Jump to content

Recommended Posts

Hey there

I'm kind of a novice when it comes to computer skills and I have an infection I cant shake. I have ESET 4 and it detects the Win32/Olmarik trojans but can't clean them. Followed all the directions thus far in the "I'm infected What do I do now?" and still ESET detects the same corrupted files but can't clean them. Thanks a lot in advance. I've attached my one log (zipped) as instructed and will paste my other log below. Let me know what I did right, wrong, and what to do next. Again, thank you guys.

zbad2000

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26

Run by Brian at 20:48:48 on 2012-01-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1914.865 [GMT -5:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

C:\Windows\RtkAudioService.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Windows\Explorer.EXE

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Eula.exe

C:\Program Files\Windows Media Player\setup_wm.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?o=101760&l=dis

uDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08

mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Aim6]

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [smartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup

mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1

mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"

mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"

mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"

mRun: [skytel] Skytel.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi.lnk - c:\ddi\AOLICON.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\infocu~1.lnk - c:\program files\infocus\displaylink manager\InFocusDisplayLinkManagerSetup.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2BEEDDE3-9D19-4856-BC49-7AC5C8321FD5} : DhcpNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\z57s78nq.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - espn.com

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=

FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\brian\appdata\roaming\mozilla\firefox\profiles\z57s78nq.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\users\brian\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll

FF - plugin: c:\users\brian\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\brian\appdata\roaming\move networks\plugins\npqmp071705000014.dll

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-12-14 13424]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]

R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2009-4-6 447848]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-31 652872]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-1 104992]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-8-21 104960]

R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-1 411488]

R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-7 24652]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-8-21 17408]

R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-12-14 367728]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-31 20464]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-1 9344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2009-4-6 20992]

S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-21 103712]

S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-21 353568]

S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-21 62752]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-21 337184]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-21 83232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-01-01 16:21:00 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{da5502df-d77f-4eed-8bb1-79dc3533b569}\offreg.dll

2012-01-01 00:18:57 -------- d-----w- c:\users\brian\appdata\roaming\Malwarebytes

2012-01-01 00:18:45 -------- d-----w- c:\programdata\Malwarebytes

2012-01-01 00:18:43 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-01 00:18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-31 21:13:04 -------- d-----w- c:\program files\PC Tools

2011-12-31 21:08:06 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-12-31 21:08:04 -------- d-----w- c:\program files\common files\PC Tools

2011-12-31 21:06:51 -------- d-----w- c:\programdata\PC Tools

2011-12-31 21:06:50 -------- d-----w- c:\users\brian\appdata\roaming\TestApp

2011-12-31 06:25:56 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{da5502df-d77f-4eed-8bb1-79dc3533b569}\mpengine.dll

2011-12-26 04:54:47 -------- d-----w- c:\windows\Intuit

2011-12-15 00:08:32 -------- d-----w- c:\users\brian\appdata\local\InFocus_Corporation

2011-12-15 00:06:38 -------- d-----w- c:\program files\InFocus

2011-12-15 00:06:24 -------- d--h--w- c:\program files\DisplayLink InFocus Support

2011-12-15 00:05:54 367728 ----a-w- c:\windows\system32\drivers\dlkmd.sys

2011-12-15 00:05:53 13424 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys

2011-12-15 00:05:00 -------- d-----w- c:\program files\DisplayLink Core Software

2011-12-14 02:29:59 71680 ----a-w- c:\windows\system32\iesetup.dll

2011-12-14 02:28:48 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-08 23:05:05 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.

==================== Find3M ====================

.

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll

.

============= FINISH: 20:50:48.66 ===============

Link to post
Share on other sites

Hello zbad2000 and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Next,

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

NOTE: The Avast! scan is not necessary ;).

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • MBRCheck report
  • aswMBR log & MBR.dat zip file
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites

No worries. I thought your response was pretty prompt. Anyway, I'm just happy to get your help with this so its good to have this in your hands. So I followed all the directions and the computer is so much faster now, thank you. It's not up to the regular speed at which it was running before all the nastiness of the virus hit, but it is significantly better. None of the Windows host processes have been sporadically shutting down, so thats a marked improvement. :) So anyway, here are the logs:

16:54:05.0196 2940 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

16:54:05.0711 2940 ============================================================

16:54:05.0711 2940 Current date / time: 2012/01/03 16:54:05.0711

16:54:05.0711 2940 SystemInfo:

16:54:05.0711 2940

16:54:05.0712 2940 OS Version: 6.0.6002 ServicePack: 2.0

16:54:05.0712 2940 Product type: Workstation

16:54:05.0712 2940 ComputerName: BRIANS-VAIO

16:54:05.0712 2940 UserName: Brian

16:54:05.0712 2940 Windows directory: C:\Windows

16:54:05.0712 2940 System windows directory: C:\Windows

16:54:05.0712 2940 Processor architecture: Intel x86

16:54:05.0712 2940 Number of processors: 2

16:54:05.0712 2940 Page size: 0x1000

16:54:05.0712 2940 Boot type: Normal boot

16:54:05.0712 2940 ============================================================

16:54:07.0249 2940 Initialize success

16:54:11.0698 0536 ============================================================

16:54:11.0698 0536 Scan started

16:54:11.0698 0536 Mode: Manual;

16:54:11.0698 0536 ============================================================

16:54:14.0059 0536 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

16:54:14.0074 0536 ACPI - ok

16:54:14.0207 0536 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

16:54:14.0274 0536 adp94xx - ok

16:54:14.0390 0536 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

16:54:14.0436 0536 adpahci - ok

16:54:14.0508 0536 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

16:54:14.0544 0536 adpu160m - ok

16:54:14.0616 0536 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

16:54:14.0651 0536 adpu320 - ok

16:54:14.0807 0536 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

16:54:14.0861 0536 AFD - ok

16:54:14.0944 0536 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

16:54:14.0994 0536 agp440 - ok

16:54:15.0109 0536 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

16:54:15.0156 0536 aic78xx - ok

16:54:15.0219 0536 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

16:54:15.0263 0536 aliide - ok

16:54:15.0341 0536 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

16:54:15.0434 0536 amdagp - ok

16:54:15.0497 0536 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

16:54:15.0541 0536 amdide - ok

16:54:15.0631 0536 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

16:54:15.0674 0536 AmdK7 - ok

16:54:15.0695 0536 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

16:54:15.0746 0536 AmdK8 - ok

16:54:15.0885 0536 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

16:54:15.0930 0536 arc - ok

16:54:16.0031 0536 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

16:54:16.0076 0536 arcsas - ok

16:54:16.0150 0536 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

16:54:16.0193 0536 ArcSoftKsUFilter - ok

16:54:16.0298 0536 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

16:54:16.0341 0536 AsyncMac - ok

16:54:16.0445 0536 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

16:54:16.0492 0536 atapi - ok

16:54:16.0619 0536 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys

16:54:16.0687 0536 athr - ok

16:54:16.0857 0536 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

16:54:16.0903 0536 Beep - ok

16:54:16.0985 0536 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

16:54:17.0075 0536 blbdrive - ok

16:54:17.0124 0536 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

16:54:17.0204 0536 bowser - ok

16:54:17.0343 0536 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

16:54:17.0349 0536 BrFiltLo - ok

16:54:17.0381 0536 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

16:54:17.0388 0536 BrFiltUp - ok

16:54:17.0470 0536 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

16:54:17.0478 0536 Brserid - ok

16:54:17.0591 0536 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

16:54:17.0597 0536 BrSerWdm - ok

16:54:17.0625 0536 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

16:54:17.0631 0536 BrUsbMdm - ok

16:54:17.0659 0536 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

16:54:17.0665 0536 BrUsbSer - ok

16:54:17.0815 0536 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

16:54:17.0874 0536 BTHMODEM - ok

16:54:18.0000 0536 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

16:54:18.0048 0536 cdfs - ok

16:54:18.0169 0536 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

16:54:18.0240 0536 cdrom - ok

16:54:18.0294 0536 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

16:54:18.0376 0536 circlass - ok

16:54:18.0441 0536 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

16:54:18.0455 0536 CLFS - ok

16:54:18.0615 0536 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

16:54:18.0620 0536 CmBatt - ok

16:54:18.0648 0536 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

16:54:18.0692 0536 cmdide - ok

16:54:18.0769 0536 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

16:54:18.0777 0536 Compbatt - ok

16:54:18.0915 0536 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

16:54:18.0974 0536 crcdisk - ok

16:54:19.0000 0536 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

16:54:19.0023 0536 Crusoe - ok

16:54:19.0183 0536 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

16:54:19.0226 0536 DfsC - ok

16:54:19.0413 0536 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

16:54:19.0458 0536 disk - ok

16:54:19.0643 0536 DisplayLinkUsbPort (ff89f759d42e3a0e44a123e45827b20b) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort.sys

16:54:19.0649 0536 DisplayLinkUsbPort - ok

16:54:19.0704 0536 dlkmd (8848d551df911702b242bcaf4fb63731) C:\Windows\system32\drivers\dlkmd.sys

16:54:19.0757 0536 dlkmd - ok

16:54:19.0918 0536 dlkmdldr (01f34117bed8865b5dac7f3f4c99e3ab) C:\Windows\system32\drivers\dlkmdldr.sys

16:54:19.0960 0536 dlkmdldr - ok

16:54:20.0037 0536 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys

16:54:20.0079 0536 DMICall - ok

16:54:20.0256 0536 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

16:54:20.0298 0536 drmkaud - ok

16:54:20.0375 0536 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

16:54:20.0391 0536 DXGKrnl - ok

16:54:20.0511 0536 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

16:54:20.0521 0536 E1G60 - ok

16:54:20.0568 0536 eamon - ok

16:54:20.0623 0536 eamonm (bf14fbabd52e9522456d3a2f6e7e76e4) C:\Windows\system32\DRIVERS\eamonm.sys

16:54:20.0632 0536 eamonm - ok

16:54:20.0788 0536 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

16:54:20.0798 0536 Ecache - ok

16:54:20.0877 0536 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\Windows\system32\DRIVERS\ehdrv.sys

16:54:20.0932 0536 ehdrv - ok

16:54:21.0112 0536 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

16:54:21.0161 0536 elxstor - ok

16:54:21.0219 0536 epfwwfpr (96f9030ca15a8d2e8d44e53c1f0e842d) C:\Windows\system32\DRIVERS\epfwwfpr.sys

16:54:21.0265 0536 epfwwfpr - ok

16:54:21.0398 0536 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

16:54:21.0439 0536 ErrDev - ok

16:54:21.0522 0536 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

16:54:21.0611 0536 exfat - ok

16:54:21.0721 0536 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

16:54:21.0767 0536 fastfat - ok

16:54:21.0904 0536 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

16:54:21.0984 0536 fdc - ok

16:54:22.0094 0536 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

16:54:22.0174 0536 FileInfo - ok

16:54:22.0236 0536 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

16:54:22.0279 0536 Filetrace - ok

16:54:22.0311 0536 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

16:54:22.0352 0536 flpydisk - ok

16:54:22.0422 0536 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

16:54:22.0506 0536 FltMgr - ok

16:54:22.0608 0536 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

16:54:22.0650 0536 Fs_Rec - ok

16:54:22.0726 0536 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

16:54:22.0770 0536 gagp30kx - ok

16:54:22.0859 0536 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

16:54:22.0871 0536 HdAudAddService - ok

16:54:22.0965 0536 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:54:22.0977 0536 HDAudBus - ok

16:54:23.0073 0536 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

16:54:23.0116 0536 HidBth - ok

16:54:23.0150 0536 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

16:54:23.0211 0536 HidIr - ok

16:54:23.0309 0536 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

16:54:23.0351 0536 HidUsb - ok

16:54:23.0423 0536 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

16:54:23.0502 0536 HpCISSs - ok

16:54:23.0663 0536 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

16:54:23.0746 0536 HSFHWAZL - ok

16:54:23.0846 0536 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys

16:54:23.0947 0536 HSF_DPV - ok

16:54:24.0098 0536 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

16:54:24.0108 0536 HSXHWAZL - ok

16:54:24.0182 0536 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

16:54:24.0235 0536 HTTP - ok

16:54:24.0327 0536 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

16:54:24.0409 0536 i2omp - ok

16:54:24.0504 0536 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

16:54:24.0549 0536 i8042prt - ok

16:54:24.0701 0536 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys

16:54:24.0705 0536 iaStor - ok

16:54:24.0767 0536 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

16:54:24.0779 0536 iaStorV - ok

16:54:24.0957 0536 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys

16:54:25.0071 0536 igfx - ok

16:54:25.0181 0536 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

16:54:25.0225 0536 iirsp - ok

16:54:25.0385 0536 IntcAzAudAddService (4a0f260df9a5333c07f4ab40ca9d4f4b) C:\Windows\system32\drivers\RTKVHDA.sys

16:54:25.0511 0536 IntcAzAudAddService - ok

16:54:25.0659 0536 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

16:54:25.0701 0536 intelide - ok

16:54:25.0729 0536 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

16:54:25.0732 0536 intelppm - ok

16:54:25.0834 0536 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:54:25.0877 0536 IpFilterDriver - ok

