TechSpot

Bad Image Error when anything and everything runs

Solved
By ericd8027
Feb 27, 2011
  1. From everything I can see, I have the same issue that was resolved in this forum: http://www.techspot.com/vb/topic160740.html

    Here are my logs:

    MBAM:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5889

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    2/26/2011 11:01:53 PM
    mbam-log-2011-02-26 (23-01-53).txt

    Scan type: Quick scan
    Objects scanned: 162655
    Time elapsed: 10 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    -------------------------------------------------------------------------------------------------------
    GMER:


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-27 08:09:34
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
    Running: zy19m40e.exe; Driver: C:\Users\Eric\AppData\Local\Temp\uwldapob.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C0588DE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    -----------------------------------------------------------------------------------------------------

    DDS:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Eric at 8:31:36.62 on Sun 02/27/2011
    Internet Explorer: 8.0.7601.17514
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.990 [GMT -5:00]

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\AsusService.exe
    C:\Program Files\asus\TouchSuite\AsusUacSvc.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
    C:\windows\SYSTEM32\WISPTIS.EXE
    C:\windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\windows\system32\taskhost.exe
    C:\windows\SYSTEM32\WISPTIS.EXE
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\asus\MailServer\MailServerWatchDog.exe
    C:\Program Files\asus\ASUS WebStorage\SERVICE\AsusWSService.exe
    C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
    C:\Program Files\asus\Eee Docking Touch\Eee Docking Touch.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files\asus\TouchHomeKey\TouchHomeKey.exe
    C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\asus\LivCam\LivCam.exe
    C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
    C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\asus\MailServer\MailServer.exe
    C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Users\Eric\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\system32\ctfmon.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\Users\Eric\Desktop\dds.scr
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Start Memos] c:\program files\asus\memos\StartMemos.exe
    uRun: [Google Update] "c:\users\eric\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Glary Memory Optimizer] "c:\program files\glary utilities\memdefrag.exe" /autostart
    uRun: [RadioSure] c:\users\eric\appdata\local\radiosure\RadioSure.exe /hidden
    mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
    mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
    mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
    mRun: [MailServerWatchDog] c:\program files\asus\mailserver\MailServerWatchDog.exe
    mRun: [ASUS WebStorage] c:\program files\asus\asus webstorage\service\AsusWSService.exe MySyncFolder
    mRun: [LiveUpdate] AsusSender.exe c:\program files\asus\liveupdate\LiveUpdate.exe auto
    mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Eee Docking Touch] c:\program files\asus\eee docking touch\Eee Docking Touch.exe autorun
    mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
    mRun: [TouchHomeKey] c:\program files\asus\touchhomekey\TouchHomeKey.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [LivCam] "c:\program files\asus\livcam\LivCam.exe"
    mRun: [PenWrite] c:\program files\asus\penwrite\PenWrite.exe AutoRun
    mRun: [ASUSPRP] c:\program files\asus\aprp\APRP.EXE
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\eric\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\shelltraydll.dll c:\progra~1\google\google~4\GO36F4~1.DLL

    ============= SERVICES / DRIVERS ===============

    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-8 11448]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 371544]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-26 301528]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 MpKsla035d486;MpKsla035d486;c:\programdata\microsoft\microsoft antimalware\definition updates\{b44d8d03-9522-4543-8064-e965171de237}\MpKsla035d486.sys [2011-2-26 28752]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-1-8 219136]
    R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\touchsuite\AsusUacSvc.exe [2010-1-8 28848]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-26 19544]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-26 53592]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-2-26 42184]
    R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\asus\game park\gameconsole\OberonGameConsoleService.exe [2010-1-8 44312]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-10-6 51712]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    R3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\drivers\SMIksdrv.sys [2009-12-30 181760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-16 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-10-6 43944]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-17 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-2-16 30192]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]

