.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Cheung at 9:36:22 on 2012-04-17
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.3327.597 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\IDSync\IDSyncService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Megacloud\VSSService.exe
C:\IDSync\IDSyncCDBManager.exe
C:\Windows\system32\conhost.exe
C:\IDSync\IDSyncSDBManager.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Clarus\Samsung SecretZone\SZAssistSVC.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\theSkyNet\wrapper-windows-x86-32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\IDSync\IDSyncClient.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\java.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Zune1\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IntelAppUp\IntelAppStore\bin\serviceManager.exe
C:\Program Files\CyberLink\TV Enhance\TVEService.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\OpenDrive\OpenDrive_Tray.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Tuso\Fiabee Sync\Fiabee.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Cheung\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Business-in-a-Box\BIBLauncher.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Cheung\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\IDSync\IDSyncTray.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\Megacloud\Livedrive.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Windows\system32\conhost.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\IDSync\IDSNotifier.exe
C:\Users\Dropbox1\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\GoBox\gobox_desktop.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Users\Cheung\AppData\Roaming\MegaCloud\MegaCloud.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Portable Apps\PortableApps\PortableApps.com\PortableAppsPlatform.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Users\Cheung\AppData\Roaming\Wuala\Wuala.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe
C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\DropboxPortableAHK.exe
C:\Portable Apps\PortableApps\DropboxPortableAHK-HR\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Portable Apps\PortableApps\DropboxPortableAHKNeda\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Cheung\Desktop\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\getmac.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://
www.dreamerz.biz/home.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*;127.0.0.1:9421;<local>
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEToolbarBHO Class: {1a1dac8c-074d-440f-8707-7009a672d7d1} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: DealScout: {467013bb-d67e-45be-a7d7-c29e3cca8aad} - c:\program files\dealscout\dealscout.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: PrimaDesk Login Helper: {7aec5d7c-9ba0-4a13-ab5d-244e4276fc09} - c:\windows\downloaded program files\conflict.3\npPrimaDeskPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
BHO: BrowserHelper Class: {edf48a39-1442-463f-9f4e-f376a78d034a} - c:\program files\megacloud\LivedriveExplorerExtensions.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LinkedIn Toolbar: {bb670d0b-5c46-40c7-b38b-40dd26987723} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
TB: PrimadeskToolbar: {1b5498a8-c09c-43dd-89fc-67803840387e} - c:\windows\downloaded program files\conflict.3\npPrimaDeskPlugin.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - c:\program files\freeonlineradioplayerrecorder\prxtbFree.dll
TB: GoBox: {6a719530-8443-4898-9bc4-69e76b5f1c89} - c:\program files\gobox\gobox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: GoBox Sidebar: {3bc832b5-d7af-4718-98ac-7f1269404929} - c:\program files\gobox\gobox.dll
EB: LinkedIn Toolbar: {85e0b171-04fa-11d1-b7da-00a0c90348d6} - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll
uRun: [<NO NAME>]
uRun: [AdobeBridge]
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Google Update] "c:\users\cheung\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BIBLauncher] c:\program files\business-in-a-box\BIBLauncher.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [Akamai NetSession Interface] "c:\users\cheung\appdata\local\akamai\netsession_win.exe"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDSyncStartup] "c:\idsync\IDSyncStartup.exe" Hide
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [Livedrive] "c:\program files\megacloud\Livedrive.exe"
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRunOnce: [Application Restart #7] c:\program files\google\chrome frame\application\chrome.exe --automation-channel=chrometestinginterface:8528.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --user-data-dir="c:\users\cheung\appdata\local\google\chrome frame\user data\iexplore" --chrome-version=17.0.963.79 --lang=en-US --flag-switches-begin --enable-print-preview --flag-switches-end --restore-last-session
mRun: [TrayServer] c:\progra~1\magix\movie_~1\TrayServer_en.exe
mRun: [Zune Launcher] "c:\program files\zune1\ZuneLauncher.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Intel AppUp(SM) center] "c:\program files\intelappup\intelappstore\bin\serviceManager.lnk"
mRun: [TVEService] "c:\program files\cyberlink\tv enhance\TVEService.exe"
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Fiabee] c:\program files\tuso\fiabee sync\Fiabee.exe hack
mRun: [OpenDrive Tray] c:\program files\opendrive\OpenDrive_Tray.exe
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\engine\SBRC.exe"