16:54:25.0916 0536 IpInIp - ok

16:54:25.0993 0536 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

16:54:26.0074 0536 IPMIDRV - ok

16:54:26.0102 0536 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

16:54:26.0126 0536 IPNAT - ok

16:54:26.0160 0536 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

16:54:26.0181 0536 IRENUM - ok

16:54:26.0245 0536 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

16:54:26.0278 0536 isapnp - ok

16:54:26.0349 0536 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

16:54:26.0382 0536 iScsiPrt - ok

16:54:26.0444 0536 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

16:54:26.0523 0536 iteatapi - ok

16:54:26.0614 0536 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

16:54:26.0693 0536 iteraid - ok

16:54:26.0801 0536 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

16:54:26.0881 0536 kbdclass - ok

16:54:26.0933 0536 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

16:54:26.0976 0536 kbdhid - ok

16:54:27.0038 0536 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

16:54:27.0064 0536 KSecDD - ok

16:54:27.0199 0536 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

16:54:27.0240 0536 lltdio - ok

16:54:27.0286 0536 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

16:54:27.0336 0536 LSI_FC - ok

16:54:27.0368 0536 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

16:54:27.0437 0536 LSI_SAS - ok

16:54:27.0548 0536 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

16:54:27.0595 0536 LSI_SCSI - ok

16:54:27.0633 0536 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

16:54:27.0677 0536 luafv - ok

16:54:27.0813 0536 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

16:54:27.0821 0536 MBAMProtector - ok

16:54:27.0915 0536 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

16:54:27.0921 0536 mdmxsdk - ok

16:54:28.0053 0536 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

16:54:28.0104 0536 megasas - ok

16:54:28.0144 0536 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

16:54:28.0196 0536 MegaSR - ok

16:54:28.0343 0536 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

16:54:28.0385 0536 Modem - ok

16:54:28.0410 0536 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

16:54:28.0411 0536 monitor - ok

16:54:28.0448 0536 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

16:54:28.0493 0536 mouclass - ok

16:54:28.0534 0536 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

16:54:28.0575 0536 mouhid - ok

16:54:28.0706 0536 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

16:54:28.0749 0536 MountMgr - ok

16:54:28.0845 0536 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

16:54:28.0890 0536 mpio - ok

16:54:28.0980 0536 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

16:54:29.0101 0536 mpsdrv - ok

16:54:29.0205 0536 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

16:54:29.0248 0536 Mraid35x - ok

16:54:29.0338 0536 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

16:54:29.0391 0536 MRxDAV - ok

16:54:29.0474 0536 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:54:29.0518 0536 mrxsmb - ok

16:54:29.0622 0536 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:54:29.0683 0536 mrxsmb10 - ok

16:54:29.0766 0536 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:54:29.0811 0536 mrxsmb20 - ok

16:54:29.0963 0536 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

16:54:30.0005 0536 msahci - ok

16:54:30.0057 0536 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

16:54:30.0105 0536 msdsm - ok

16:54:30.0226 0536 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

16:54:30.0269 0536 Msfs - ok

16:54:30.0357 0536 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

16:54:30.0400 0536 msisadrv - ok

16:54:30.0537 0536 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

16:54:30.0580 0536 MSKSSRV - ok

16:54:30.0631 0536 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

16:54:30.0647 0536 MSPCLOCK - ok

16:54:30.0732 0536 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

16:54:30.0737 0536 MSPQM - ok

16:54:30.0807 0536 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

16:54:30.0816 0536 MsRPC - ok

16:54:30.0900 0536 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

16:54:30.0902 0536 mssmbios - ok

16:54:30.0938 0536 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

16:54:30.0980 0536 MSTEE - ok

16:54:31.0018 0536 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

16:54:31.0062 0536 Mup - ok

16:54:31.0156 0536 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

16:54:31.0185 0536 NativeWifiP - ok

16:54:31.0296 0536 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

16:54:31.0310 0536 NDIS - ok

16:54:31.0405 0536 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

16:54:31.0411 0536 NdisTapi - ok

16:54:31.0475 0536 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

16:54:31.0516 0536 Ndisuio - ok

16:54:31.0642 0536 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:54:31.0706 0536 NdisWan - ok

16:54:31.0782 0536 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

16:54:31.0862 0536 NDProxy - ok

16:54:31.0977 0536 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

16:54:32.0049 0536 NetBIOS - ok

16:54:32.0134 0536 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

16:54:32.0186 0536 netbt - ok

16:54:32.0316 0536 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

16:54:32.0340 0536 nfrd960 - ok

16:54:32.0439 0536 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

16:54:32.0465 0536 Npfs - ok

16:54:32.0564 0536 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

16:54:32.0586 0536 nsiproxy - ok

16:54:32.0705 0536 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

16:54:32.0747 0536 Ntfs - ok

16:54:32.0872 0536 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

16:54:32.0915 0536 ntrigdigi - ok

16:54:33.0011 0536 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

16:54:33.0043 0536 Null - ok

16:54:33.0079 0536 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

16:54:33.0139 0536 nvraid - ok

16:54:33.0183 0536 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

16:54:33.0210 0536 nvstor - ok

16:54:33.0340 0536 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

16:54:33.0402 0536 nv_agp - ok

16:54:33.0434 0536 NwlnkFlt - ok

16:54:33.0455 0536 NwlnkFwd - ok

16:54:33.0612 0536 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

16:54:33.0615 0536 ohci1394 - ok

16:54:33.0748 0536 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

16:54:33.0799 0536 Parport - ok

16:54:33.0900 0536 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

16:54:33.0944 0536 partmgr - ok

16:54:33.0994 0536 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

16:54:34.0026 0536 Parvdm - ok

16:54:34.0131 0536 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

16:54:34.0189 0536 pci - ok

16:54:34.0248 0536 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

16:54:34.0269 0536 pciide - ok

16:54:34.0373 0536 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

16:54:34.0438 0536 pcmcia - ok

16:54:34.0583 0536 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

16:54:34.0611 0536 PEAUTH - ok

16:54:34.0840 0536 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

16:54:34.0879 0536 PptpMiniport - ok

16:54:34.0929 0536 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

16:54:34.0963 0536 Processor - ok

16:54:35.0052 0536 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

16:54:35.0056 0536 PSched - ok

16:54:35.0195 0536 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

16:54:35.0246 0536 PxHelp20 - ok

16:54:35.0456 0536 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

16:54:35.0589 0536 ql2300 - ok

16:54:35.0731 0536 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

16:54:35.0775 0536 ql40xx - ok

16:54:35.0892 0536 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

16:54:35.0924 0536 QWAVEdrv - ok

16:54:36.0013 0536 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

16:54:36.0054 0536 RasAcd - ok

16:54:36.0177 0536 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:54:36.0271 0536 Rasl2tp - ok

16:54:36.0385 0536 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

16:54:36.0411 0536 RasPppoe - ok

16:54:36.0517 0536 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

16:54:36.0540 0536 RasSstp - ok

16:54:36.0664 0536 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

16:54:36.0674 0536 rdbss - ok

16:54:36.0796 0536 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:54:36.0820 0536 RDPCDD - ok

16:54:36.0954 0536 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

16:54:36.0957 0536 rdpdr - ok

16:54:37.0035 0536 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

16:54:37.0063 0536 RDPENCDD - ok

16:54:37.0152 0536 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

16:54:37.0190 0536 RDPWD - ok

16:54:37.0269 0536 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

16:54:37.0273 0536 regi - ok

16:54:37.0344 0536 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys

16:54:37.0346 0536 rimsptsk - ok

16:54:37.0452 0536 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys

16:54:37.0453 0536 risdptsk - ok

16:54:37.0524 0536 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

16:54:37.0549 0536 rspndr - ok

16:54:37.0717 0536 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

16:54:37.0749 0536 sbp2port - ok

16:54:37.0879 0536 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

16:54:37.0936 0536 sdbus - ok

16:54:37.0986 0536 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

16:54:38.0024 0536 secdrv - ok

16:54:38.0115 0536 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

16:54:38.0139 0536 Serenum - ok

16:54:38.0214 0536 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

16:54:38.0248 0536 Serial - ok

16:54:38.0288 0536 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

16:54:38.0341 0536 sermouse - ok

16:54:38.0491 0536 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys

16:54:38.0507 0536 SFEP - ok

16:54:38.0688 0536 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

16:54:38.0729 0536 sffdisk - ok

16:54:38.0773 0536 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

16:54:38.0796 0536 sffp_mmc - ok

16:54:38.0915 0536 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

16:54:38.0946 0536 sffp_sd - ok

16:54:39.0003 0536 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

16:54:39.0048 0536 sfloppy - ok

16:54:39.0130 0536 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

16:54:39.0185 0536 sisagp - ok

16:54:39.0248 0536 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

16:54:39.0276 0536 SiSRaid2 - ok

16:54:39.0318 0536 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

16:54:39.0366 0536 SiSRaid4 - ok

16:54:39.0433 0536 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

16:54:39.0471 0536 Smb - ok

16:54:39.0649 0536 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

16:54:39.0682 0536 spldr - ok

16:54:39.0790 0536 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

16:54:39.0873 0536 srv - ok

16:54:40.0017 0536 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

16:54:40.0053 0536 srv2 - ok

16:54:40.0142 0536 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

16:54:40.0178 0536 srvnet - ok

16:54:40.0351 0536 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

16:54:40.0374 0536 StillCam - ok

16:54:40.0517 0536 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

16:54:40.0526 0536 swenum - ok

16:54:40.0638 0536 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

16:54:40.0670 0536 Symc8xx - ok

16:54:40.0761 0536 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

16:54:40.0789 0536 Sym_hi - ok

16:54:40.0843 0536 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

16:54:40.0875 0536 Sym_u3 - ok

16:54:41.0023 0536 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys

16:54:41.0049 0536 SynTP - ok

16:54:41.0203 0536 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

16:54:41.0360 0536 Tcpip - ok

16:54:41.0581 0536 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

16:54:41.0589 0536 Tcpip6 - ok

16:54:41.0687 0536 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

16:54:41.0715 0536 tcpipreg - ok

16:54:41.0777 0536 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

16:54:41.0811 0536 TDPIPE - ok

16:54:41.0877 0536 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

16:54:41.0930 0536 TDTCP - ok

16:54:42.0065 0536 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

16:54:42.0094 0536 tdx - ok

16:54:42.0160 0536 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

16:54:42.0193 0536 TermDD - ok

16:54:42.0443 0536 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:54:42.0470 0536 tssecsrv - ok

16:54:42.0589 0536 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

16:54:42.0615 0536 tunmp - ok

16:54:42.0678 0536 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

16:54:42.0737 0536 tunnel - ok

16:54:42.0783 0536 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

16:54:42.0817 0536 uagp35 - ok

16:54:42.0877 0536 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

16:54:42.0924 0536 udfs - ok

16:54:43.0037 0536 UIUSys - ok

16:54:43.0092 0536 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

16:54:43.0136 0536 uliagpkx - ok

16:54:43.0232 0536 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

16:54:43.0322 0536 uliahci - ok

16:54:43.0439 0536 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

16:54:43.0493 0536 UlSata - ok

16:54:43.0560 0536 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

16:54:43.0589 0536 ulsata2 - ok

16:54:43.0630 0536 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

16:54:43.0634 0536 umbus - ok

16:54:43.0773 0536 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

16:54:43.0824 0536 usbccgp - ok

16:54:43.0883 0536 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

16:54:43.0886 0536 usbcir - ok

16:54:44.0040 0536 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

16:54:44.0083 0536 usbehci - ok

16:54:44.0185 0536 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

16:54:44.0233 0536 usbhub - ok

16:54:44.0296 0536 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

16:54:44.0354 0536 usbohci - ok

16:54:44.0455 0536 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

16:54:44.0497 0536 usbprint - ok

16:54:44.0584 0536 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:54:44.0638 0536 USBSTOR - ok

16:54:44.0704 0536 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

16:54:44.0747 0536 usbuhci - ok

16:54:44.0847 0536 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

16:54:44.0866 0536 usbvideo - ok

16:54:45.0049 0536 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

16:54:45.0091 0536 vga - ok

16:54:45.0177 0536 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

16:54:45.0311 0536 VgaSave - ok

16:54:45.0389 0536 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

16:54:45.0414 0536 viaagp - ok

16:54:45.0456 0536 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

16:54:45.0481 0536 ViaC7 - ok

16:54:45.0531 0536 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

16:54:45.0532 0536 viaide - ok

16:54:45.0648 0536 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

16:54:45.0700 0536 volmgr - ok

16:54:45.0847 0536 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

16:54:45.0888 0536 volmgrx - ok

16:54:46.0061 0536 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

16:54:46.0120 0536 volsnap - ok

16:54:46.0234 0536 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

16:54:46.0308 0536 vsmraid - ok

16:54:47.0032 0536 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

16:54:47.0082 0536 WacomPen - ok

16:54:47.0192 0536 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:54:47.0274 0536 Wanarp - ok

16:54:47.0382 0536 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

16:54:47.0384 0536 Wanarpv6 - ok

16:54:47.0525 0536 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

16:54:47.0568 0536 Wd - ok

16:54:47.0617 0536 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

16:54:47.0709 0536 Wdf01000 - ok

16:54:47.0902 0536 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys

16:54:47.0918 0536 WimFltr - ok

16:54:48.0042 0536 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

16:54:48.0127 0536 winachsf - ok

16:54:48.0270 0536 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

16:54:48.0292 0536 WmiAcpi - ok

16:54:48.0377 0536 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

16:54:48.0412 0536 WpdUsb - ok

16:54:48.0576 0536 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

16:54:48.0618 0536 ws2ifsl - ok

16:54:48.0717 0536 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:54:48.0725 0536 WUDFRd - ok