    =============== Created Last 30 ================

    2011-02-27 02:39:18 -------- d-----w- c:\users\eric\appdata\roaming\Malwarebytes
    2011-02-27 02:39:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-27 02:39:06 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-27 02:39:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-27 02:38:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-27 02:35:07 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b44d8d03-9522-4543-8064-e965171de237}\MpKsla035d486.sys
    2011-02-27 02:34:45 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{b44d8d03-9522-4543-8064-e965171de237}\mpengine.dll
    2011-02-27 00:19:05 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-02-27 00:19:03 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-02-27 00:18:23 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-27 00:18:11 -------- d-----w- c:\program files\AVAST Software
    2011-02-27 00:18:11 -------- d-----w- c:\progra~2\AVAST Software
    2011-02-26 19:42:26 20 ----a-w- c:\windows\system32\SHELLTRAYDLL.DLL
    2011-02-24 12:22:53 -------- d-----w- c:\program files\Calibre2
    2011-02-24 03:50:19 -------- d-----w- c:\program files\common files\xing shared
    2011-02-24 03:48:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-24 03:48:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-23 19:24:26 -------- d-----w- c:\windows\system32\SPReview
    2011-02-23 19:22:27 -------- d-----w- c:\windows\system32\EventProviders
    2011-02-23 19:13:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-02-23 19:13:10 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2011-02-23 19:13:09 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-02-23 19:13:08 3215872 ----a-w- c:\windows\system32\mstscax.dll
    2011-02-23 19:11:59 1115136 ----a-w- c:\windows\system32\RacEngn.dll
    2011-02-23 19:10:59 113664 ----a-w- c:\windows\system32\SessEnv.dll
    2011-02-23 19:09:59 690680 ----a-w- c:\windows\system32\ci.dll
    2011-02-23 19:08:58 413696 ----a-w- c:\windows\system32\PhotoScreensaver.scr
    2011-02-23 19:07:59 327680 ----a-w- c:\windows\system32\wimserv.exe
    2011-02-23 19:06:59 73216 ----a-w- c:\windows\system32\cabinet.dll
    2011-02-23 19:04:09 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-02-23 19:04:09 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-02-23 19:04:09 363008 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-02-23 19:04:09 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-02-23 19:03:34 697344 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-02-23 19:03:08 209920 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-02-23 19:03:08 189952 ----a-w- c:\windows\system32\wdscore.dll
    2011-02-23 19:01:27 323072 ----a-w- c:\windows\system32\drvstore.dll
    2011-02-23 19:01:25 257024 ----a-w- c:\windows\system32\dpx.dll
    2011-02-23 18:44:18 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-02-23 11:59:37 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 11:59:36 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 22:08:36 -------- d-----w- c:\users\eric\appdata\roaming\AVG10
    2011-02-22 22:06:13 -------- d--h--w- c:\progra~2\Common Files
    2011-02-22 22:03:53 -------- d-----w- c:\progra~2\AVG10
    2011-02-22 22:02:37 -------- d-----w- c:\program files\AVG
    2011-02-22 21:52:01 -------- d-----w- c:\users\eric\appdata\roaming\YoWindow
    2011-02-22 20:12:02 -------- d-----w- c:\program files\Synaptics
    2011-02-22 03:48:34 -------- d-----w- c:\users\eric\appdata\roaming\DriverFinder
    2011-02-22 03:44:18 -------- d-----w- c:\users\eric\appdata\local\eSupport.com
    2011-02-22 01:49:07 -------- d-----w- c:\users\eric\appdata\local\StickyNotes
    2011-02-22 01:44:34 -------- d-----w- c:\users\eric\appdata\roaming\MobilityFlow
    2011-02-22 01:34:51 -------- d-----w- c:\progra~2\MFAData
    2011-02-21 19:04:10 -------- d-----w- c:\users\eric\appdata\local\ElevatedDiagnostics
    2011-02-21 13:39:08 -------- d-----w- c:\users\eric\appdata\local\Diagnostics
    2011-02-20 14:59:48 -------- d-----w- c:\users\eric\appdata\roaming\AsusInternetRadio.FE3DA72B022E78FEBEB750602F72A2E5E345080B.1
    2011-02-19 19:10:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-19 18:56:11 -------- d-----w- c:\users\eric\appdata\roaming\OpenOffice.org
    2011-02-19 01:38:37 -------- d-----w- c:\program files\common files\PX Storage Engine
    2011-02-19 01:22:17 -------- d-----w- c:\program files\DivX
    2011-02-19 01:19:27 -------- d-----w- c:\progra~2\DivX
    2011-02-18 23:59:59 -------- d-----w- c:\users\eric\appdata\roaming\eBookConverter
    2011-02-18 23:09:02 -------- d-----w- c:\windows\system32\x64
    2011-02-18 21:27:49 -------- d-----w- c:\users\eric\appdata\local\Microsoft Corporation
    2011-02-18 20:29:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-02-18 16:07:29 -------- d-----w- c:\windows\en
    2011-02-18 16:04:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-02-18 01:04:32 -------- d-----w- c:\program files\eBookConverter
    2011-02-17 19:10:02 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-02-17 18:57:55 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-02-17 18:57:54 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-02-17 18:57:52 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-02-17 18:49:03 15712 ----a-w- c:\program files\common files\windows live\.cache\57d6e2371cbced30f\MeshBetaRemover.exe
    2011-02-17 18:48:59 469256 ----a-w- c:\program files\common files\windows live\.cache\5252c1291cbced30e\InstallManager_WLE_WLE.exe
    2011-02-17 18:48:41 525656 ----a-w- c:\program files\common files\windows live\.cache\48cc69c51cbced30d\DXSETUP.exe
    2011-02-17 18:48:40 94040 ----a-w- c:\program files\common files\windows live\.cache\48cc69c51cbced30d\DSETUP.dll
    2011-02-17 18:48:40 1691480 ----a-w- c:\program files\common files\windows live\.cache\48cc69c51cbced30d\dsetup32.dll
    2011-02-17 18:48:33 525656 ----a-w- c:\program files\common files\windows live\.cache\418f95c41cbced30c\DXSETUP.exe
    2011-02-17 18:48:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\418f95c41cbced30c\dsetup32.dll
    2011-02-17 18:48:30 94040 ----a-w- c:\program files\common files\windows live\.cache\418f95c41cbced30c\DSETUP.dll
    2011-02-17 18:46:15 -------- d-----w- c:\users\eric\appdata\local\Windows Live
    2011-02-17 14:51:53 -------- d-----w- c:\users\eric\appdata\local\Logos4
    2011-02-17 12:58:57 2330624 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 12:58:14 542208 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-17 12:57:51 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-17 12:56:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-17 12:55:47 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-17 12:55:46 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-02-17 12:55:45 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-17 12:38:38 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-02-17 12:38:37 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-17 12:38:37 107520 ----a-w- c:\windows\system32\cdd.dll
    2011-02-17 03:54:55 -------- d-----w- c:\users\eric\appdata\roaming\GlarySoft
    2011-02-17 02:07:47 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-02-17 01:52:36 -------- d-----w- c:\users\eric\Calibre Library
    2011-02-17 01:51:54 -------- d-----w- c:\users\eric\appdata\roaming\calibre
    2011-02-17 01:23:45 -------- d-----w- c:\users\eric\appdata\local\GVNotifierWPF
    2011-02-17 01:23:28 -------- d-----w- c:\users\eric\appdata\local\Amazon
    2011-02-17 01:18:31 -------- d-----w- c:\users\eric\appdata\local\RadioSure
    2011-02-16 23:58:23 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-02-16 23:57:33 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{dc737c9c-eaf7-48c2-90ba-364791399511}\gapaengine.dll
    2011-02-16 23:53:28 -------- d-----w- c:\users\eric\appdata\local\Studio_pomaran?a_d.o.o__O
    2011-02-16 23:49:21 -------- d-----w- c:\program files\Microsoft Security Client
    2011-02-16 23:47:42 -------- d-----w- c:\program files\GIMP 2
    2011-02-16 20:20:05 -------- d-----w- c:\users\eric\appdata\local\Thunderbird
    2011-02-16 19:36:57 -------- d-----w- c:\users\eric\appdata\roaming\GameConsole
    2011-02-16 19:36:23 -------- d-sh--w- c:\users\eric\appdata\roaming\.#
    2011-02-16 19:33:43 -------- d-----w- c:\users\eric\appdata\roaming\Motorola
    2011-02-16 19:27:36 -------- d-----w- c:\users\eric\appdata\roaming\TouchGate2Doorway
    2011-02-16 19:25:29 -------- d-----w- c:\windows\system32\log
    2011-02-16 19:10:07 -------- d-----w- c:\users\eric\appdata\local\Kobo
    2011-02-16 18:52:20 -------- d-----w- c:\program files\Kobo
    2011-02-16 18:52:00 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{877697aa-0553-430e-aa75-988e64467fad}\mpengine.dll
    2011-02-16 18:51:56 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-16 18:42:40 -------- d-----w- c:\users\eric\appdata\local\Google
    2011-02-16 18:41:32 -------- d-----w- c:\users\eric\appdata\local\Apps
    2011-02-16 18:41:31 -------- d-----w- c:\users\eric\appdata\local\Deployment
    2011-02-16 18:28:22 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
    2011-02-16 18:27:19 -------- d-----w- c:\program files\common files\Macrovision Shared
    2011-02-16 18:26:50 -------- d-----w- c:\program files\SoftStylus
    2011-02-16 18:26:50 -------- d-----w- c:\progra~2\Motorola
    2011-02-16 18:25:53 -------- d-----w- c:\windows\ConfigSetRoot
    2011-02-16 18:21:58 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-02-16 18:20:24 -------- d-----w- c:\program files\Microsoft
    2011-02-16 18:17:06 -------- d-----w- c:\program files\common files\Windows Live
    2011-02-16 18:15:46 -------- d-sh--w- C:\Recovery
    2011-02-04 07:26:50 684544 ----a-w- c:\windows\yowindow.scr

    ==================== Find3M ====================

    2011-02-23 19:48:14 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-02-22 19:58:40 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-02-22 19:58:18 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2011-02-22 19:58:16 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-02-22 19:58:01 206120 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-02-22 19:58:00 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2010-12-02 22:13:42 37376 ----a-w- c:\windows\system32\libusb0.dll

    ============= FINISH: 8:36:21.19 ===============
    --------------------------------------------------------------------------------------------------------

    Attach:



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Starter
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/16/2011 1:16:01 PM
    System Uptime: 2/26/2011 9:21:11 PM (11 hours ago)

    Motherboard: ASUSTeK Computer INC. | | T101MT
    Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz | CPU 1 | 1667/167mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 80 GiB total, 46.024 GiB free.
    D: is FIXED (NTFS) - 54 GiB total, 53.919 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslbe5c8db4
    Device ID: ROOT\LEGACY_MPKSLBE5C8DB4\0000
    Manufacturer:
    Name: MpKslbe5c8db4
    PNP Device ID: ROOT\LEGACY_MPKSLBE5C8DB4\0000
    Service: MpKslbe5c8db4

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl55877d98
    Device ID: ROOT\LEGACY_MPKSL55877D98\0000
    Manufacturer:
    Name: MpKsl55877d98
    PNP Device ID: ROOT\LEGACY_MPKSL55877D98\0000
    Service: MpKsl55877d98

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslc7c61473
    Device ID: ROOT\LEGACY_MPKSLC7C61473\0000
    Manufacturer:
    Name: MpKslc7c61473
    PNP Device ID: ROOT\LEGACY_MPKSLC7C61473\0000
    Service: MpKslc7c61473

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl19030ddb
    Device ID: ROOT\LEGACY_MPKSL19030DDB\0000
    Manufacturer:
    Name: MpKsl19030ddb
    PNP Device ID: ROOT\LEGACY_MPKSL19030DDB\0000
    Service: MpKsl19030ddb

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslc860a1f2
    Device ID: ROOT\LEGACY_MPKSLC860A1F2\0000
    Manufacturer:
    Name: MpKslc860a1f2
    PNP Device ID: ROOT\LEGACY_MPKSLC860A1F2\0000
    Service: MpKslc860a1f2

