will try to have it done tonight when I am settled, but should definitely respond with all the logs tomorrow. Thanks for the help thus far, the scans so far have detected and eliminated some rootkits.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.