16:54:48.0799 0536 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys

16:54:48.0847 0536 XAudio - ok

16:54:49.0007 0536 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys

16:54:49.0069 0536 yukonwlh - ok

16:54:49.0113 0536 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0

16:54:49.0136 0536 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

16:54:49.0136 0536 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

16:54:49.0176 0536 Boot (0x1200) (4ce68c2eae6619693b40f1292ba3d928) \Device\Harddisk0\DR0\Partition0

16:54:49.0178 0536 \Device\Harddisk0\DR0\Partition0 - ok

16:54:49.0179 0536 ============================================================

16:54:49.0180 0536 Scan finished

16:54:49.0180 0536 ============================================================

16:54:49.0209 1964 Detected object count: 1

16:54:49.0209 1964 Actual detected object count: 1

16:56:26.0320 1964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

16:56:26.0321 1964 \Device\Harddisk0\DR0 - ok

16:56:26.0323 1964 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

16:56:36.0200 4876 Deinitialize success

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer: Sony Corporation

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: Sony Corporation

System Product Name: VGN-NS110E

Logical Drives Mask: 0x0000003c

Kernel Drivers (total 151):

0x81E0D000 \SystemRoot\system32\ntkrnlpa.exe

0x821C7000 \SystemRoot\system32\hal.dll

0x80400000 \SystemRoot\system32\kdcom.dll

0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x80477000 \SystemRoot\system32\PSHED.dll

0x80488000 \SystemRoot\system32\BOOTVID.dll

0x80490000 \SystemRoot\system32\CLFS.SYS

0x804D1000 \SystemRoot\system32\CI.dll

0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys

0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x80692000 \SystemRoot\system32\drivers\acpi.sys

0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS

0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys

0x806E9000 \SystemRoot\system32\drivers\pci.sys

0x80710000 \SystemRoot\System32\drivers\partmgr.sys

0x8071F000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x80722000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8072C000 \SystemRoot\system32\drivers\volmgr.sys

0x8073B000 \SystemRoot\System32\drivers\volmgrx.sys

0x80785000 \SystemRoot\System32\drivers\mountmgr.sys

0x8740B000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x874D9000 \SystemRoot\system32\drivers\fltmgr.sys

0x8750B000 \SystemRoot\system32\drivers\fileinfo.sys

0x8751B000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x87525000 \SystemRoot\System32\Drivers\ksecdd.sys

0x87609000 \SystemRoot\system32\drivers\ndis.sys

0x87714000 \SystemRoot\system32\drivers\msrpc.sys

0x8773F000 \SystemRoot\system32\drivers\NETIO.SYS

0x8780B000 \SystemRoot\System32\drivers\tcpip.sys

0x878F5000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x87A05000 \SystemRoot\System32\Drivers\Ntfs.sys

0x87B15000 \SystemRoot\system32\drivers\volsnap.sys

0x87B4E000 \SystemRoot\System32\Drivers\spldr.sys

0x87B56000 \SystemRoot\System32\Drivers\mup.sys

0x87B65000 \SystemRoot\System32\drivers\ecache.sys

0x87B8C000 \SystemRoot\system32\drivers\dlkmdldr.sys

0x87B93000 \SystemRoot\system32\drivers\disk.sys

0x87BA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x87BC5000 \SystemRoot\system32\drivers\crcdisk.sys

0x87BDB000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x87BE6000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x8B401000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x8BAE4000 \SystemRoot\system32\drivers\dlkmd.sys

0x8BC00000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8BCA0000 \SystemRoot\System32\drivers\watchdog.sys

0x8BCAC000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x8BCB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x8BCF5000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x8BD04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8BD91000 \SystemRoot\system32\DRIVERS\yk60x86.sys

0x8C009000 \SystemRoot\system32\DRIVERS\athr.sys

0x8C0ED000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x8C0FD000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x8C10B000 \SystemRoot\system32\DRIVERS\risdptsk.sys

0x8C11C000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

0x8C136000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x8C149000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8C154000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x8C17F000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8C181000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8C18C000 \SystemRoot\system32\DRIVERS\SFEP.sys

0x8C18F000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x8C1A7000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x8C1B6000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x8C1BA000 \SystemRoot\system32\DRIVERS\serscan.sys

0x8C1C2000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys

0x8C1CB000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8BB95000 \SystemRoot\system32\DRIVERS\storport.sys

0x8BDE0000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8BBD6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8BDEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8777A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8BBED000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x879DE000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8779D000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x87BEF000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8C1FA000 \SystemRoot\system32\DRIVERS\swenum.sys

0x877B2000 \SystemRoot\system32\DRIVERS\ks.sys

0x8BDF6000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x879F2000 \SystemRoot\system32\DRIVERS\umbus.sys

0x87596000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x877DC000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8C802000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8CA0E000 \SystemRoot\system32\drivers\portcls.sys

0x8CA3B000 \SystemRoot\system32\drivers\drmk.sys

0x8CA60000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

0x8CA9D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

0x8C401000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

0x8C4B5000 \SystemRoot\system32\drivers\modem.sys

0x8C4C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x8C4CB000 \SystemRoot\System32\Drivers\Null.SYS

0x8C4D2000 \SystemRoot\System32\Drivers\Beep.SYS

0x8C4D9000 \SystemRoot\system32\DRIVERS\ehdrv.sys

0x8C501000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8C508000 \SystemRoot\System32\drivers\vga.sys

0x8C514000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8C535000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8C53D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8C545000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8C550000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8C55E000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8C567000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8C57D000 \SystemRoot\system32\DRIVERS\smb.sys

0x8C591000 \SystemRoot\system32\drivers\afd.sys

0x8CBA0000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8C5D9000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8C5EF000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8CBD2000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x80795000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8CBE5000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8C5FD000 \SystemRoot\system32\DRIVERS\DMICall.sys

0x875CB000 \SystemRoot\System32\Drivers\dfsc.sys

0x87910000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x87927000 \SystemRoot\System32\Drivers\usbvideo.sys

0x8CBEF000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8D806000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x94CE0000 \SystemRoot\System32\win32k.sys

0x8D8D4000 \SystemRoot\System32\drivers\Dxapi.sys

0x8D8DE000 \SystemRoot\system32\DRIVERS\monitor.sys

0x94F00000 \SystemRoot\System32\TSDDD.dll

0x94F20000 \SystemRoot\System32\cdd.dll

0x8D8ED000 \SystemRoot\system32\drivers\luafv.sys

0x8D908000 \SystemRoot\system32\DRIVERS\eamonm.sys

0xA820F000 \SystemRoot\system32\drivers\spsys.sys

0xA82BF000 \SystemRoot\system32\DRIVERS\lltdio.sys

0xA82CF000 \SystemRoot\system32\DRIVERS\nwifi.sys

0xA82F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA8303000 \SystemRoot\system32\DRIVERS\rspndr.sys

0xA8316000 \SystemRoot\system32\drivers\HTTP.sys

0xA8383000 \SystemRoot\System32\DRIVERS\srvnet.sys

0xA83A0000 \SystemRoot\system32\DRIVERS\bowser.sys

0xA83B9000 \SystemRoot\System32\drivers\mpsdrv.sys

0xA83CE000 \SystemRoot\system32\drivers\mrxdav.sys

0x8D9AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x87948000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x8D9CD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x87981000 \SystemRoot\System32\DRIVERS\srv2.sys

0x805B1000 \SystemRoot\System32\DRIVERS\srv.sys

0x8D9E5000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys

0x879A9000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0xA83EF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xAAC00000 \SystemRoot\system32\drivers\peauth.sys

0xAACDE000 \SystemRoot\system32\drivers\regi.sys

0xAACE0000 \SystemRoot\System32\Drivers\secdrv.SYS

0xAACEA000 \SystemRoot\System32\drivers\tcpipreg.sys

0xAACF6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xAAD0B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0xAAD1D000 \SystemRoot\system32\DRIVERS\xaudio.sys

0xAAD25000 \SystemRoot\system32\DRIVERS\cdfs.sys

0xAAD3B000 \??\C:\Windows\system32\drivers\mbam.sys

0x77970000 \Windows\System32\ntdll.dll

Processes (total 85):

0 System Idle Process

4 System

496 C:\Windows\System32\smss.exe

636 csrss.exe

680 C:\Windows\System32\wininit.exe

692 csrss.exe

724 C:\Windows\System32\services.exe

736 C:\Windows\System32\lsass.exe

748 C:\Windows\System32\lsm.exe

788 C:\Windows\System32\winlogon.exe

920 C:\Windows\System32\svchost.exe

984 C:\Windows\System32\svchost.exe

1024 C:\Windows\System32\svchost.exe

1112 C:\Windows\System32\svchost.exe

1140 C:\Windows\System32\svchost.exe

1152 C:\Windows\System32\svchost.exe

1240 C:\Windows\System32\audiodg.exe

1276 C:\Windows\System32\svchost.exe

1292 C:\Windows\System32\SLsvc.exe

1316 C:\Windows\System32\svchost.exe

1508 C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

1572 C:\Windows\RTKAUDIOSERVICE.EXE

1804 C:\Windows\System32\dwm.exe

1832 C:\Windows\explorer.exe

1892 C:\Windows\System32\svchost.exe

364 C:\Windows\System32\spoolsv.exe

504 C:\Windows\System32\taskeng.exe

596 C:\Windows\System32\svchost.exe

1220 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

1884 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

2144 C:\Windows\System32\svchost.exe

2180 C:\Windows\System32\svchost.exe

2216 C:\Windows\System32\taskeng.exe

2264 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

2272 C:\Program Files\Sony\VAIO Care\VCsystray.exe

2336 C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

2352 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

2392 C:\Program Files\Sony\VAIO Power Management\SPMService.exe

2420 dllhost.exe

2524 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

2552 C:\Program Files\Viewpoint\Common\ViewpointService.exe

2564 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

2624 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

2712 dllhost.exe

2796 C:\Windows\System32\svchost.exe

2844 C:\Windows\System32\SearchIndexer.exe

2972 C:\Windows\System32\drivers\XAudio.exe

3072 igfxext.exe

3152 igfxsrvc.exe

3172 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

3192 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

3224 WUDFHost.exe

3708 C:\Windows\System32\igfxsrvc.exe

3952 C:\Program Files\Windows Defender\MSASCui.exe

3996 C:\Windows\System32\hkcmd.exe

4012 C:\Windows\System32\igfxpers.exe

4032 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

4056 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

2572 C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

2880 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

3044 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

2980 C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

3476 C:\Program Files\Common Files\Java\Java Update\jusched.exe

3608 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

1444 C:\Program Files\Windows Sidebar\sidebar.exe

1664 C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exe

1372 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

4052 C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

4044 C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

2256 C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

4760 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

5220 C:\Windows\System32\taskeng.exe

2128 C:\Program Files\Mozilla Firefox\firefox.exe

3416 C:\Windows\System32\svchost.exe

3212 C:\Windows\System32\svchost.exe

4364 C:\Program Files\Mozilla Firefox\plugin-container.exe

2400 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

5856 C:\Program Files\Mozilla Firefox\plugin-container.exe

4092 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

5260 C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

5320 C:\Windows\System32\SearchProtocolHost.exe

3328 C:\Windows\System32\SearchFilterHost.exe

3716 dllhost.exe

1532 dllhost.exe

4948 C:\Users\Brian\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`39400000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543216L9SA00, Rev: FB2OC43C

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-03 22:00:04

-----------------------------

22:00:04.184 OS Version: Windows 6.0.6002 Service Pack 2

22:00:04.185 Number of processors: 2 586 0xF0D

22:00:04.188 ComputerName: BRIANS-VAIO UserName: Brian

22:00:51.202 Initialize success

22:00:51.387 write error "aswEngin.dll". The process cannot access the file because it is being used by another process.

22:01:45.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:01:45.716 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3

22:01:45.722 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000064

22:01:45.728 Disk 1 Vendor: RICOH 01 Size: 152627MB BusType: 0

22:01:45.735 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000065

22:01:45.740 Disk 2 Vendor: RICOH 02 Size: 152627MB BusType: 0

22:01:45.773 Disk 0 MBR read successfully

22:01:45.780 Disk 0 MBR scan

22:01:45.786 Disk 0 Windows VISTA default MBR code

22:01:45.799 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9107 MB offset 2048

22:01:45.818 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143518 MB offset 18653184

22:01:45.829 Disk 0 scanning sectors +312579760

22:01:45.919 Disk 0 scanning C:\Windows\system32\drivers

22:02:03.472 Service scanning

22:02:06.285 Modules scanning

22:02:14.552 Disk 0 trace - called modules:

22:02:14.581 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys

22:02:14.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b232e8]

22:02:14.602 3 CLASSPNP.SYS[87ba98b3] -> nt!IofCallDriver -> [0x84e9e268]

22:02:14.612 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84ed3028]

22:02:14.623 Scan finished successfully

22:04:44.114 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat"

22:04:44.133 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

ComboFix 12-01-03.08 - Brian 01/03/2012 22:39:18.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1914.855 [GMT -5:00]

Running from: c:\users\Brian\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Brian\GoToAssistDownloadHelper.exe

c:\windows\SwSys1.bmp

c:\windows\SwSys2.bmp

.