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl804923ee
    Device ID: ROOT\LEGACY_MPKSL804923EE\0000
    Manufacturer:
    Name: MpKsl804923ee
    PNP Device ID: ROOT\LEGACY_MPKSL804923EE\0000
    Service: MpKsl804923ee

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl396bdae7
    Device ID: ROOT\LEGACY_MPKSL396BDAE7\0000
    Manufacturer:
    Name: MpKsl396bdae7
    PNP Device ID: ROOT\LEGACY_MPKSL396BDAE7\0000
    Service: MpKsl396bdae7

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl432bb97c
    Device ID: ROOT\LEGACY_MPKSL432BB97C\0000
    Manufacturer:
    Name: MpKsl432bb97c
    PNP Device ID: ROOT\LEGACY_MPKSL432BB97C\0000
    Service: MpKsl432bb97c

    ==== System Restore Points ===================

    RP37: 2/24/2011 7:18:51 AM - Installed calibre
    RP38: 2/25/2011 7:09:18 PM - Windows Update
    RP39: 2/26/2011 6:54:57 PM - Removed AVG 2011
    RP40: 2/26/2011 7:01:09 PM - Removed AVG 2011
    RP41: 2/26/2011 7:17:52 PM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.1 MUI
    Amazon Kindle For PC
    ASUS VIBE
    ASUS WebStorage
    ASUSUpdate for Eee PC
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    avast! Free Antivirus
    Calculator
    calibre
    Chicken Invaders 2
    Compatibility Pack for the 2007 Office system
    CyberLink YouCam
    D3DX10
    ebi.BookReader3J
    Eee Docking Touch 3.8.1
    Eee PC TouchSuite
    FontResizer
    FotoFun_3.3.0.0
    Game Park Console
    Google Chrome
    Google Desktop
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Google Updater
    GVNotifier
    Hotkey Service
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 24
    Junk Mail filter update
    Kobo
    LivCam
    LiveUpdate
    Logos 4 Prerequisites
    Logos Bible Software 4
    Malwarebytes' Anti-Malware
    Memos 3.2.0.0
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (Dutch) 2007
    Microsoft Office Access MUI (French) 2007
    Microsoft Office Access MUI (German) 2007
    Microsoft Office Access MUI (Italian) 2007
    Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
    Microsoft Office Excel MUI (Dutch) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (French) 2007
    Microsoft Office Excel MUI (German) 2007
    Microsoft Office Excel MUI (Italian) 2007
    Microsoft Office Groove MUI (Dutch) 2007
    Microsoft Office Groove MUI (French) 2007
    Microsoft Office Groove MUI (German) 2007
    Microsoft Office Groove MUI (Italian) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (Dutch) 2007
    Microsoft Office InfoPath MUI (French) 2007
    Microsoft Office InfoPath MUI (German) 2007
    Microsoft Office InfoPath MUI (Italian) 2007
    Microsoft Office Language Pack 2007 - Dutch/Nederlands
    Microsoft Office Language Pack 2007 - French/Français
    Microsoft Office Language Pack 2007 - German/Deutsch
    Microsoft Office Language Pack 2007 - Italian/Italiano
    Microsoft Office Live Add-in 1.3
    Microsoft Office O MUI (Dutch) 2007
    Microsoft Office O MUI (French) 2007
    Microsoft Office O MUI (German) 2007
    Microsoft Office O MUI (Italian) 2007
    Microsoft Office OneNote MUI (Dutch) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (French) 2007
    Microsoft Office OneNote MUI (German) 2007
    Microsoft Office OneNote MUI (Italian) 2007
    Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
    Microsoft Office Outlook MUI (Dutch) 2007
    Microsoft Office Outlook MUI (French) 2007
    Microsoft Office Outlook MUI (German) 2007
    Microsoft Office Outlook MUI (Italian) 2007
    Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
    Microsoft Office PowerPoint MUI (Dutch) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (French) 2007
    Microsoft Office PowerPoint MUI (German) 2007
    Microsoft Office PowerPoint MUI (Italian) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (Dutch) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (German) 2007
    Microsoft Office Proof (Italian) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (Dutch) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (French) 2007
    Microsoft Office Proofing (German) 2007
    Microsoft Office Proofing (Italian) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (Dutch) 2007
    Microsoft Office Publisher MUI (French) 2007
    Microsoft Office Publisher MUI (German) 2007
    Microsoft Office Publisher MUI (Italian) 2007
    Microsoft Office Shared MUI (Dutch) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (French) 2007
    Microsoft Office Shared MUI (German) 2007
    Microsoft Office Shared MUI (Italian) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office SharePoint Designer MUI (Dutch) 2007
    Microsoft Office SharePoint Designer MUI (French) 2007
    Microsoft Office SharePoint Designer MUI (German) 2007
    Microsoft Office SharePoint Designer MUI (Italian) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
    Microsoft Office Word MUI (Dutch) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (French) 2007
    Microsoft Office Word MUI (German) 2007
    Microsoft Office Word MUI (Italian) 2007
    Microsoft Office X MUI (Dutch) 2007
    Microsoft Office X MUI (French) 2007
    Microsoft Office X MUI (German) 2007
    Microsoft Office X MUI (Italian) 2007
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)
    Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
    Mise à jour Microsoft Office Word 2007 Help (KB963665)
    Mozilla Thunderbird (3.1.7)
    MSVCRT
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser (KB973685)
    Notepad
    OpenOffice.org 3.3
    PenWrite v1.9.20.1
    RadioSure
    Ralink RT2860 Wireless LAN Card
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    runtime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype web features
    SoftStylus
    Super Hybrid Engine
    Synaptics Pointing Device Driver
    Touch Gate 1.0.2.2
    Update für Microsoft Office Excel 2007 Help (KB963678)
    Update für Microsoft Office Outlook 2007 Help (KB963677)
    Update für Microsoft Office Powerpoint 2007 Help (KB963669)
    Update für Microsoft Office Word 2007 Help (KB963665)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update voor Microsoft Office Excel 2007 Help (KB963678)
    Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
    Update voor Microsoft Office Word 2007 Help (KB963665)
    USB2.0 UVC WebCam
    Windows 7 Upgrade Advisor
    Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
    Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources

    ==== Event Viewer Messages From Past Week ========

    2/27/2011 2:20:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.185.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x80072f76 Error description: The requested header was not found
    2/26/2011 9:22:57 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/26/2011 9:22:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    2/26/2011 9:16:25 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    2/26/2011 9:01:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/26/2011 6:34:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    2/26/2011 10:18:51 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    2/24/2011 2:56:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2355.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    2/24/2011 2:56:58 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2355.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    2/24/2011 2:08:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    2/23/2011 2:21:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2292.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/23/2011 2:21:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2292.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/23/2011 2:21:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.97.2292.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/23/2011 1:11:25 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    2/21/2011 6:33:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x800705b4 Error description: This operation returned because the timeout period expired. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.

    ==== End Of File ===========================

    Thanks for all the help in advance!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot, Eric. I'll try to clear up the image problem.
    But nothing is ever 'exactly' the same so I would appreciate it if you would explain your problem in your words. I don't have time to refer to that thread and read all the content.
    ================================
    I do note that you have 3 antivirus programs running> Avast, AVG and MSE. That will make your system more vulnerable. Please remove one of them. Reboot the computer when finished.
     
  3. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    Bad Image Error

    Thanks for taking on my problem. Whenever I start a program I get a message that says:

    c:\windows\system32\ShellTrayDll.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

    ----------------------------

    Also, I looked at my "Add/Remove Programs" and Avast and MSE are the only one's listed. What should I do?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    ShellTrayDll.dll is malware. Combofix should remove it:

    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =======================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the cli[board, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    I'll check the previous logs while you run these scans.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Decide which you want to keep and remove the other:
    Avast Removal

    Microsoft Security EssentialsWindows Vista or Windows7
    1. .Click[​IMG]
    2. . In the Search programs and files text box, type Appwiz.cpl, and then press ENTER.
    3. . Right-click Microsoft Security Essentials> click Uninstall.
    4. . Restart the computer.

    AVG Remover:32bit
    AVG Remover:64 bit

    AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
    Note:
    • AVG user settings will be removed.
    • Virus Vault contents will be removed.
    • All other items related to AVG installation and use will be removed.
    • You will be asked during the removal procedure to restart your computer. Please do so.
    • Make sure there is no open work in process prior toto launching AVG Remover.
    Use the appropriate download for your system for the AVG Remover:
     
  6. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    Combofix text box & Eset

    I was able to run combofix. The output was:

    C:\combofix\pev.cfxxe
    The specified service does not exist as an installed service.

    ====================

    I tried running eset and have been able to do much of anything with this through Internet Explorer or Chrome with IE Tab enabled.

    When I click on "Eset Online Scanner" it sends me to the terms of use page and I click accept. At that point it goes to a page and displays nothing.

    I tried downloading the program and when I got to the terms of use, I checked the box accepting the conditions, click on the "Start" and nothing happens. I can continue to click the "Start" and nothing happens. I can leave it alone and nothing happens.

    ===================

    After running ComboFix the error box has disappeared for everything that I have tried opening thus far. So at the least, that has been very nice and thank you very much so far.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Don't thank me yet Eric! Let's try and get Combofix running:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    ============================================
    I want you to download Combofix again> with one important change: Rename combofix.exe to your_name.exe BEFORE saving it to your desktop. It will be ericd.exe Do NOT run it yet.
    ======================================
    Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.There are 4 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.pif
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
    ========================================================
    Double click on ericd.exe to run the Combofix scan.

    Leave the log in your next reply.
     
  8. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    When I perform the first step I get this text box:

    C:\Users\Eric\Desktop\ComboFix.exe

    The specified service does not exist as an installed service.


    After that the uninstall does not run.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    It does not appear that you did this:
    If you had, there would not be a combofix.exe file.
     
  10. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    Okay...I realized I got confused and tried to do things out of order.

    Rkill.com = does not have option to run as administrator. when I try to run normally, I get the same text error box.
    Rkill.scr = option to "test", "configure", or "install". When "install" it brings up screen saver
    Rkill.pif = broken hyperlink
    Rkill.exe = when "run as administrator" same text error box appears

    Because "rkill" has not been able to run, I have not done the following steps:

     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The Offender:
    c:\windows\system32\SHELLTRAYDLL.DLL

    It's a wonderful feeling when that light bulb goes off in your head and you understand something!! In my searching to identify SHELLTRAYDLL.DLL, almost every site available was for a MAC. So I'm thinking this fits into the message you got> this isn't a Windows file!

    So I'm going to have you search and delete it:
    Right click on the Taskbar> Explore> then go up to Tools> Click on Folder Options> View tab> Check 'show hidden files and folders'> Uncheck 'hide protected system files(recommended'> you will get a confirmation notice when you click on Apply> Click on Yes> OK.

    Click on My Computer> Double click on Local Drive(C)> Windows> System 32> Look on the right screen for SHELLTRAYDLL.DLL> Do a right click> Delete on the file.

    Go back into Tools> Folder Options View tab> reverse what you did: Click on 'do not show hidden files and folders'> Check 'Hide protected system files(Recommended'> Apply> OK.
    Exit Windows explorer.

    Reboot the computer. See if the error message is gone.

    ImportantIt is possible that a process on Startup is checked which would use this file. If you get another error message, it should be different> I need to know exactly what it says.
     
     
  12. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    Bobeye;

    I did the following steps:

    You told me to delete "SHELLTRAYDLL.DLL", unfortunately, I have been unable to find that file. The list goes from SHELL.DLL (date modified 7/13/2009) to shell32.dll (11/20/2010) to shellstyle.dll (7/13/2009) to shfolder.dll.
     
  13. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    I know I know very little about all this stuff, but part of me is wondering if ComboFix removed that file...if that is just absolutely bogus...completely forget I threw out such an idea, and I will stop trying to turn on my light bulb up here.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Can you tell me what your status is now regarding malware?
     
  15. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    It is the same as before trying to find and delete "shelltraydll.dll"

    When starting up, ComboFix still attempts to finish its process, I am unable install or uninstall any program.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    About the only thing we haven' done is scan for a rootkit! So let's give that a try:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Please post the log.
    • A reboot is required after disinfection.

    Try doing a C:\ComboFix.txt. On the outside chance that there was a scan and it did make a log!
     
  17. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    Bobbye;

    I just downloaded and extracted to my desktop. I went into the folder and attempted to run tdsskiller.exe and I received the same exact error message.


    Eric
     
  18. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    Would running in "safe mode" possibly change anything?
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Safe Mode might work. Try Combofix in Safe Mode first.
     
  20. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    After logging in to my computer through safemode, I received this log output from ComboFix:


    ComboFix 11-02-28.07 - Eric 03/01/2011 20:10:18.1.2 - x86
    Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2038.949 [GMT -5:00]
    Running from: c:\users\Eric\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\programdata\FullRemove.exe
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\Eric\AppData\Roaming\.#
    c:\windows\system32\SHELLTRAYDLL.DLL

    ----- BITS: Possible infected sites -----

    hxxp://resources.assets.logos.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_Appinfo


    ((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
    .