.

((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))

.

.

2012-01-04 03:51 . 2012-01-04 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-03 21:45 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{90E86661-A262-4C43-8942-9C07E82ECC9A}\mpengine.dll

2012-01-01 00:18 . 2012-01-01 00:18 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes

2012-01-01 00:18 . 2012-01-01 00:18 -------- d-----w- c:\programdata\Malwarebytes

2012-01-01 00:18 . 2012-01-01 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-01 00:18 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-31 21:13 . 2011-12-31 21:49 -------- d-----w- c:\program files\PC Tools

2011-12-31 21:08 . 2011-11-23 00:42 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys

2011-12-31 21:08 . 2011-12-31 21:49 -------- d-----w- c:\program files\Common Files\PC Tools

2011-12-31 21:06 . 2011-12-31 21:47 -------- d-----w- c:\programdata\PC Tools

2011-12-31 21:06 . 2011-12-31 21:06 -------- d-----w- c:\users\Brian\AppData\Roaming\TestApp

2011-12-26 04:54 . 2011-12-26 04:54 -------- d-----w- c:\windows\Intuit

2011-12-24 20:32 . 2011-12-24 20:32 -------- d-----w- c:\windows\Sun

2011-12-15 00:08 . 2011-12-15 00:08 -------- d-----w- c:\users\Brian\AppData\Local\InFocus_Corporation

2011-12-15 00:06 . 2011-12-15 00:06 -------- d-----w- c:\program files\InFocus

2011-12-15 00:06 . 2011-12-15 00:06 -------- d--h--w- c:\program files\DisplayLink InFocus Support

2011-12-15 00:05 . 2009-04-06 15:57 367728 ----a-w- c:\windows\system32\drivers\dlkmd.sys

2011-12-15 00:05 . 2009-04-06 15:57 13424 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys

2011-12-15 00:05 . 2011-12-25 04:39 -------- d-----w- c:\program files\DisplayLink Core Software

2011-12-14 02:28 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-12-08 23:06 . 2011-12-11 07:01 -------- d-----w- c:\users\Brian\AppData\Roaming\Apple Computer

2011-12-08 23:05 . 2011-12-08 23:06 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-12-08 23:03 . 2011-12-25 04:34 -------- d-----w- c:\program files\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 19:29 . 2009-10-02 21:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-12-21 07:24 . 2011-12-26 04:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]

@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"

[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]

2008-06-14 00:07 303104 ----a-w- c:\ddi\OverIcon.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]

"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]

"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]

"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]

"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]

"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]

"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]

"Skytel"="Skytel.exe" [2008-07-03 1826816]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]

InFocus DisplayLink Manager Startup.lnk - c:\program files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exe [2011-12-14 10554008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com/?o=101760&l=dis

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\

FF - prefs.js: browser.search.selectedEngine - Ask

FF - prefs.js: browser.startup.homepage - espn.com

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

HKCU-Run-Aim6 - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 22:52

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-01-03 23:02:05

ComboFix-quarantined-files.txt 2012-01-04 04:01

.

Pre-Run: 89,363,705,856 bytes free

Post-Run: 90,930,143,232 bytes free

.

- - End Of File - - 494137955F7220AF9B8DF00A9FFD22A6

Results of screen317's Security Check version 0.99.30

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET NOD32 Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 26

Java SE Runtime Environment 6

Java version out of date!

Adobe Flash Player 10.3.183.7 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (9.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSASCui.exe