    2011-03-11 12:46 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB44CECD-49A3-4550-B220-B64E35686B82}\mpengine.dll
    2011-03-09 15:49 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-09 15:49 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-09 15:49 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-03-09 15:49 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 15:49 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 15:49 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 15:49 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-04 17:48 . 2011-03-04 17:48 -------- d-----w- c:\programdata\CyberLink
    2011-03-02 01:29 . 2011-03-02 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-27 02:39 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-27 02:39 . 2011-02-27 02:39 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-27 02:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-27 02:38 . 2011-02-27 02:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-27 00:18 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
    2011-02-27 00:18 . 2011-03-01 21:54 -------- d-----w- c:\program files\AVAST Software
    2011-02-27 00:18 . 2011-02-27 00:18 -------- d-----w- c:\programdata\AVAST Software
    2011-02-24 12:22 . 2011-02-24 12:25 -------- d-----w- c:\program files\Calibre2
    2011-02-24 03:50 . 2011-02-24 03:50 -------- d-----w- c:\program files\Common Files\xing shared
    2011-02-24 03:48 . 2011-02-24 03:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-02-24 03:48 . 2011-02-24 03:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-02-24 03:48 . 2011-02-24 03:50 -------- d-----w- c:\program files\Real
    2011-02-23 19:24 . 2011-02-23 19:24 -------- d-----w- c:\windows\system32\SPReview
    2011-02-23 19:22 . 2011-02-23 19:22 -------- d-----w- c:\windows\system32\EventProviders
    2011-02-23 19:13 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-02-23 19:13 . 2010-11-20 10:24 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2011-02-23 19:13 . 2010-11-20 12:21 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2011-02-23 19:13 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\system32\mstscax.dll
    2011-02-23 19:11 . 2010-11-20 12:21 1115136 ----a-w- c:\windows\system32\RacEngn.dll
    2011-02-23 19:10 . 2010-11-20 12:21 113664 ----a-w- c:\windows\system32\SessEnv.dll
    2011-02-23 19:09 . 2010-11-20 12:24 690680 ----a-w- c:\windows\system32\ci.dll
    2011-02-23 19:08 . 2010-11-20 12:19 312832 ----a-w- c:\windows\system32\hgcpl.dll
    2011-02-23 19:07 . 2010-11-20 12:17 327680 ----a-w- c:\windows\system32\wimserv.exe
    2011-02-23 19:04 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-02-23 19:04 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-02-23 19:04 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-02-23 19:04 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
    2011-02-23 19:03 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-02-23 19:03 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
    2011-02-23 19:03 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-02-23 19:01 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
    2011-02-23 19:01 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
    2011-02-23 18:44 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-02-23 11:59 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-02-23 11:59 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-22 22:06 . 2011-02-22 22:06 -------- d--h--w- c:\programdata\Common Files
    2011-02-22 20:12 . 2011-02-22 20:12 -------- d-----w- c:\program files\Synaptics
    2011-02-22 01:34 . 2011-02-22 22:02 -------- d-----w- c:\programdata\MFAData
    2011-02-21 23:18 . 2011-02-21 23:19 -------- d-----w- c:\program files\CyberLink
    2011-02-19 19:12 . 2011-02-19 19:12 -------- d-----w- c:\program files\Common Files\Java
    2011-02-19 19:10 . 2011-02-19 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-19 19:09 . 2011-02-19 19:09 -------- d-----w- c:\program files\Java
    2011-02-19 01:38 . 2011-02-20 14:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2011-02-19 01:22 . 2011-02-20 14:51 -------- d-----w- c:\program files\DivX
    2011-02-19 01:19 . 2011-02-20 14:51 -------- d-----w- c:\programdata\DivX
    2011-02-18 23:09 . 2011-02-18 23:09 -------- d-----w- c:\windows\system32\x64
    2011-02-18 20:29 . 2011-02-18 20:29 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-02-18 16:07 . 2011-02-18 16:07 -------- d-----w- c:\windows\en
    2011-02-18 16:04 . 2011-02-18 16:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-02-18 14:39 . 2011-02-18 14:39 -------- d-----w- c:\users\Krista
    2011-02-18 01:04 . 2011-02-22 04:35 -------- d-----w- c:\program files\eBookConverter
    2011-02-17 19:10 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-02-17 18:57 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-02-17 18:57 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-02-17 18:57 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-02-17 18:49 . 2011-02-19 22:08 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-02-17 12:58 . 2011-01-05 03:51 2330624 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 12:58 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-17 12:57 . 2011-01-05 05:55 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-17 12:56 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-17 12:55 . 2011-01-07 05:43 294400 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-17 12:55 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-02-17 12:55 . 2011-01-07 07:45 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-02-17 12:38 . 2010-11-20 12:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-02-17 12:38 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-02-17 12:38 . 2010-11-20 11:56 107520 ----a-w- c:\windows\system32\cdd.dll
    2011-02-17 10:01 . 2010-01-08 20:30 -------- d-----w- c:\users\Default\AppData\Roaming\ASUS
    2011-02-17 10:01 . 2010-01-08 20:24 -------- d-----w- c:\users\Default\AppData\Local\Adobe
    2011-02-17 10:01 . 2010-01-08 20:23 -------- d-----w- c:\users\Default\AppData\Roaming\ASUS WebStorage
    2011-02-17 10:01 . 2010-01-08 19:56 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-02-17 10:01 . 2010-01-08 19:49 -------- d-----w- c:\users\Default\AppData\Local\Broadcom
    2011-02-17 10:01 . 2010-01-08 19:47 -------- d-----w- c:\users\Default\AppData\Roaming\InstallShield
    2011-02-17 02:07 . 2011-02-17 02:08 -------- d-----w- c:\program files\OpenOffice.org 3
    2011-02-16 23:47 . 2011-02-16 23:49 -------- d-----w- c:\program files\GIMP 2
    2011-02-16 20:19 . 2011-02-19 01:42 -------- d-----w- c:\program files\Mozilla Thunderbird
    2011-02-16 19:33 . 2011-02-16 19:33 -------- d-----w- c:\programdata\FLEXnet
    2011-02-16 19:25 . 2011-02-16 19:25 -------- d-----w- c:\windows\system32\log
    2011-02-16 18:52 . 2011-02-23 18:21 -------- d-----w- c:\programdata\Google Updater
    2011-02-16 18:52 . 2011-02-16 19:00 -------- d-----w- c:\program files\Kobo
    2011-02-16 18:52 . 2011-02-20 14:55 -------- d-----w- c:\program files\Google
    2011-02-16 18:51 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-16 18:28 . 1999-03-06 12:38 6144 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
    2011-02-16 18:27 . 2011-02-16 18:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2011-02-16 18:26 . 2011-02-16 18:27 -------- d-----w- c:\program files\SoftStylus
    2011-02-16 18:26 . 2011-02-16 18:26 -------- d-----w- c:\programdata\Motorola
    2011-02-16 18:25 . 2011-02-16 18:25 -------- d-----w- c:\windows\ConfigSetRoot
    2011-02-16 18:23 . 2011-02-17 19:10 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-02-16 18:21 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-02-16 18:20 . 2011-02-16 18:23 -------- d-----w- c:\program files\Microsoft
    2011-02-16 18:19 . 2011-02-18 16:04 -------- d-----w- c:\program files\Windows Live
    2011-02-16 18:17 . 2011-02-16 18:17 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-02-16 18:16 . 2011-02-16 18:16 -------- d-----w- c:\windows\WLlog
    2011-02-16 18:16 . 2011-02-20 14:37 -------- d-----w- c:\users\Eric
    2011-02-16 18:15 . 2011-02-16 18:15 -------- d-----w- C:\Recovery

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-10 13:32 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-23 19:48 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-02-22 19:58 . 2009-08-07 14:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2011-02-22 19:58 . 2009-11-20 02:44 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
    2011-02-22 19:58 . 2009-11-20 02:44 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
    2011-02-22 19:58 . 2009-11-20 02:45 230448 ----a-w- c:\windows\system32\drivers\SynTP.sys
    2011-02-22 19:58 . 2009-11-20 02:44 206120 ----a-w- c:\windows\system32\SynCtrl.dll
    2011-02-22 19:58 . 2009-11-20 02:44 173352 ----a-w- c:\windows\system32\SynCOM.dll
    2011-02-04 07:26 . 2011-02-04 07:26 684544 ----a-w- c:\windows\yowindow.scr
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
    [HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
    [HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
    @="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
    [HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
    2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Start Memos"="c:\program files\Asus\Memos\StartMemos.exe" [2009-12-14 11952]
    "Google Update"="c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-02-16 136176]
    "RadioSure"="c:\users\Eric\AppData\Local\RadioSure\RadioSure.exe" [2011-02-08 1710592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
    "HotkeyService"="AsusSender.exe" [2009-09-11 33768]
    "SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
    "MailServerWatchDog"="c:\program files\asus\MailServer\MailServerWatchDog.exe" [2009-08-13 94896]
    "ASUS WebStorage"="c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-12-24 1736704]
    "LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "Eee Docking Touch"="c:\program files\ASUS\Eee Docking Touch\Eee Docking Touch.exe" [2009-12-30 414896]
    "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-08 3058304]
    "TouchHomeKey"="c:\program files\asus\TouchHomeKey\TouchHomeKey.exe" [2009-09-05 257200]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
    "LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
    "PenWrite"="c:\program files\ASUS\PenWrite\PenWrite.exe" [2010-01-20 543920]
    "ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-08 2018032]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-16 30192]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-02-24 273544]