Malwarebytes' Anti-Malware mbamservice.exe

Windows Defender MSASCui.exe

``````````End of Log````````````

So, what do you think? Thank you for all the great help up to this point and please advise me what to do next. :)

zbad2000

MBR.zip

Link to post
Share on other sites

Glad to hear things are running better ;)

Thank you for all the great help up to this point and please advise me what to do next. :)

No problem! :)

We need to do some further deep scanning. Please do the following:

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
    Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

----------

icon13.gifPlease close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from here.
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
    nclahc.gif
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
    2j5lb6.gif
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

icon13.gifNOTE! Please remove any e-mail address in the RootRepeal report (if present).

----------

Please post both the RootkitUnhooker & RootRepeal reports in your next reply. Let me know how things go ;).

Link to post
Share on other sites

Thanks for all your help so far. It's been great to have a place like this to go for some honest help. :) So I ran both programs, and it went ok. RootKit took about 4 hours to run; I don't mind but I hope its normal, or at least somewhat normal. :unsure: Anyway, here are the logs. Look forward to hearing back from you.

zbad 2000

RkU Version: 3.8.389.593, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0x8B401000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7221248 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81E0D000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)

0x81E0D000 PnpManager 3907584 bytes

0x81E0D000 RAW 3907584 bytes

0x81E0D000 WMIxWDM 3907584 bytes

0x8C802000 C:\Windows\system32\drivers\RTKVHDA.sys 2146304 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x94CE0000 Win32k 2113536 bytes

0x94CE0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x87A05000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x87609000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8CA9D000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8780B000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x8C009000 C:\Windows\system32\DRIVERS\athr.sys 933888 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)

0x804D1000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xAAC00000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8D806000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes

0x8740B000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)

0x8C401000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0x8BAE4000 C:\Windows\system32\drivers\dlkmd.sys 724992 bytes (DisplayLink Corp., DisplayLink WDDM KMD)

0xA820F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8D908000 C:\Windows\system32\DRIVERS\eamonm.sys 679936 bytes (ESET, Amon monitor)

0x8BC00000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8BD04000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x80609000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x87525000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x80407000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xA8316000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x805B1000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)

0x8BD91000 C:\Windows\system32\DRIVERS\yk60x86.sys 323584 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)

0x8073B000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8C591000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x80692000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80490000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8BB95000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8BCB7000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8CA60000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x80795000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8773F000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x87948000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x87B15000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x87596000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x821C7000 ACPI_HAL 208896 bytes

0x821C7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x874D9000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8CBA0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8C1CB000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8CA0E000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x87714000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8C154000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)

0x877B2000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xA82CF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x87981000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x87B65000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806E9000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8CA3B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8777A000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x87BA4000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0xA83CE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x87927000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)

0x8C514000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x8C4D9000 C:\Windows\system32\DRIVERS\ehdrv.sys 126976 bytes (ESET, ESET Helper driver)

0x8D9AE000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xA8383000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x878F5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8D8ED000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x8C11C000 C:\Windows\system32\DRIVERS\rimsptsk.sys 106496 bytes (REDC, RICOH MS Driver)

0xA83A0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8D9E5000 C:\Windows\system32\DRIVERS\epfwwfpr.sys 102400 bytes (ESET, ESET Personal Firewall driver)

0x8C18F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8D9CD000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x875CB000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8BBD6000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x87910000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0xAAD25000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8C5D9000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8C567000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xA83B9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8779D000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0xAACF6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x879DE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8C57D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8C136000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xA8303000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8CBD2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x879A9000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xAAD0B000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x87B93000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x877DC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80477000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x8C10B000 C:\Windows\system32\DRIVERS\risdptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)

0x8750B000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0xA82BF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x80785000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8C0ED000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x87BEF000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8C1A7000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8D8DE000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x87B56000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80710000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8BBED000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8BCF5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8072C000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8C0FD000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x94F20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8C5EF000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8C550000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8CBEF000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8C4B5000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x879F2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x80685000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0xAACEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8C508000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8BCA0000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0xAAD3F000 C:\Users\Brian\AppData\Local\Temp\aswMBR.sys 45056 bytes

0x8C149000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8C181000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8C545000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8BDEB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8BDE0000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x87BDB000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8BCAC000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0x80722000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8D8D4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8BDF6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA82F9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8CBE5000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x8751B000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xAACE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8C1C2000 C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 36864 bytes (ArcSoft, Inc., -)

0xAAD63000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)

0x87BC5000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8C4C2000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8C55E000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x94F00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x87BE6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x806D8000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x80488000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0xAAD4C000 C:\Users\Brian\AppData\Local\Temp\catchme.sys 32768 bytes

0x806E1000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8C535000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8C53D000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0xAAD5B000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)

0x87B4E000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xAAD1D000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8C4D2000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x87B8C000 C:\Windows\system32\drivers\dlkmdldr.sys 28672 bytes (DisplayLink Corp., DisplayLink WDDM KMD Loader)

0x8C501000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x80400000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8C4CB000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8C1B6000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0xAAD3B000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)

0xA83EF000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x8071F000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8C18C000 C:\Windows\system32\DRIVERS\SFEP.sys 12288 bytes (Sony Corporation, Sony Firmware Extension Parser driver)

0xAAD4A000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes

0xAACDE000 C:\Windows\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)

0x8C1FA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8C17F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0x8C5FD000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)

==============================================

>Stealth

==============================================

0x86D5CBE4 Unknown page with executable code, 1052 bytes

0x86D1FF13 Unknown page with executable code, 237 bytes

0x86D64E96 Unknown page with executable code, 362 bytes

==============================================

>Files

==============================================

!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat

!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat

!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat

!-->[Hidden] C:\Qoobox\BackEnv\VikPev00

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x81EB57AA-->81EB57B1 [ntkrnlpa.exe]

ntkrnlpa.exe-->TmInitSystem, Type: Inline - RelativeJump 0x821671DE-->821671E4 [ntkrnlpa.exe]

[1220]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x77AFA8C5-->EC000004 [unknown_code_page]

[1220]ekrn.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Code Mismatch 0x77AFA8C5 + 3 [00]

[2572]AutoLaunchWLASU.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->74514618 [shimeng.dll]

[2572]AutoLaunchWLASU.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->74514618 [shimeng.dll]

[2572]AutoLaunchWLASU.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->74514618 [shimeng.dll]

[2572]AutoLaunchWLASU.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->74514618 [shimeng.dll]

[2572]AutoLaunchWLASU.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->74514618 [shimeng.dll]

[2572]AutoLaunchWLASU.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->74514618 [shimeng.dll]

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2012/01/04 20:15

Program Version: Version 1.3.5.0

Windows Version: Windows Vista SP2

==================================================

Drivers

-------------------

Name: aswMBR.sys

Image Path: C:\Users\Brian\AppData\Local\Temp\aswMBR.sys

Address: 0xAAD3F000 Size: 44544 File Visible: No Signed: -

Status: -

Name: catchme.sys

Image Path: C:\Users\Brian\AppData\Local\Temp\catchme.sys

Address: 0xAAD4C000 Size: 31744 File Visible: No Signed: -

Status: -

Name: dump_iaStor.sys

Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys

Address: 0x8D806000 Size: 843776 File Visible: No Signed: -

Status: -

Name: PROCEXP113.SYS

Image Path: C:\Windows\system32\Drivers\PROCEXP113.SYS

Address: 0xAAD4A000 Size: 7872 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\Windows\system32\drivers\rootrepeal.sys

Address: 0xAAD6C000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

Path: C:\System Volume Information\{4ab5b7d1-2c2b-11e1-a06d-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{556dce85-282d-11e1-9c33-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{6359d89f-2424-11e1-9235-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{79fbb992-2b4f-11e1-856d-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{88535c93-269b-11e1-94e9-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{88535cb7-269b-11e1-94e9-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec828d06-1fc8-11e1-86a5-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec828d0f-1fc8-11e1-86a5-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec828d36-1fc8-11e1-86a5-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec828d3a-1fc8-11e1-86a5-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec828d46-1fc8-11e1-86a5-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{ec828d4e-1fc8-11e1-86a5-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{f1391c97-2e48-11e1-bb03-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{f8c4b127-2761-11e1-bcb7-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{12d2e4e5-1f8a-11e1-9138-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{316C6~1

Status: Locked to the Windows API!

Path: C:\System Volume Information\{316c6fe3-2ea6-11e1-88a1-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3264e2c9-1982-11e1-baa4-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3264e2d1-1982-11e1-baa4-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3264e2d7-1982-11e1-baa4-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3663542e-2ce1-11e1-9bcf-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{36635434-2ce1-11e1-9bcf-001dba88e479}{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}

Status: Locked to the Windows API!

Path: C:\Windows\Temp\HPSLPSVC0011.log

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4de39e0d118f2d3f.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_sony.sensing.sfaceplus_5a496c7842cd4787_4.2.0.520_none_cb6fc1498b448601.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_sony.sensing.vmlib_5a496c7842cd4787_1.3.1.527_none_7b92227ffb6605d1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_6b8a9829b015faa3.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_517205a10f4550e3.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_951ab4128654b0c9.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_3624aa14c1dce505.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_99b61f5e8371c1d4.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_750b37ff97f4f68b.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_18f8a87fd1919cd9.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4db63e267dcf142c.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_3da38fdebd0e6822.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\APPLIC~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\REDIRE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\APPLIC~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\REDIRE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18005_none_12d4ebd0b1f42298\REDIRE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\INSTAL~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_48d018cce81ec9cb\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\INSTAL~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_32082f7101c10ebe\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\INSTAL~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_48aafd82e870d66c\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\INSTAL~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_31df6e1f02164f7f\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_b898612ecd927be5\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde48886\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a0199\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6000.16720_none_de8fef9cea4fec76\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6000.20883_none_c7c8064103f23169\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6001.18111_none_de6ad452eaa1f917\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6001.22230_none_c79f44ef0447722a\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_6d8c18ba50aebc1f\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_56c42f5e6a510112\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_6d66fd705100c8c0\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18236_none_adfd1f9d8d2d7c40\PRESEN~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.22377_none_ae5c7d02a66aa525\PRESEN~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6002.18005_none_6d41994e5153298b\UNINST~1.SQL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\REDIRE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\REDIRE~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPNET~1.UNI

Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYSTEM~1.DLL

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wpfgfx_v0300.dll

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp

Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp

Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config

Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PRESEN~1.CON

Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\SYSTEM~1.DLL

Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5F3C~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE6DB5~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM

Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM

Status: Locked to the Windows API!

Path: C:\Users\Brian\AppData\Local\Apps\2.0\PV9CJP9J.3KW\PLVNCGQT.TKG\manifests\Citrix Online Application Starter.cdf-ms

Status: Locked to the Windows API!

Path: C:\Users\Brian\AppData\Local\Apps\2.0\PV9CJP9J.3KW\PLVNCGQT.TKG\manifests\Citrix Online Application Starter.manifest

Status: Locked to the Windows API!

Processes

-------------------

Path: System

PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe

PID: 1240 Status: Locked to the Windows API!

Shadow SSDT

-------------------

#: 384 Function Name: NtUserEnumDisplayDevices

Status: Hooked by "C:\Windows\system32\drivers\dlkmd.sys" at address 0x8baf1066

==EOF==

Link to post
Share on other sites

Thanks for all your help so far. It's been great to have a place like this to go for some honest help. :)

Thank you for the kind words! :)

So I ran both programs, and it went ok. RootKit took about 4 hours to run; I don't mind but I hope its normal, or at least somewhat normal. :unsure: Anyway, here are the logs. Look forward to hearing back from you.

Yeah, those programs can take quite a while to run... but, your logs are looking much better ;).

Before the next step, let's run an online scan to see if there's anything we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Sorry about this but I'm not getting a log from this. I ran it a couple times to see if I got a log and this was all I kept getting.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

I followed the directions well and I just kept running into the same problem. The program ran fine in about and hour and a half but the log is the problem. I ran it from Internet Explorer like it said (IE was really slow, I dont know if thats just because I hadn't used it in a while) and the computer itself took a little while to boot up.

Can you tell me what to do next? SOrry about this one ha but I told you I was kind of a novice! Thanks

Link to post
Share on other sites

No worries- try BitDefender ;)

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

Ok so.... I think I did everything correctly. :unsure: It wasn't exactly as the directions said, but I got the system scanned. Let me know if I did everything correctly. Thank you again for everything thus far. Here is the log:

QuickScan 32-bit v0.9.9.103

---------------------------

Scan date: Thu Jan 05 22:20:13 2012

Machine ID: 90363253

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe - could not be accessed

--> Process OnlineCmdLineScanner.exe (720)

C:\Windows\system32\ivireg.ivr - could not be scanned

No infection found.

-------------------

Processes

---------

Adobe Reader and Acrobat Manager 3016 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AutoLaunchWLASU 2908 C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

CCP 2940 C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

DisplayLink Core Software v4.6.17812.0 2020 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

DisplayLink Core Software v4.6.17812.0 1532 C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

DisplayLink Core Software v4.6.17812.0 1096 C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

DisplayLink Manager Tray Application 5124 C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManager.exe

ESET Smart Security 1284 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

ESET Smart Security 1872 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

Intel® Common User Interface 4084 C:\Windows\System32\hkcmd.exe

Intel® Common User Interface 2624 C:\Windows\System32\igfxext.exe

Intel® Common User Interface 4092 C:\Windows\System32\igfxpers.exe

Intel® Common User Interface 2404 C:\Windows\System32\igfxsrvc.exe

Intel® Common User Interface 2664 C:\Windows\System32\igfxsrvc.exe

ISB Utility 2476 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

IviRegMgr Module 1644 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

Java Platform SE Auto Updater 2 0 1072 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Kinoubi.UI.UIManager2 3268 C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

Malwarebytes Anti-Malware 2948 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

Malwarebytes Anti-Malware 4604 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

MgiSvr 2236 C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

Microsoft Office OneNote 4076 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

Microsoft® Windows® Operating System 4948 C:\Program Files\Windows Media Player\wmplayer.exe

Microsoft® Windows® Operating System 3544 C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System 1768 C:\Windows\explorer.exe

Microsoft® Windows® Operating System 636 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 692 C:\Windows\System32\csrss.exe

Microsoft® Windows® Operating System 724 C:\Windows\System32\services.exe

Microsoft® Windows® Operating System 1308 C:\Windows\System32\SLsvc.exe

Microsoft® Windows® Operating System 564 C:\Windows\System32\smss.exe

Microsoft® Windows® Operating System 488 C:\Windows\System32\spoolsv.exe

Microsoft® Windows® Operating System 576 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 2332 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 4468 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 4608 C:\Windows\System32\taskeng.exe

Microsoft® Windows® Operating System 680 C:\Windows\System32\wininit.exe

Microsoft® Windows® Operating System 860 C:\Windows\System32\winlogon.exe

Microsoft® Windows® Operating System 2864 C:\Windows\System32\WUDFHost.exe

PowerManager 556 C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

Realtek Audio Service 1604 C:\Windows\RTKAUDIOSERVICE.EXE

SoftK56 Modem Driver 3000 C:\Windows\System32\drivers\XAudio.exe

Synaptics Pointing Device Driver 2468 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

ThirdPartyAppMgr 1776 C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

VAIO Care 2440 C:\Program Files\Sony\VAIO Care\VCsystray.exe

VAIO Content Folder Watcher 2692 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

VAIO Entertainment 3684 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

VAIO Entertainment 2724 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

VAIO Event Service 2256 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

VAIO Event Service 2496 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

VAIO Power Management 3432 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

VAIO Power Management 2292 C:\Program Files\Sony\VAIO Power Management\SPMService.exe

VAIO Update 2368 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

Viewpoint Manager 2708 C:\Program Files\Viewpoint\Common\ViewpointService.exe

Windows® Internet Explorer 4912 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5724 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Internet Explorer 5872 C:\Program Files\Internet Explorer\iexplore.exe

Windows® Search 4448 C:\Windows\System32\SearchFilterHost.exe

Windows® Search 4936 C:\Windows\System32\SearchProtocolHost.exe

Windows® Search 5504 C:\Windows\System32\SearchProtocolHost.exe

(verified) Microsoft® .NET Framework 6124 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(verified) Microsoft® Windows® Operating System 2580 C:\Windows\System32\dllhost.exe

(verified) Microsoft® Windows® Operating System 2380 C:\Windows\System32\dllhost.exe

(verified) Microsoft® Windows® Operating System 1736 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 736 C:\Windows\System32\lsass.exe

(verified) Microsoft® Windows® Operating System 748 C:\Windows\System32\lsm.exe

(verified) Microsoft® Windows® Operating System 2068 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1668 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2108 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2620 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1336 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1292 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 4404 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1904 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1164 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1152 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2752 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1124 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1000 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 940 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 580 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2088 C:\Windows\System32\svchost.exe

(verified) Windows® Search 2784 C:\Windows\System32\SearchIndexer.exe

Network activity

----------------

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 72.14.204.95

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 165.254.35.10

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 165.254.35.10

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 165.254.35.10

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 74.86.64.162

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 184.25.31.139

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 74.125.226.108

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 184.28.251.55

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 74.125.226.200

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 74.125.226.99

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 74.125.226.99

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 74.125.226.121

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 74.125.226.127

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 74.125.226.121

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 184.28.251.55

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 74.125.226.154

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 184.28.251.55

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 69.171.224.12

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 69.171.224.12

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 195.59.150.254

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 195.59.150.254

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 195.59.150.254

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 195.59.150.254

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 195.59.150.254

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 195.59.150.254

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 216.137.41.157

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 216.137.41.157

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 204.246.169.143

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 184.25.29.177

Process iexplore.exe (5724) connected on port 443 (HTTP over SSL) --> 72.14.204.95

Process iexplore.exe (5724) connected on port 80 (HTTP) --> 74.125.226.129

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 63.116.243.163

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 63.116.243.163

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 63.116.243.163

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 63.116.243.163

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 165.254.34.95

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 74.125.226.129

Process iexplore.exe (5872) connected on port 80 (HTTP) --> 63.116.243.163

Process iexplore.exe (5872) connected on port 443 (HTTP over SSL) --> 184.51.254.85

Process wininit.exe (680) listens on ports: 49152 (RPC)

Process services.exe (724) listens on ports: 49157 (RPC)

Process lsass.exe (736) listens on ports: 49154 (RPC)

Process svchost.exe (1000) listens on ports: 135 (RPC)

Process svchost.exe (1124) listens on ports: 49153 (RPC)

Process svchost.exe (1164) listens on ports: 49155 (RPC)

Process VCSW.exe (3684) listens on ports: 51493

Autoruns and critical files

---------------------------

C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe

C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe

$InstallerBrand DisplayLink Manager Ins C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exe

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AutoLaunchWLASU C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

ESET Smart Security C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

HD Audio Control Panel C:\Windows\RtHDVCpl.exe

Intel® Common User Interface C:\Windows\System32\hkcmd.exe

Intel® Common User Interface C:\Windows\system32\igfxdev.dll

Intel® Common User Interface C:\Windows\System32\igfxpers.exe

Intel® Common User Interface C:\Windows\system32\igfxtray.exe

ISB Utility C:\Program Files\Sony\ISB Utility\ISBMgr.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe

Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\Windows\system32\logon.scr

Realtek Voice Manager C:\Windows\Skytel.exe

SmartWi Helper C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe

Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

VAIO Event Service C:\Windows\system32\VESWinlogon.dll

WelcomeLauncher C:\Program Files\Sony\First Experience\WelcomeLauncher.exe

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll

BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

BitTorrent C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll

Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Java Platform SE 6 U26 C:\Program Files\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MetaStream 3 Plugin C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

Move Media Player 7 C:\Users\Brian\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll

NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll

RadioWMPCore.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\engine@conduit.com\components\RadioWMPCore.dll

RadioWMPCoreGecko5.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

RadioWMPCoreGecko6.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

RadioWMPCoreGecko7.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

RadioWMPCoreGecko8.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

RadioWMPCoreGecko9.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

Shockwave for Director C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe

Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\Windows\system32\ieframe.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) RadioWMPCoreGecko19.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

(verified) RadioWMPCoreGecko19.dll C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

Scan

----

MD5: d6caab3fe5daba58053cc7a029996423 C:\DDI\overicon.dll

MD5: 37bf603c3685289ca684c4d3400a9de7 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: a1cdf0e7cb409b05ee22f9035cb33c8b C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 213822072085b5bbad9af30ab577d817 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe

MD5: 938acf2a4f7fdaff322fd36f0b14d45a C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll

MD5: a99d2c7e30ad63ef920a894131caf5f7 C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

MD5: a97e84a499a085b1a2d5f667bf77442b C:\Program Files\Common Files\Sony Shared\AVLib\OpcOmg.dll

MD5: 41c33fb4fd929fed732a00d2daef5be0 C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

MD5: f63102f289ae2039940b22e9b2a8e0bd C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

MD5: c3d06fc12699cdb7aa1a6e0a0c432ff2 C:\Program Files\Common Files\Sony Shared\OpenMG\MigrateToGM.dll

MD5: 84a97df00c17abf8e5c196731e656a0f C:\Program Files\Common Files\Sony Shared\OpenMG\omgconv2.DLL

MD5: 1eef4b69e76a58d9d305232112e3eca4 C:\Program Files\Common Files\Sony Shared\OpenMG\omglgd.DLL

MD5: 15678dc0ec612f81c77c89d339b265cf C:\Program Files\Common Files\Sony Shared\OpenMG\omgmisc.dll

MD5: 4c123b5d5d5586ef82fa6a754b0d7ed0 C:\Program Files\Common Files\Sony Shared\OpenMG\OmgPcMan.dll

MD5: 6143c4b3e9530bfc602ea98bba2a8665 C:\Program Files\Common Files\Sony Shared\OpenMG\OmgTrans.ax

MD5: 64c2302d3764b5499ae0d41eb0fd4622 C:\Program Files\Common Files\Sony Shared\OpenMG\OMGUtils.dll

MD5: 9b20df5abfef7f956e296f7a49d1384b C:\Program Files\Common Files\Sony Shared\OpenMG\OpcEa3.dll

MD5: a50c447359e235ac9dd86b238d1d4075 C:\Program Files\Common Files\Sony Shared\OpenMG\pfcom.DLL

MD5: 7b6e2011901a2c513fd9de5b5cdb67bd C:\Program Files\Common Files\Sony Shared\OpenMG\salwrap.dll

MD5: dbf4f15ceaa754cfe2b167e6c7fe8314 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll

MD5: cbcbe2233d21e9b278f95f5cb28bc8ae C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

MD5: e72b716aa7c3ba2cec310f12089efc0d C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCs.dll

MD5: e242d956a5933873f1d2c0667732877f C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsAudioFile.vzcs

MD5: 1d88f4ec1e68993fbda5cd5a0a501176 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsfFile.vzcs

MD5: f71df0f4513d32afa57e522f0379a33a C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsVideoFile.vzcs

MD5: c081d4be50befb49fb12981c142d4d76 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsImageFile.vzcs

MD5: bcd55b205afdd0502eb901bd5741df1b C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsOmgFile.vzcs

MD5: 4f75ce5342dfe50d8a422d5a07ecf216 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsVideoCapsule.vzcs

MD5: b5dc9d0e8a18773c2e25699da80fae17 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsWmaFile.vzcs

MD5: a1dcfec7929748a104bdb4384a37249b C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll

MD5: 366cd1d2ee1ac950a800437dc4c98101 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll

MD5: 4ab8a0790e6337d3a37dc2e2c48b00db C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

MD5: 30b31a2ba25d11cc08bec4b32437afd6 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll

MD5: 986e387d6706b31f9648cc684b752f09 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCP71.dll

MD5: b822691bc2506961e5f1ae801af46abb C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCR71.dll

MD5: aea07134109f55fa9c303f1216607003 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll

MD5: 313c8e670a33dcc0136bc79beedc6063 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll

MD5: 071634532066c2e29350d450c3412837 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

MD5: 527b1949b49856117c711cb4dc130fd1 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll

MD5: 2a640dc735cb0112ac1dcd1e1549b27e C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

MD5: ee9abfc2f8f2dcdc624b6a9d5cf3b19d C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

MD5: d6f8c8050c37a024653c968ce9bdb7cc C:\Program Files\DisplayLink Core Software\AddOnApi.dll

MD5: fed39e942323b976b077ac69640f6b2e C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

MD5: 8c500b5e4f468ae14c005ba551a618e5 C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe

MD5: dfc1428e5532d26f36023ffb902f9d9d C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

MD5: 8ca06052cb0ed27701f345e9f87baf07 C:\Program Files\DNA\plugins\npbtdna.dll

MD5: 436070eb5a482306b7af58888e011ea7 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

MD5: 81e072ae6923f5d8132f378db9f0b847 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll

MD5: bdb779911e16efb83cad736ad56bba30 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll

MD5: 009dc9a823bb486d07d8dc30dd3a0b05 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll

MD5: cebc09650beeeb5cae6f76f07d32d247 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll

MD5: 34f6a76ca3fd0be4a38111ded656f899 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll

MD5: b75da73d834570b258f9a62644d1d7cb C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll

MD5: af20b83c0e267c58f63ac1ab411721e8 C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll

MD5: 1cd97c1de1ea4c185d2b3fac1f8513ed C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

MD5: e6a6e6d58a8dcb64a0ffbc43863d0a80 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

MD5: daf918925752672097cda0c7882c4090 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll

MD5: ffa5ba8587fee8d4dda8c18c22e3c7cc C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll

MD5: f1401e88797da906e14b62401a1a2fae C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll

MD5: 24ac46cfe87aa4a580fbd70c4e52ad51 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll

MD5: b664e313fca2f6ab9cfeb423bfd4b2fd C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll

MD5: 7396065ae898bb2efc2a91488ecfd88f C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll

MD5: 5835cccf79e677c2a7e79a2d8b23a303 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll

MD5: 76574731d0c469f484f9aefbf0d3f0e9 C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

MD5: e4cb2d45ce5d37d700b50fb342b75436 C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll

MD5: a04f4ac48895774a2cf9d1c9eaaacef0 c:\program files\hp\digital imaging\bin\hpslpsvc32.dll

MD5: 442e08308b93c45b7e210ef1b88e7644 C:\Program Files\InFocus\DisplayLink Manager\HIDCommNet.dll

MD5: 3d5bb850ec132c8a1438b753a52714ed C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManager.exe

MD5: df0447d4c96fc39f8d93666d16a3c8de C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exe

MD5: c75b6ad15f34dbf60d67e75124f42ec5 C:\Program Files\InFocus\DisplayLink Manager\NivoManagement.dll

MD5: 6eaeb130a145d3d06c11dd37d2b2fa06 C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 1e2c5e1ef3c6e844f0e9521e654ff62a C:\Program Files\Internet Explorer\IEShims.dll

MD5: ccdb0b2d1f2e016966b1db1097e24842 C:\Program Files\Internet Explorer\iexplore.exe

MD5: 667bafc4fbecc3900cab7c1bec33bf8b C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files\Java\jre6\bin\jp2ssv.dll

MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: ee407cac6c5fbc79af7c0aa180727e55 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

MD5: 80d7997fc092cdb9da217d8dc5386f48 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll

MD5: fdb2e1a958561d247bcb9c8e0f7f0ebb C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

MD5: 385b9a26dbe3d97b483d977c037c4bec C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

MD5: 7760679b6854a33433deb7f49a6f4a61 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll

MD5: de199f3aa9c541a349af95a5c72a71af C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

MD5: 9317118077072c08cd84597d2925249a C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll

MD5: a63c70a7c78bf12b8b504c2062632c14 C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

MD5: 667bafc4fbecc3900cab7c1bec33bf8b C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

MD5: 3858c54bd44853a552c41d8705ed713f C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt.dll

MD5: 34a547c5888b014be2a3d5893a61450d C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe

MD5: de7fdc108ab4824778a4ddb207197328 C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll

MD5: 808a68d627faa71e4fd30cd1331b98f7 C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll

MD5: 975633b80a4eef70ca0d801d320c5046 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll

MD5: 5a2042c13ed0ae22287c2f9654132961 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll

MD5: 23c0853cacf6f2ee374a0e05401da229 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll

MD5: 3f7f063bd3f625a2049981e75693c998 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll

MD5: 5453d1884b1ee8bbc906102e744d8de2 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll

MD5: 594b483d3b0d56ea8c49ddf11aa65f02 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll

MD5: c73f7f8ff23befa743462eabbd3c89f5 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll

MD5: 37fd621ddd6b5d3f00bf9171320f1a58 C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll

MD5: b6db6102ddef5471cadd7656d5e0a9a1 C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll

MD5: 9a261fd511569642cf4bf083c89f296b C:\Program Files\Sony Corporation\SmartWi Connection Utility\NativeWifiWrap.dll

MD5: d856023d1705326ca013941821a8a83a C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe

MD5: fc1a3a4c07913e48bd763ccae81820ac C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll

MD5: 14e0304153bef02f0e6a83f555e12977 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SendMessage.dll

MD5: b95eea1a3aa8fd956e9c8d360ea06697 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll

MD5: 9494ae1e84dcfff12f02b496beb0f390 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe

MD5: a94afa11aeca1e965262af9ae8621a33 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SnyUtilsWrapper.dll

MD5: 061e87ab8b13fc4c1b601e282eea78e0 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll

MD5: 21df5b725cb155ad3e682ff0878a984f C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll

MD5: d90ddfbb11157ebf27bed8f11570f412 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SystemPowerDLL.dll

MD5: b43838ffe6736af6fb8eb42bd69cba07 C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe

MD5: 4b466182a06ba333f854eee8c54f577a C:\Program Files\Sony Corporation\SmartWi Connection Utility\TosBtWrap.dll

MD5: ac510875424a0adaa42659f8840a467d C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe

MD5: d03b14a8b9aeb70eacb22e782e1d277e C:\Program Files\Sony\First Experience\WelcomeLauncher.exe

MD5: c61dfed19704fa252702727efcff97c3 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

MD5: 3790f4892e3bc7063fbd6a001b2ea807 C:\Program Files\Sony\VAIO Care\ChilkatDotNet2.dll

MD5: 73a67d0606972d363034a77b22900ddc C:\Program Files\Sony\VAIO Care\VCsystray.exe

MD5: 551c3aa6d12b4344ba7ecad8be0148b1 C:\Program Files\Sony\VAIO Control Center\CommonSetting.dll

MD5: 93d15de2f8e815eef8c46f4c102aabb1 C:\Program Files\Sony\VAIO Event Service\VESAppMon.dll

MD5: 2ea0b8689fc9765dda4bc4af7696ac09 C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

MD5: 1c13f88abddc9266223b44bb138f5d3f C:\Program Files\Sony\VAIO Event Service\VESHKWndCommon.dll

MD5: 693a3fdd279c345105fff9dde277849b C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

MD5: b0c84cea4fe07231ba87a054af95984d C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

MD5: 9771bb81fcedc800313762033ad18a16 C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll

MD5: 353796a3367925fc77d4c74e3670a3c5 C:\Program Files\Sony\VAIO Event Service\VESPerform.dll

MD5: fe729b40b02262e0c5ae7f4d37cd3763 C:\Program Files\Sony\VAIO Event Service\VESPowerMgr.dll

MD5: 7866a97da9beca4221e459027a014e2d C:\Program Files\Sony\VAIO Event Service\VESSemiPnP.dll

MD5: af14a99785566c61e1b3409052b15cdc C:\Program Files\Sony\VAIO Event Service\VESSetGamma.dll

MD5: 208fc3b3392545749dda6412b39b75b9 C:\Program Files\Sony\VAIO Event Service\VESStorageProtect.dll

MD5: 9e5fcff2612ad2044852fa0ce4eba09a C:\Program Files\Sony\VAIO Event Service\VESSuEvent.dll

MD5: ad276eb8958197bcfda2a2a247edc31f C:\Program Files\Sony\VAIO Event Service\VESSuPerform.dll

MD5: dbda2b0c8624f9b62e82f714affa135b C:\Program Files\Sony\VAIO Event Service\VESTransform.dll

MD5: 77f252c539bb57fdcda348755e7a921c C:\Program Files\Sony\VAIO Event Service\VESVideo.dll

MD5: 15f6872bacb7fd508aff2dfce43c8df1 C:\Program Files\Sony\VAIO Event Service\VESWndMsg.dll

MD5: 63e0296ce0e7d39949153d90c000d36e C:\Program Files\Sony\VAIO Event Service\VESWndMsgHook.dll

MD5: 354aa56a9b34b5fb987a8091fb0fe644 C:\Program Files\Sony\VAIO Launcher\VESAVModeButton.dll

MD5: dc826affa608f50c385bca4c71ef1bdd C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe

MD5: 1ec739f65c51fa1c7ac4502464a3c3a8 C:\Program Files\Sony\VAIO Media plus\SOHDms.exe

MD5: ec8fab4ac684445d6032aa5c6e77ca2e C:\Program Files\Sony\VAIO Media plus\SOHDs.exe

MD5: 07b5ab2f18902ce328e38a8101cbd3f7 C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe

MD5: 045e4a680a460d7c61b73a0798085997 C:\Program Files\Sony\VAIO Power Management\SPMDrv.dll

MD5: 26147fdf9c6aa5e957aa3d968afe9ce8 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

MD5: 43cec9bf5a4f2917982ad01d92e0f44d C:\Program Files\Sony\VAIO Power Management\SPMService.exe

MD5: e51449759ec41555a38689bd4f62ad76 C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe

MD5: 53cefa50b4dc8282cc80eed972cf25e3 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

MD5: 382f6e97a865d39dbc4c3c2a5f794e97 C:\Program Files\Sony\VAIO Update 4\VURes.dll

MD5: ff299bb033dc7b2fb3210f12869e344c C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe

MD5: ecbf8cbd73adfcf351a17053cc4e2b01 C:\Program Files\Sony\VAIO Wireless Wizard\SnyUtilsWrapper.dll

MD5: d9e6ff5e65f891f83d898b1d49e9c79e C:\Program Files\Sony\VAIO Wireless Wizard\VESWrap.dll

MD5: 27888f132d2ee0b72b28093a5f5f20eb C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

MD5: 5ce6d96c5210d5b0145ee39c0b8e7c8a C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe

MD5: ca7eaf5b741c042d6d6e4be0467d0e66 C:\Program Files\Viewpoint\Common\VistaBoot.sdll

MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

MD5: 0cade166293fc566b4b9d477a3a9d650 C:\Program Files\Windows Media Player\mpvis.DLL

MD5: 2d821afa5a1a9ca7f9f997a1aad09e72 C:\Program Files\Windows Media Player\wmplayer.exe

MD5: 5eb87ba0b93ca7e894fc8002e3ce4c2a C:\Program Files\Windows Portable Devices\SqmApi.dll

MD5: 905fd4ef56fcfd83d51ffa15e3fce51e C:\Users\Brian\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll

MD5: 34c084b321ea0308c58eed1cf6b5fb02 C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\engine@conduit.com\components\RadioWMPCore.dll

MD5: c2ad81a8cb014376dcc05257bc31ca23 C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll

MD5: 402f5c01b3629e70015d4eac29bd4b80 C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll

MD5: d55024f2e996643e54d736c83b4a4e8e C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll

MD5: 6b9ecf45d72b1b47bea6fbfd62925634 C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll

MD5: 816c504ac507224f0ec4f72f2024b028 C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll

MD5: d6804f089cbb6749e95124e7c4d80900 C:\Windows\AppPatch\AcLayers.DLL

MD5: 437af4a9d53f9926b872525aefeafd04 C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll

MD5: 44cc0d04063d49de3b5160e7fc1963b2 C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll

MD5: abc4dd333a08c767c95bc2653283d00e C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MD5: b9f0540e1d1b1a08564e5b9f9364ce10 C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MD5: cf608adeed13641be904be3590addf55 C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll

MD5: ce45722a3393b63843de48f314cf6b3f C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MD5: b46192d9a0cb3072cb604a7691003cff C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll

MD5: f31f900b015791f6a0534f2f150327dc C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\83be7d564785d94bf06b26fd10c8c981\PresentationFontCache.ni.exe

MD5: 50233ea2d5ea53b1f44db684edba9557 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll

MD5: 25bc19b5a84e52a6d669c874ed9a537c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MD5: d709af78422f6f0ef09cd0b79cfe743f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MD5: d50ba9f04089020fbba49bc13b357232 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll

MD5: 750da85178a3584a0e3fc36a9f2dc4cf C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll

MD5: 602cbe17e7858342cf99cae79fc04b16 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MD5: 83ffc619abbcf6c7e36b5882fca46fa4 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll

MD5: 24985b9ee5efb4a982593d87cd317a81 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll

MD5: 64b8d4e165160fcc536616430e5b870f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\e4ce0b11e60c6eeb432a7d19fae7619a\System.ServiceModel.Web.ni.dll

MD5: 536e1d382e25173edec7e0126438a4dc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll

MD5: 7908201a7aca9fd242039301bb5cf9eb C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll

MD5: e330e06490f534e4460ea7c3d2f8a68f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll

MD5: dad64f3e3866ff7c598cf9fe73cbe805 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll

MD5: a9bb8332bef887a0f4adc3c88cc35bfc C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MD5: 36623f6236bfbfddf13fd1774dedc67d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\856ad6e6e3262ccbc8a3955c3bcc7cfb\System.WorkflowServices.ni.dll

MD5: 28a295aa6abd45f4557b6c00d0f8c5b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MD5: 8c70a2b884ffbbae50bbd21fb962a846 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MD5: 3b308420e61d1d218c2d6d6915756487 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll

MD5: 006c83751b9f17934b58085d0b7bda2c C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll

MD5: b8f613ac24cc3c706029e602e2d5ddbf C:\Windows\Downloaded Program Files\qsax.dll

MD5: 6f678556a6fce04fc94f3435f6313705 C:\Windows\Downloaded Program Files\unagiuninst.exe

MD5: 6717ae12e326dd1e39f6ee183a37dc0f C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: ee59d3cdfab2e808551084165c7887bf C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 35a936c7c029a5b705d3ffd40518d660 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll

MD5: c066af01fe783943f771d07518cf3ea8 C:\Windows\RtHDVCpl.exe

MD5: 65330e78c17db8a99a7ff1ba3c8824b6 C:\Windows\RTKAUDIOSERVICE.EXE

MD5: 81bef03625416df7f03a67842484c0b6 C:\Windows\Skytel.exe

MD5: 9317118077072c08cd84597d2925249a C:\Windows\system32\Adobe\Director\np32dsw.dll

MD5: e9b9c1b98c8d6d48407e1c1203eac659 C:\Windows\System32\adsldpc.dll

MD5: bb5f0c82a21991642955cf1576b87cd0 C:\Windows\system32\ArcSoftKsUFilter.dll

MD5: f31eebc1a1c81fd04005489cc3dcdfe7 C:\Windows\system32\basesrv.dll

MD5: f21f255b91ca4f04e4250decd2067cbb c:\windows\system32\bitsperf.dll

MD5: 83adc95272b048dfd1563e0ea0f269fb C:\Windows\system32\cewmdm.dll

MD5: d333058925ce305e39de8d5ad2b52a46 C:\Windows\system32\CLUSAPI.DLL

MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe

MD5: 7f15b4953378c8b5161d65c26d5fed4d C:\Windows\system32\cngaudit.dll

MD5: 93e317d7ad783d8eaee2e3500bfe889d C:\Windows\System32\credui.dll

MD5: 187076dd5d8d4d5d23079d0741195ead C:\Windows\system32\CSRSRV.dll

MD5: abca209eba02cb59233614db83b4f50d C:\Windows\System32\csrss.exe

MD5: e04c7c6d08340b3b7e3cbae934cb884c C:\Windows\system32\dlumd32.dll

MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\System32\DNSAPI.dll

MD5: 57d762f6f5974af0da2be88a3349baaa c:\windows\system32\dnsrslvr.dll

MD5: 3911b972b55fea0478476b2e777b29fa C:\Windows\system32\drivers\afd.sys

MD5: 6b3ab8f67b37402a4174caa45002903e C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

MD5: 600efe56f37adbd65a0fb076b50d1b8d C:\Windows\system32\DRIVERS\athr.sys

MD5: 35f376253f687bde63976ccb3f2108ca C:\Windows\system32\DRIVERS\bowser.sys

MD5: 622c41a07ca7e6dd91770f50d532cb6c C:\Windows\System32\Drivers\dfsc.sys

MD5: ff89f759d42e3a0e44a123e45827b20b C:\Windows\system32\DRIVERS\DisplayLinkUsbPort.sys

MD5: 8848d551df911702b242bcaf4fb63731 C:\Windows\system32\drivers\dlkmd.sys

MD5: 01f34117bed8865b5dac7f3f4c99e3ab C:\Windows\system32\drivers\dlkmdldr.sys

MD5: f206e28ed74c491fd5d7c0a1119ce37f C:\Windows\system32\DRIVERS\DMICall.sys

MD5: c68ac676b0ef30cfbb1080adce49eb1f C:\Windows\System32\drivers\dxgkrnl.sys

MD5: bf14fbabd52e9522456d3a2f6e7e76e4 C:\Windows\system32\DRIVERS\eamonm.sys

MD5: 7d300a43a7bd8769e0f901bf9e1ae367 C:\Windows\system32\DRIVERS\ehdrv.sys

MD5: 96f9030ca15a8d2e8d44e53c1f0e842d C:\Windows\system32\DRIVERS\epfwwfpr.sys

MD5: 5a77ac34a0ffb70ce8b35b524fede9ba C:\Windows\system32\DRIVERS\HSX_CNXT.sys

MD5: 7bc42c65b5c6281777c1a7605b253ba8 C:\Windows\system32\DRIVERS\HSX_DPV.sys

MD5: 9ebf2d102ccbb6bcdfbf1b7922f8ba2e C:\Windows\system32\DRIVERS\HSXHWAZL.sys

MD5: db0cc620b27a928d968c1a1e9cd9cb87 C:\Windows\system32\DRIVERS\iaStor.sys

MD5: ce5ff5d5e3f4ca974e36dc24c15474d0 C:\Windows\system32\DRIVERS\igdkmd32.sys

MD5: b7ca8cc3f978201856b6ab82f40953c3 C:\Windows\system32\drivers\mbam.sys

MD5: 1e94971c4b446ab2290deb71d01cf0c2 C:\Windows\system32\DRIVERS\mrxsmb.sys

MD5: 4fccb34d793b116423209c0f8b7a3b03 C:\Windows\system32\DRIVERS\mrxsmb10.sys

MD5: c3cb1b40ad4a0124d617a1199b0b9d7c C:\Windows\system32\DRIVERS\mrxsmb20.sys

MD5: 001b4278407f4303efc902a2b16f2453 C:\Windows\system32\drivers\regi.sys

MD5: d0c2a0ce1091e08efb7ccba6cea4c3f9 C:\Windows\system32\DRIVERS\rimsptsk.sys

MD5: c22e4e27ccdf9aa5fe8143104f28cde3 C:\Windows\system32\DRIVERS\risdptsk.sys

MD5: 4a0f260df9a5333c07f4ab40ca9d4f4b C:\Windows\system32\drivers\RTKVHDA.sys

MD5: 126ea89bcc413ee45e3004fb0764888f C:\Windows\system32\DRIVERS\sdbus.sys

MD5: ef70b3d22b4bffda6ea851ecb063efaa C:\Windows\system32\DRIVERS\serscan.sys

MD5: c33bfbd6e9e41fcd9ffef9729e9faed6 C:\Windows\system32\DRIVERS\sfloppy.sys

MD5: 41987f9fc0e61adf54f581e15029ad91 C:\Windows\System32\DRIVERS\srv.sys

MD5: ff33aff99564b1aa534f58868cbe41ef C:\Windows\System32\DRIVERS\srv2.sys

MD5: 7605c0e1d01a08f3ecd743f38b834a44 C:\Windows\System32\DRIVERS\srvnet.sys

MD5: 99da94793332aadbb17bbb521ae56e21 C:\Windows\system32\DRIVERS\SynTP.sys

MD5: 814a1c66fbd4e1b310a517221f1456bf C:\Windows\System32\drivers\tcpip.sys

MD5: 119a487b94fcb54d5154ebfbfa124755 C:\Windows\System32\drivers\UMDF\WpdFs.dll

MD5: 090a2b8f055343815556a01f725f6c35 C:\Windows\system32\DRIVERS\wimfltr.sys

MD5: 15a317674a08df26be65164d959e9203 C:\Windows\System32\drivers\XAudio.exe

MD5: 88af537264f2b818da15479ceeaf5d7c C:\Windows\system32\DRIVERS\xaudio.sys

MD5: 7d4cca3659fa0780603206e3d12a993f C:\Windows\system32\DRIVERS\yk60x86.sys

MD5: b8a21907fe2f1a113f3487d9ab60bef9 C:\Windows\system32\en-us\tQuery.dll.mui

MD5: 8ce364388c8eca59b14b539179276d44 c:\windows\system32\fntcache.dll

MD5: 6c2fa88e5255c4595437987da536eed5 C:\Windows\System32\hccutils.DLL

MD5: b4b59ac042ee3733a862f26cbc0b17fc C:\Windows\system32\hidphone.tsp

MD5: 8e74d1a2dc724efa30f7264759c78f34 C:\Windows\System32\hkcmd.exe

MD5: 420c3e9bc3978bcd018aa10a7047ed16 C:\Windows\System32\hpf3l101.dll

MD5: eb6fcf257e156455cdb99dff76c22ddb C:\Windows\system32\hposwia_p04d.dll

MD5: 80b7a96f908da13617e7e6832c5c6a64 c:\windows\system32\hpzinw12.dll

MD5: 0c155c5d8942b3cbcf9506a9d376b9ad c:\windows\system32\hpzipm12.dll

MD5: 0c84b6affa7486422235584110d7176f c:\windows\system32\ICAAPI.dll

MD5: 22ea14a2e59c9dd621851b73817b8c0a C:\Windows\system32\ieframe.dll

MD5: 1b682e8e25f1f1098a5302efd79adfdb C:\Windows\system32\iepeers.dll

MD5: ce0a5c5091009048883842f49b572957 C:\Windows\system32\iertutil.dll

MD5: dacaa68a45ce3d38682d82b728beb4cb C:\Windows\system32\IEUI.dll

MD5: caebede181bfcdb3f0b2406d328ed899 C:\Windows\system32\igdumd32.dll

MD5: 4639bf851d1c1a3ff8c4a90c15148a5c C:\Windows\system32\igdumdx32.dll

MD5: 0cc97406a06bbe5cb3d7e40dae5503fb C:\Windows\system32\igfxdev.dll

MD5: c6667e3f70d21ed526b0bce6b9dad9d4 C:\Windows\system32\igfxexps.dll

MD5: c2016606088b680098ee17ab3691badf C:\Windows\System32\igfxext.exe

MD5: 64ee0aaacff314dcd079d07dff301d3f C:\Windows\System32\igfxpers.exe

MD5: 9f35cd6829a0f228d08c450af3e4efd1 C:\Windows\system32\igfxsrvc.dll

MD5: eb07d2d2cfa6ce451c3cf59862ec7a30 C:\Windows\System32\igfxsrvc.exe

MD5: faf567594b8c99b5e453dd964196c257 C:\Windows\system32\igfxtray.exe

MD5: 665790240511df6bc40a30e01731f49f C:\Windows\system32\irprops.cpl

MD5: 812b78d537e5ba9d8d25a66e20a37c35 C:\Windows\system32\jscript.dll

MD5: 574b473facaa0e91702b86578440b525 C:\Windows\system32\kernel32.dll

MD5: 74c2f29cc612b2b34231bebd824d2fb2 C:\Windows\system32\keyiso.dll

MD5: 953193a9dea40348c1086d171f6440ae C:\Windows\system32\kmddsp.tsp

MD5: ca0b849566776a17f35f0339be17dfd9 c:\windows\system32\ktmw32.dll

MD5: 19ffad68a02af1bf0bc336ee26cd6767 c:\windows\system32\l2gpstore.dll

MD5: 35d40113e4a5b961b6ce5c5857702518 c:\windows\system32\lmhsvc.dll

MD5: b17d18fd6594aaa25cbc95e799b1bf40 C:\Windows\system32\logon.scr

MD5: af43092e55306659cf366f9b42e4a981 C:\Windows\system32\Macromed\Flash\NPSWF32.dll

MD5: bf142d4f8c61ed3629a9cdd7ba867900 C:\Windows\system32\MFPlat.DLL

MD5: b4f5de3dad8e6b97272f45db97674878 C:\Windows\System32\mgmtapi.dll

MD5: 2e837f3d406224df131c34bc8f71621e C:\Windows\system32\modemui.dll

MD5: 56e315acfb08a177b4d01e42b9044db5 C:\Windows\System32\MPRAPI.dll

MD5: c0b070f0ceaa73bc7b90637425040834 C:\Windows\system32\msfeeds.dll

MD5: 73d666a49dec07192d7d1c367a142333 C:\Windows\system32\mshtml.dll

MD5: aab5feaabf4cb6f76d794203831c8d94 C:\Windows\system32\Msidle.dll

MD5: 5e41139ec6efbcaffd96d46925e544ab c:\windows\system32\mspatcha.dll

MD5: abe9eea1eabea0711610a637a7b1c25d C:\Windows\system32\msprivs.dll

MD5: ff41e1ac301f51e16f61ad7c0f45467c C:\Windows\System32\msshsq.dll

MD5: 2310a32bb0164552a311bfa02102a3d6 C:\Windows\system32\MSVCP60.dll

MD5: 915d3430fe926376dd942ae45a9a1665 C:\Windows\system32\mswmdm.dll

MD5: 2fa16465f64db54b1f7f511395eb4fd7 C:\Windows\system32\NCObjAPI.DLL

MD5: f4d9ed6bd74ad7cc0bec83c43a1cb76b c:\windows\system32\ncsi.dll

MD5: 2f6776acefe41ee889c464ea407918f2 C:\Windows\system32\ndptsp.tsp

MD5: 6bc5fcef351e4cb5a269c1e84b5a06da C:\Windows\system32\netcfgx.dll

MD5: 95daecf0fb120a7b5da679cc54e37dde C:\Windows\system32\netlogon.dll

MD5: 4bf053944e973c073339be841c9ecf28 C:\Windows\System32\NETRAP.dll

MD5: e1b80644e7125231aaef62fc2c81c8fe C:\Windows\system32\newdev.dll

MD5: 8bb86f0c7eea2bded6fe095d0b4ca9bd c:\windows\system32\nsisvc.dll

MD5: 708fb84003732e220c23cdf207f5a329 C:\Windows\system32\ntdll.dll

MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\system32\ole32.dll

MD5: dc15ab7168c0309d8f04fd95b6240422 C:\Windows\system32\OLEACC.dll

MD5: b218342214d9bba0f54ea12ba2e9278c C:\Windows\system32\OLEAUT32.dll

MD5: f0062778f50838145ac46b384ffb4fa3 C:\Windows\system32\pcadm.dll

MD5: b2b117bd8d1ea80536cdd91797ef4a0a C:\Windows\System32\portabledeviceclassextension.dll

MD5: b288ff7c1987a736726e87c79148c360 C:\Windows\system32\PortableDeviceWiaCompat.dll

MD5: e340845c8e96d107c36420065d7a5733 C:\Windows\system32\printcom.dll

MD5: 801f1e963f7eeffda3f9ef89db3ef133 C:\Windows\system32\radardt.dll

MD5: 7812ecff8fe0ed653716570c157f7b7c C:\Windows\system32\radarrs.dll

MD5: 2dd6af8e97f59c9d39329bbc2a81f13f C:\Windows\System32\RASDLG.dll

MD5: 88225070dd2f7b0b2ed51e7935078641 C:\Windows\system32\RASQEC.DLL

MD5: b9f3ff52b84fd9e3cafb29b8ee385e5b C:\Windows\system32\RESUTILS.DLL

MD5: 928060167f0eb1b4f605327db66cb0c7 C:\Windows\system32\RstrtMgr.DLL

MD5: 2ab58991862153a248779174d4e4212b C:\Windows\system32\schannel.dll

MD5: 1a58069db21d05eb2ab58ee5753ebe8d c:\windows\system32\schedsvc.dll

MD5: 0a990afb9f2726323d61c8ecb8b70b17 C:\Windows\system32\security.Dll

MD5: 167ac31450c0c53a01fa1491e94d7678 C:\Windows\system32\SHDOCVW.dll

MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\system32\SHELL32.dll

MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\system32\SHLWAPI.dll

MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\system32\SHSVCS.dll

MD5: 5a9d9d68ffc4a0ea2ef571f602fc84b1 C:\Windows\system32\spool\DRIVERS\W32X86\3\hpfst101.dll

MD5: 6b7622ca9f9e218b37a4ca89ccd2bd3c C:\Windows\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL

MD5: 03ed11b6149c94a1bc40aee376a43ceb C:\Windows\system32\spool\PRTPROCS\W32X86\hpfpp101.dll

MD5: 8554097e5136c3bf9f69fe578a1b35f4 C:\Windows\System32\spoolsv.exe

MD5: bf7e4d6f60a6d9e866432855c6f8c262 c:\windows\system32\sqmapi.dll

MD5: 1bf5eebfd518dd7298434d8c862f825d c:\windows\system32\srvsvc.dll

MD5: 452341e471d2d961229dfe0842957272 C:\Windows\system32\SSCORE.DLL

MD5: b5950df243837d8217f4e597919b224a C:\Windows\system32\stobject.dll

MD5: d24b4bf556c19568d813408597d95ab2 C:\Windows\system32\SynCOM.dll

MD5: d8dbedc3bac11f9ab4bc236e842fd662 C:\Windows\system32\SynTPAPI.dll

MD5: 71f5a7104fdf16c0ac5283a6ce666553 C:\Windows\system32\SYSNTFY.dll

MD5: 2a6a2c09ecc2cb495628e45f1379ece8 C:\Windows\system32\taskcomp.dll

MD5: 3d50c4b10352367d5cb20ed1f50f8da2 C:\Windows\System32\taskeng.exe

MD5: 52e129522c1775dbb8cc252e7a0655c7 C:\Windows\system32\taskschd.dll

MD5: cde36a70a5280fc0696e6e4363c4c71d C:\Windows\system32\TaskSchdPS.dll

MD5: 5091452dc719281cf1dd69367e13b494 C:\Windows\System32\tcpmib.dll

MD5: f8873d15018f411588bec02c1725bada C:\Windows\system32\tspkg.dll

MD5: e45051c374f845edf3db02a35ba13193 C:\Windows\system32\umb.dll

MD5: 0b71899e60d1265229bf3d080eab573d C:\Windows\system32\unimdmat.dll

MD5: dfbaadf1b624dc71e88d34d86b3595be C:\Windows\system32\uniplat.dll

MD5: e57fe53c0870e6cc72625ca361a0f2be C:\Windows\system32\urlmon.dll

MD5: 0bf0bb276f17b6ad61a8694d2551ec28 C:\Windows\System32\usbmon.dll

MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\system32\USP10.dll

MD5: 84b633c780df58fbf240f37ea776e9e7 C:\Windows\system32\VESWinlogon.dll

MD5: af25ecaa3d7f85dc13e348a6f79ad40d C:\Windows\system32\vss_ps.dll

MD5: dc3ae9f1554dcd97f90983ddbdacd83d C:\Windows\system32\vsstrace.dll

MD5: 2c3b09e586bda2cc49a292be7badc589 C:\Windows\system32\wbem\wmiutils.dll

MD5: e7d0f91e44d9d3b2116fa549bdcdb756 c:\windows\system32\WDSCORE.dll

MD5: 0745d6ead386710110817fbec03f5161 C:\Windows\system32\wfapigp.dll

MD5: 73fe2e5fa55088a241aa2732f5d387d6 C:\Windows\system32\wiarpc.dll

MD5: 4e45f092670eee0563aa9e1a7c8a1217 C:\Windows\system32\WININET.dll

MD5: 101ba3ea053480bb5d957ef37c06b5ed C:\Windows\System32\wininit.exe

MD5: 5ec8fb83f31aa2d6f421f02c3f4f4475 C:\Windows\System32\winspool.drv

MD5: 9a7a3bc8dc7e7ecaba2478ced4c38cbd C:\Windows\system32\winsrv.dll

MD5: 92283d9e33ec5f41ecc0b430b7459241 C:\Windows\system32\wls0wndh.dll

MD5: 9f1fac04a274adf9f65f9e1b851bdb1e C:\Windows\system32\wmdmps.dll

MD5: 015e99a7634b93e8bb0380c70f3d2cc3 C:\Windows\system32\wmp.dll

MD5: 9441a231c0aa0712f7cf3b10d9cfcf76 C:\Windows\system32\wmploc.dll

MD5: 617f9a5813e69f6e9ed94b811ec75396 C:\Windows\System32\wmpps.dll

MD5: f0321da5203f1e71917f3b7a13dc4912 C:\Windows\system32\WMsgAPI.dll

MD5: 09c7859269563c240ab2aaab574483dd C:\Windows\System32\WUDFHost.exe

MD5: 399bb52ad0668472717498e97cf28341 c:\windows\system32\WUDFPlatform.dll

MD5: 4b72b5b342ada4de8deea39cce465b58 C:\Windows\system32\WUDFx.dll

MD5: 1908cc7673f72601affdca022689cedf C:\Windows\System32\XmlLite.dll

MD5: 1d109ed0d660654ea7ff1574558031c4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL

MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL

MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll

MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.02 MB sent, 1.69 KB recvd

Scanned 966 files and modules - 51 seconds

==============================================================================

Link to post
Share on other sites

Ok so.... I think I did everything correctly. :unsure: It wasn't exactly as the directions said, but I got the system scanned. Let me know if I did everything correctly. Thank you again for everything thus far.

Yep! You did fine ;).

Your logs are looking good ;).

Before we move on to the next step, please update the following programs. (Using outdated applications leaves you extremely vulnerable to getting infected again.)

---------

You are using Internet Explorer version 8. The latest version is 9. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

---------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

---------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

---------

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

---------

Please let me know how the updates went, as failed updates may indicate additional malware ;).

Link to post
Share on other sites

I installed all the updates and they went smoothly. Except, the link to Uninstall flash player wouldn't connect giving me a 404/ Not FOund error message. So, I couldnt do that uninstall Flash Player so I didnt install the new version. Any suggestions? Should I delete that program manually like the others? Thanks

Link to post
Share on other sites

Glad to hear (most of) the updates went well :)

Except, the link to Uninstall flash player wouldn't connect giving me a 404/ Not FOund error message. So, I couldnt do that uninstall Flash Player so I didnt install the new version. Any suggestions? Should I delete that program manually like the others? Thanks

My apologies, try this link: http://kb2.adobe.com/cps/141/tn_14157.html (you'll have to download the 32-bit uninstaller) ;)

---------------

I will now provide you with some suggestions for security software, but first, let's remove ComboFix ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Thanks! I got flash player uninstalled and the new version installed. And I got combfix uninstalled. You have been such an unbelievable help thank you. So a few questions. How does ESET rank among the anti virus programs you mentioned? I am locked into another year of ESET and then I am going to have to choose to renew it or not. If ESET is as good or better than those free programs, I will stick with ESET until it runs out but if those free programs are that much better than I may just protect myself with one of those free programs. Also, what is WIndows Defender? Is that an anti virus program also because I have that on my computer as well. I have located that Windows Firewall program and I will deactivate that and choose one of the ones that you have provided.

The stand alone spyware scanning programs do they detect malware as well? Or do I have to keep that malware bytes anti-malware program I installed in the beginning of this process? Sorry for all the questions haha but I really never thought about viruses and stuff more than installing an anti virus program and let it go and update itself. Thanks

Link to post
Share on other sites

How does ESET rank among the anti virus programs you mentioned? I am locked into another year of ESET and then I am going to have to choose to renew it or not. If ESET is as good or better than those free programs, I will stick with ESET until it runs out but if those free programs are that much better than I may just protect myself with one of those free programs.

Personally, I use Avast! Free Edition and Malwarebytes Pro... I've had zero problems with these and find that they make a very solid combination. You might want to take a look into those programs, I personally view Avast! Free as one of the best available programs available ;)

Also, what is WIndows Defender? Is that an anti virus program also because I have that on my computer as well. I have located that Windows Firewall program and I will deactivate that and choose one of the ones that you have provided.

Windows Defender is a little utility that comes built-in with your installation of Windows. I would suggest simply disabling it, though it doesn't really matter if its left enabled.

The stand alone spyware scanning programs do they detect malware as well? Or do I have to keep that malware bytes anti-malware program I installed in the beginning of this process? Sorry for all the questions haha but I really never thought about viruses and stuff more than installing an anti virus program and let it go and update itself. Thanks

Many of the current antivirus programs available on the market serve as anti-spyware programs as well. To me, "spyware" and "malware" and "viruses" pretty much just serve as marketing jargon... if you use Malwarebytes on top of a good antivirus program (such as Avast!, Avira, AVG), you should be good to go.

Let me know if you have any further questions, I'd be happy to answer them :).

Link to post
Share on other sites

Ok....sounds good. Thanks a lot for all the help. Its been invaluable. I'm not a stress-out kind of guy but this trojan or whatever it was got me a little frazzled so thank goodness there is a place like this to come to for good, honest advice. Thanks for all your help and your suggestions on security going forward. If I do have any questions I will be sure to let you know. I will definetly be donating because this was not only a life-saver but you were incredibly patient and knowledgable. Thanks again.

Link to post
Share on other sites

Ok....sounds good. Thanks a lot for all the help. Its been invaluable. I'm not a stress-out kind of guy but this trojan or whatever it was got me a little frazzled so thank goodness there is a place like this to come to for good, honest advice. Thanks for all your help and your suggestions on security going forward. If I do have any questions I will be sure to let you know. I will definetly be donating because this was not only a life-saver but you were incredibly patient and knowledgable. Thanks again.

Thank you for the kind words! It was a pleasure to work with you :)

While this topic will eventually be closed, feel free to message me if you need to contact me about anything ;)

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.