    c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    R0 spldr;Security Processor Loader Driver; [x]
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
    R1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
    R1 MpKsl19030ddb;MpKsl19030ddb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25CB34D-56BF-423F-985C-4551FB1C0652}\MpKsl19030ddb.sys [x]
    R1 MpKsl396bdae7;MpKsl396bdae7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899B4E1-2C29-41B4-882A-DDA4427823BF}\MpKsl396bdae7.sys [x]
    R1 MpKsl432bb97c;MpKsl432bb97c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25CB34D-56BF-423F-985C-4551FB1C0652}\MpKsl432bb97c.sys [x]
    R1 MpKsl55877d98;MpKsl55877d98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E899B4E1-2C29-41B4-882A-DDA4427823BF}\MpKsl55877d98.sys [x]
    R1 MpKsl804923ee;MpKsl804923ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50E9307C-5269-4028-97FB-24494EBC2C8A}\MpKsl804923ee.sys [x]
    R1 MpKslbe5c8db4;MpKslbe5c8db4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E0E7117-C332-4B0D-ADC8-3448C8FB7398}\MpKslbe5c8db4.sys [x]
    R1 MpKslc7c61473;MpKslc7c61473;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E25CB34D-56BF-423F-985C-4551FB1C0652}\MpKslc7c61473.sys [x]
    R1 MpKslc860a1f2;MpKslc860a1f2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{726DE056-CDF9-45EA-BD19-81E22466BED6}\MpKslc860a1f2.sys [x]
    R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
    R1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
    R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
    R2 AsusUacSvc;Asus process privilege adjust service;c:\program files\asus\TouchSuite\AsusUacSvc.exe [2009-10-16 28848]
    R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 136176]
    R2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
    R2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
    R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
    R2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
    R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
    R2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
    R2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
    R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
    R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
    R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
    R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
    R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
    R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
    R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
    R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
    R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
    R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
    R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
    R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
    R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
    R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
    R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
    R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
    R3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
    R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-02-16 30192]
    R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
    R3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
    R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
    R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
    R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
    R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
    R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
    R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
    R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
    R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
    R3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
    R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
    R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
    R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
    R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
    R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 MsRPC;MsRPC; [x]
    R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
    R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
    R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
    R3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
    R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
    R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
    R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
    R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
    R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
    R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
    R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
    R3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
    R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
    R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
    R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
    R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
    R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
    R3 usbsmi;USB2.0 UVC WebCam ;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-12-25 181760]
    R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
    R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128]
    R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
    R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
    R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
    R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
    R3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
    R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]
    R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
    S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
    S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
    S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
    S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
    S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
    S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
    S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
    S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
    S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
    S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
    S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
    S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
    S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
    S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
    S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
    S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
    S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
    S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
    S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
    S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
    S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
    S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
    S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
    S3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
    S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
    S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
    S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
    S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
    S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-13 19968]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
    defragsvc REG_MULTI_SZ defragsvc
    WerSvcGroup REG_MULTI_SZ wersvc
    LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
    swprv REG_MULTI_SZ swprv
    LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
    NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
    regsvc REG_MULTI_SZ RemoteRegistry
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
    DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
    NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
    sdrsvc REG_MULTI_SZ sdrsvc
    WbioSvcGroup REG_MULTI_SZ WbioSrvc
    wcssvc REG_MULTI_SZ WcsPlugInService
    AxInstSVGroup REG_MULTI_SZ AxInstSV
    secsvcs REG_MULTI_SZ WinDefend
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    AeLookupSvc
    CertPropSvc
    SCPolicySvc
    lanmanserver
    gpsvc
    IKEEXT
    AudioSrv
    FastUserSwitchingCompatibility
    Nla
    NWCWorkstation
    SRService
    Wmi
    WmdmPmSp
    TermService
    wuauserv
    BITS
    ShellHWDetection
    LogonHours
    PCAudit
    helpsvc
    uploadmgr
    iphlpsvc
    seclogon
    msiscsi
    MMCSS
    wercplsupport
    EapHost
    ProfSvc
    schedule
    hkmsvc
    SessionEnv
    winmgmt
    browser
    Themes
    BDESVC

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
    homegrouplistener


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    WdiServiceHost
    sppuinotify

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
    lanmanworkstation

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
    BthHFSrv
    homegroupprovider

    .
    Contents of the 'Scheduled Tasks' folder

    2011-03-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-16 18:52]

    2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 18:59]

    2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 18:59]

    2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195645845-3431307071-4131870380-1000Core.job
    - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 18:42]

    2011-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2195645845-3431307071-4131870380-1000UA.job
    - c:\users\Eric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 18:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://asus.msn.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    HKCU-Run-Glary Memory Optimizer - c:\program files\Glary Utilities\memdefrag.exe
    HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    SafeBoot-AppInfo
    SafeBoot-sacsvr
    SafeBoot-vmms
    AddRemove-USB2.0 UVC WebCam - c:\windows\system32\RemoveSM37X.exe USB\VID_13D3&PID_5111&MI_00 USB\VID_13D3&PID_5115&MI_00 USB\VID_13D3&PID_5126&MI_00 USB\VID_13D3&PID_5116&MI_00



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-13 16:22
    Windows 6.1.7601 Service Pack 1 NTFS

    detected NTDLL code modification:
    ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1504)
    c:\progra~1\ASUS\ASUSWE~1\service\ASUSWS~1.DLL
    c:\program files\ASUS\ASUS WebStorage\LogicNP.EZShellExtensions.dll
    c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\system32\conhost.exe
    c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\windows\system32\rundll32.exe
    c:\users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-13 16:28:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-13 20:28

    Pre-Run: 50,394,693,632 bytes free
    Post-Run: 50,306,002,944 bytes free

    - - End Of File - - AE0BE3E3FFD7BF1506815F3354D7C226
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, this isn't going to work! i don't know what's going on with the Services and Drivers, but there are screens and screens of them running. None of the entries is setting up right.

    You're going to need to go online for this:
    Please go to VirSCAN.org FREE on-line scan service:
    If busy, you can use one of the following: ( you only need one)
    VirusTotal
    Jotti

    • [1]. Copy and paste the following file path into the Suspicious files to scan box on the top of the page.

      Code:
      [B]C:\combofix\pev.cfxxe[/B]
      
      [2]. At the upload site, click once inside the window next to Browse.
      [3]. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
      [4]. Click on the Upload button.
      This will perform a scan across multiple different virus scanning engines.
      Your file will possibly be entered into a queue which normally takes less than a minute to clear.
      Important: Wait for all of the scanning engines to complete.
      [5]. Once the Scan is completed scroll down and click on the Copy to Clipboard button. This will copy the link of the report into the Clipboard.
      [6]. Paste the contents of the Clipboard in your next reply.

    If there is a notation that there is a more recent scan available, please click on that
    Did you run DDS in Normal Mode or Safe Mode?
     
  22. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    A few things...

    Okay, so I did a little research on my own about my computer and also noticed a significant change. This is all for a bit of heads up for you in case it helps any.

    1) Asus EEE pc's were shipped WITH malware already onboard. So, I am assuming that this unit came with the wonderful friend hitching a ride.

    2) I was having massive issues with my built-in mouse (no right click function except through an external usb mouse; also, could not log in without the usb mouse or using the "mouse click button" [between the "Alt" and "Ctrl" buttons on the right side of the keyboard). I say "was" because after ComboFix finished running I now have full functionality of my built-in mouse.

    3) I have attempted to run "C:\combofix\pev.cfxxe" through the supplied online scanners and they were not accepting the file. They said that the file did not exist.

    When I use "combofix.exe" here is the link:

    http://www.virscan.org/report/0fe3625cacf2321986b83670218ec654.html

    4) DDS was run in normal mode...NOT in Safe Mode.

    5) Should I run tdsskiller in Safe Mode? As it will still not run in regular mode.

    6) Lastly, since Safe Mode provided some luck, should I, in Safe Mode, try to go through the initial 8-steps for malware removal again? Or are there any I should go through again?
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I would prefer that all of the scan be done in Normal Mode- if possible.
     
  24. ericd8027

    ericd8027 TS Rookie Topic Starter Posts: 20

    TDSSKiller (only could run in safemode) Report:


    2011/03/19 15:29:16.0058 2004 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/03/19 15:29:16.0245 2004 ================================================================================
    2011/03/19 15:29:16.0245 2004 SystemInfo:
    2011/03/19 15:29:16.0245 2004
    2011/03/19 15:29:16.0245 2004 OS Version: 6.1.7601 ServicePack: 1.0
    2011/03/19 15:29:16.0245 2004 Product type: Workstation
    2011/03/19 15:29:16.0245 2004 ComputerName: OLIVAW
    2011/03/19 15:29:16.0245 2004 UserName: Eric
    2011/03/19 15:29:16.0245 2004 Windows directory: C:\windows
    2011/03/19 15:29:16.0245 2004 System windows directory: C:\windows
    2011/03/19 15:29:16.0245 2004 Processor architecture: Intel x86
    2011/03/19 15:29:16.0245 2004 Number of processors: 2
    2011/03/19 15:29:16.0245 2004 Page size: 0x1000
    2011/03/19 15:29:16.0245 2004 Boot type: Safe boot with network
    2011/03/19 15:29:16.0245 2004 ================================================================================
    2011/03/19 15:29:16.0651 2004 Initialize success
    2011/03/19 15:29:19.0864 2036 ================================================================================
    2011/03/19 15:29:19.0864 2036 Scan started
    2011/03/19 15:29:19.0864 2036 Mode: Manual;
    2011/03/19 15:29:19.0864 2036 ================================================================================
    2011/03/19 15:29:20.0301 2036 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
    2011/03/19 15:29:20.0426 2036 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
    2011/03/19 15:29:20.0519 2036 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
    2011/03/19 15:29:20.0675 2036 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
    2011/03/19 15:29:20.0847 2036 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
    2011/03/19 15:29:20.0909 2036 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
    2011/03/19 15:29:21.0034 2036 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\windows\system32\drivers\afd.sys
    2011/03/19 15:29:21.0112 2036 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
    2011/03/19 15:29:21.0237 2036 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
    2011/03/19 15:29:21.0331 2036 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
    2011/03/19 15:29:21.0393 2036 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
    2011/03/19 15:29:21.0455 2036 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
    2011/03/19 15:29:21.0533 2036 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
    2011/03/19 15:29:21.0580 2036 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
    2011/03/19 15:29:21.0658 2036 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
    2011/03/19 15:29:21.0721 2036 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
    2011/03/19 15:29:21.0799 2036 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
    2011/03/19 15:29:21.0861 2036 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
    2011/03/19 15:29:21.0955 2036 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
    2011/03/19 15:29:22.0017 2036 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
    2011/03/19 15:29:22.0079 2036 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\windows\system32\drivers\AsUpIO.sys
    2011/03/19 15:29:22.0173 2036 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
    2011/03/19 15:29:22.0251 2036 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
    2011/03/19 15:29:22.0360 2036 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
    2011/03/19 15:29:22.0594 2036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
    2011/03/19 15:29:22.0688 2036 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
    2011/03/19 15:29:22.0781 2036 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
    2011/03/19 15:29:22.0859 2036 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
    2011/03/19 15:29:22.0937 2036 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
    2011/03/19 15:29:22.0984 2036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
    2011/03/19 15:29:23.0047 2036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
    2011/03/19 15:29:23.0125 2036 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
    2011/03/19 15:29:23.0187 2036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
    2011/03/19 15:29:23.0249 2036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
    2011/03/19 15:29:23.0296 2036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
    2011/03/19 15:29:23.0390 2036 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
    2011/03/19 15:29:23.0437 2036 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
    2011/03/19 15:29:23.0499 2036 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
    2011/03/19 15:29:23.0593 2036 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\windows\System32\Drivers\BTHport.sys
    2011/03/19 15:29:23.0686 2036 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\windows\System32\Drivers\BTHUSB.sys
    2011/03/19 15:29:23.0749 2036 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys
    2011/03/19 15:29:24.0092 2036 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
    2011/03/19 15:29:24.0154 2036 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
    2011/03/19 15:29:24.0248 2036 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
    2011/03/19 15:29:24.0310 2036 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
    2011/03/19 15:29:24.0419 2036 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
    2011/03/19 15:29:24.0482 2036 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
    2011/03/19 15:29:24.0544 2036 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
    2011/03/19 15:29:24.0607 2036 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
    2011/03/19 15:29:24.0685 2036 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
    2011/03/19 15:29:24.0778 2036 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
    2011/03/19 15:29:24.0919 2036 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
    2011/03/19 15:29:24.0997 2036 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
    2011/03/19 15:29:25.0059 2036 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
    2011/03/19 15:29:25.0184 2036 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
    2011/03/19 15:29:25.0293 2036 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
    2011/03/19 15:29:25.0480 2036 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
    2011/03/19 15:29:25.0667 2036 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
    2011/03/19 15:29:25.0745 2036 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
    2011/03/19 15:29:25.0870 2036 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
    2011/03/19 15:29:25.0933 2036 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
    2011/03/19 15:29:25.0995 2036 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
    2011/03/19 15:29:26.0104 2036 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
    2011/03/19 15:29:26.0167 2036 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
    2011/03/19 15:29:26.0245 2036 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
    2011/03/19 15:29:26.0338 2036 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
    2011/03/19 15:29:26.0432 2036 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
    2011/03/19 15:29:26.0494 2036 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
    2011/03/19 15:29:26.0588 2036 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
    2011/03/19 15:29:26.0650 2036 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
    2011/03/19 15:29:26.0713 2036 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
    2011/03/19 15:29:26.0853 2036 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
    2011/03/19 15:29:26.0931 2036 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
    2011/03/19 15:29:26.0993 2036 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
    2011/03/19 15:29:27.0056 2036 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
    2011/03/19 15:29:27.0103 2036 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
    2011/03/19 15:29:27.0181 2036 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
    2011/03/19 15:29:27.0290 2036 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
    2011/03/19 15:29:27.0415 2036 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
    2011/03/19 15:29:27.0493 2036 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
    2011/03/19 15:29:27.0602 2036 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
    2011/03/19 15:29:27.0836 2036 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
    2011/03/19 15:29:28.0117 2036 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
    2011/03/19 15:29:28.0179 2036 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
    2011/03/19 15:29:28.0475 2036 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys
    2011/03/19 15:29:28.0881 2036 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
    2011/03/19 15:29:29.0162 2036 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
    2011/03/19 15:29:29.0474 2036 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
    2011/03/19 15:29:29.0677 2036 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
    2011/03/19 15:29:29.0848 2036 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
    2011/03/19 15:29:30.0113 2036 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
    2011/03/19 15:29:30.0285 2036 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
    2011/03/19 15:29:30.0441 2036 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
    2011/03/19 15:29:30.0503 2036 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
    2011/03/19 15:29:30.0613 2036 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
    2011/03/19 15:29:30.0675 2036 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
    2011/03/19 15:29:30.0737 2036 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
    2011/03/19 15:29:30.0815 2036 kbfiltr (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
    2011/03/19 15:29:31.0112 2036 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
    2011/03/19 15:29:31.0190 2036 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
    2011/03/19 15:29:31.0268 2036 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
    2011/03/19 15:29:31.0471 2036 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
    2011/03/19 15:29:31.0627 2036 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
    2011/03/19 15:29:31.0705 2036 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
    2011/03/19 15:29:31.0783 2036 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
    2011/03/19 15:29:31.0845 2036 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
    2011/03/19 15:29:31.0907 2036 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
    2011/03/19 15:29:31.0985 2036 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
    2011/03/19 15:29:32.0110 2036 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
    2011/03/19 15:29:32.0204 2036 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
    2011/03/19 15:29:32.0266 2036 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
    2011/03/19 15:29:32.0360 2036 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
    2011/03/19 15:29:32.0422 2036 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
    2011/03/19 15:29:32.0485 2036 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
    2011/03/19 15:29:32.0563 2036 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
    2011/03/19 15:29:33.0374 2036 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
    2011/03/19 15:29:33.0577 2036 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
    2011/03/19 15:29:33.0717 2036 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\windows\system32\DRIVERS\mrxsmb.sys
    2011/03/19 15:29:33.0842 2036 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\windows\system32\DRIVERS\mrxsmb10.sys
    2011/03/19 15:29:33.0967 2036 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\windows\system32\DRIVERS\mrxsmb20.sys
    2011/03/19 15:29:34.0076 2036 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
    2011/03/19 15:29:34.0201 2036 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
    2011/03/19 15:29:34.0388 2036 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
    2011/03/19 15:29:34.0544 2036 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
    2011/03/19 15:29:34.0762 2036 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
    2011/03/19 15:29:35.0027 2036 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
    2011/03/19 15:29:35.0261 2036 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
    2011/03/19 15:29:35.0464 2036 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
    2011/03/19 15:29:35.0698 2036 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
    2011/03/19 15:29:35.0932 2036 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
    2011/03/19 15:29:36.0197 2036 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
    2011/03/19 15:29:36.0431 2036 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
    2011/03/19 15:29:36.0634 2036 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
    2011/03/19 15:29:36.0868 2036 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
    2011/03/19 15:29:37.0102 2036 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
    2011/03/19 15:29:37.0352 2036 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
    2011/03/19 15:29:37.0601 2036 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
    2011/03/19 15:29:37.0820 2036 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
    2011/03/19 15:29:38.0007 2036 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
    2011/03/19 15:29:38.0241 2036 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
    2011/03/19 15:29:38.0491 2036 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
    2011/03/19 15:29:38.0693 2036 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
    2011/03/19 15:29:38.0959 2036 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
    2011/03/19 15:29:39.0161 2036 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
    2011/03/19 15:29:39.0333 2036 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
    2011/03/19 15:29:39.0505 2036 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
    2011/03/19 15:29:39.0707 2036 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
    2011/03/19 15:29:39.0817 2036 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
    2011/03/19 15:29:39.0926 2036 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
    2011/03/19 15:29:40.0019 2036 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
    2011/03/19 15:29:40.0175 2036 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
    2011/03/19 15:29:40.0425 2036 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
    2011/03/19 15:29:40.0597 2036 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
    2011/03/19 15:29:40.0784 2036 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
    2011/03/19 15:29:41.0002 2036 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
    2011/03/19 15:29:41.0174 2036 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
    2011/03/19 15:29:41.0314 2036 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
    2011/03/19 15:29:41.0423 2036 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
    2011/03/19 15:29:41.0501 2036 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
    2011/03/19 15:29:41.0891 2036 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
    2011/03/19 15:29:41.0954 2036 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
    2011/03/19 15:29:42.0063 2036 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
    2011/03/19 15:29:42.0266 2036 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
    2011/03/19 15:29:42.0484 2036 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
    2011/03/19 15:29:42.0593 2036 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
    2011/03/19 15:29:42.0656 2036 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
    2011/03/19 15:29:42.0718 2036 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
    2011/03/19 15:29:42.0796 2036 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
    2011/03/19 15:29:42.0890 2036 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
    2011/03/19 15:29:42.0937 2036 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
    2011/03/19 15:29:43.0030 2036 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
    2011/03/19 15:29:43.0093 2036 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
    2011/03/19 15:29:43.0155 2036 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
    2011/03/19 15:29:43.0233 2036 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
    2011/03/19 15:29:43.0327 2036 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
    2011/03/19 15:29:43.0389 2036 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
    2011/03/19 15:29:43.0498 2036 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
    2011/03/19 15:29:43.0607 2036 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
    2011/03/19 15:29:43.0919 2036 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
    2011/03/19 15:29:44.0309 2036 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
    2011/03/19 15:29:44.0606 2036 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
    2011/03/19 15:29:44.0949 2036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
    2011/03/19 15:29:45.0152 2036 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
    2011/03/19 15:29:45.0214 2036 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
    2011/03/19 15:29:45.0292 2036 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
    2011/03/19 15:29:45.0448 2036 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
    2011/03/19 15:29:45.0495 2036 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
    2011/03/19 15:29:45.0573 2036 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
    2011/03/19 15:29:45.0635 2036 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
    2011/03/19 15:29:45.0760 2036 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
    2011/03/19 15:29:45.0838 2036 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
    2011/03/19 15:29:45.0901 2036 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
    2011/03/19 15:29:45.0994 2036 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
    2011/03/19 15:29:46.0103 2036 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
    2011/03/19 15:29:46.0244 2036 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\windows\system32\DRIVERS\srv.sys
    2011/03/19 15:29:46.0306 2036 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\windows\system32\DRIVERS\srv2.sys
    2011/03/19 15:29:46.0384 2036 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\windows\system32\DRIVERS\srvnet.sys
    2011/03/19 15:29:46.0493 2036 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
    2011/03/19 15:29:46.0571 2036 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
    2011/03/19 15:29:46.0681 2036 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
    2011/03/19 15:29:46.0868 2036 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\drivers\tcpip.sys
    2011/03/19 15:29:47.0102 2036 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\DRIVERS\tcpip.sys
    2011/03/19 15:29:47.0195 2036 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
    2011/03/19 15:29:47.0289 2036 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
    2011/03/19 15:29:47.0351 2036 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
    2011/03/19 15:29:47.0414 2036 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
    2011/03/19 15:29:47.0492 2036 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
    2011/03/19 15:29:47.0679 2036 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
    2011/03/19 15:29:47.0757 2036 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
    2011/03/19 15:29:47.0851 2036 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
    2011/03/19 15:29:47.0929 2036 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
    2011/03/19 15:29:47.0991 2036 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
    2011/03/19 15:29:48.0131 2036 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
    2011/03/19 15:29:48.0209 2036 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
    2011/03/19 15:29:48.0287 2036 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
    2011/03/19 15:29:48.0365 2036 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
    2011/03/19 15:29:48.0459 2036 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
    2011/03/19 15:29:48.0521 2036 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
    2011/03/19 15:29:48.0584 2036 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
    2011/03/19 15:29:48.0662 2036 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
    2011/03/19 15:29:48.0709 2036 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
    2011/03/19 15:29:48.0787 2036 usbsmi (6496f6a34fca3d68fdbcdfb269c1c046) C:\windows\system32\DRIVERS\SMIksdrv.sys
    2011/03/19 15:29:48.0880 2036 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
    2011/03/19 15:29:48.0958 2036 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
    2011/03/19 15:29:49.0021 2036 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
    2011/03/19 15:29:49.0145 2036 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
    2011/03/19 15:29:49.0223 2036 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
    2011/03/19 15:29:49.0286 2036 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
    2011/03/19 15:29:49.0364 2036 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
    2011/03/19 15:29:49.0426 2036 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
    2011/03/19 15:29:49.0489 2036 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
    2011/03/19 15:29:49.0551 2036 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
    2011/03/19 15:29:49.0613 2036 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
    2011/03/19 15:29:49.0676 2036 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
    2011/03/19 15:29:49.0754 2036 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
    2011/03/19 15:29:49.0816 2036 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
    2011/03/19 15:29:49.0894 2036 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
    2011/03/19 15:29:49.0957 2036 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
    2011/03/19 15:29:50.0066 2036 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
    2011/03/19 15:29:50.0144 2036 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    2011/03/19 15:29:50.0191 2036 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
    2011/03/19 15:29:50.0315 2036 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
    2011/03/19 15:29:50.0393 2036 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
    2011/03/19 15:29:50.0596 2036 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
    2011/03/19 15:29:50.0674 2036 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
    2011/03/19 15:29:50.0986 2036 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
    2011/03/19 15:29:51.0127 2036 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
    2011/03/19 15:29:51.0314 2036 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
    2011/03/19 15:29:51.0376 2036 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
    2011/03/19 15:29:51.0563 2036 ================================================================================
    2011/03/19 15:29:51.0563 2036 Scan finished
    2011/03/19 15:29:51.0579 2036 ================================================================================
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, we've been at this for 3 weeks and it seems we've made little progress. So we need to 'regroup' and decide what you can and can't do.

    1. Has there been any change in the system that you have noticed?
    2. Can you get into Normal Mode at all? If no, what happens when you try?
    3. There is some problem with Combofix and the drivers that hasn't been pinned down, so I need to see as much as possible and it won't be in Safe Mode.
    4."Asus EEE pc's were shipped WITH malware already onboard."> Have you checked to see if your model is any of the following?
    The article I found is dated October 9, 2008

    You should also know that this machine shipped with a large number of Bundled Applications: To name some of them:
    Any thast you don't use should be uninstalled. I have a Dell Mini with Win 7 Starter and it had so much trash on it that it was hard to find the good stuff!
    ===============-===================
    Please try again to run Combofix in Normal Mode.
    ========================================
    Your Windows 7 is 32bit, right? Please see if you can run HijackThis in Normal Mode.

    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.