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\dropbox1\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteTray.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\gobox.lnk - c:\program files\gobox\gobox_desktop.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\idrive~1.lnk - c:\idsync\IDSyncTray.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\mangoa~1.lnk - c:\program files\mangoapps desktop\MangoApps Desktop.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\megacl~1.lnk - c:\users\cheung\appdata\roaming\megacloud\MegaCloud.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\portab~1.lnk - c:\portable apps\Start.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\qlock.lnk - c:\program files\qlock\qlock.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\program files\windows live\mesh\WLSync.exe
StartupFolder: c:\users\cheung\appdata\roaming\micros~1\windows\startm~1\programs\startup\wuala.lnk - c:\users\cheung\appdata\roaming\wuala\Wuala.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4 - c:\portable apps\portableapps\evernoteportable\app\evernote\EvernoteIE.dll/204
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Linked&In Search - c:\program files\linkedin\ie toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {1FAEED48-6C46-4AE6-9686-499858131F2E} - hxxps://
www.primadesk.com/primadesk/plugin/npPrimaDeskPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8B75A3DC-33D2-42E6-9440-7A1BECF6D031} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{BB33D5F5-D7EF-41F9-A0C1-0A3064D53BD4} : NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\18.0.1025.162\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - c:\windows\system32\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2011-9-10 13440]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-4-14 15672]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2012-4-4 146904]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-3-2 296336]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-2-16 242240]
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2011-10-13 9600]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-14 221784]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-14 78936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-2-16 87368]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-7-2 298824]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IDSyncService;IDSyncService;c:\idsync\IDSyncService.exe [2012-3-2 144856]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-15 654408]
R2 MegacloudVSSService;Megacloud VSS Service;c:\program files\megacloud\VSSService.exe [2012-3-16 157920]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2012-2-2 214896]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SZASSIST;SecretZone Assist Service;c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [2012-3-20 90112]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2011-8-29 464224]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2011-8-29 189792]
R2 wrapper;theSkyNet;c:\program files\theskynet\wrapper-windows-x86-32.exe [2011-5-26 431896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-15 22344]
R3 mdf16;mdf16;c:\program files\clarus\samsung secretzone\mdf16.sys [2012-3-20 18288]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
R3 mvd22;mvd22;c:\program files\clarus\samsung secretzone\mvd22.sys [2012-3-20 70512]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S1 eanhcosu;eanhcosu;c:\windows\system32\drivers\eanhcosu.sys [2012-4-17 42960]
S1 qbgpwvsl;qbgpwvsl;c:\windows\system32\drivers\qbgpwvsl.sys [2012-4-17 42960]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\fabs.exe /disableui --> c:\program files\common files\magix services\database\bin\FABS.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S2 LRMINIPORT;ISAMSvc;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-1 2214504]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-21 60928]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2009-10-13 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;"c:\program files\common files\magix services\database\bin\fbserver.exe" --> c:\program files\common files\magix services\database\bin\fbserver.exe [?]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-11-8 11008]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-25 15872]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-14 94040]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-25 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune1\WMZuneComm.exe [2011-8-5 268512]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-17 01:08:57 -------- d-----w- c:\users\cheung\appdata\local\{C930C657-C4D5-419A-BDCE-CCDE68B3A091}
2012-04-17 01:06:21 42960 ----a-w- c:\windows\system32\drivers\eanhcosu.sys
2012-04-17 00:55:58 42960 ----a-w- c:\windows\system32\drivers\qbgpwvsl.sys
2012-04-17 00:41:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0fe51ab-033b-4c45-ac20-9938fd6a1f4d}\offreg.dll
2012-04-17 00:33:03 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f0fe51ab-033b-4c45-ac20-9938fd6a1f4d}\mpengine.dll
2012-04-16 13:48:32 -------- d-----w- c:\users\cheung\appdata\local\{1B72F4AF-DAFA-47C1-B040-23068B05EC36}
2012-04-16 09:23:20 -------- d-----w- c:\users\cheung\appdata\local\{48D69A34-2EEC-4C24-A449-A56634FB87D6}
2012-04-16 08:00:30 -------- d-----w- c:\program files\FileHippo.com
2012-04-16 05:31:33 -------- d-----w- c:\users\cheung\appdata\local\{D2D99226-CC43-4594-957D-0B2643789272}
2012-04-16 02:29:05 -------- d-----w- c:\users\cheung\appdata\local\{BF4A0660-038F-4325-BD0C-301A2B0796D6}
2012-04-15 12:23:02 -------- d-----w- c:\users\cheung\appdata\local\{C79FA9A6-6601-4446-BFC2-B73ABCA802FD}
2012-04-15 10:02:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-15 10:02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-15 09:53:53 -------- d-----w- c:\users\cheung\appdata\local\{3F0BF5B6-C2C6-468D-A253-B5F897315C2E}
2012-04-14 10:40:03 -------- d-----w- c:\users\cheung\appdata\local\{A5B6A3D7-C0BB-402D-A787-D607CEED761C}
2012-04-14 10:08:06 -------- d-----w- c:\users\cheung\appdata\local\adaware
2012-04-14 10:08:05 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-14 10:07:52 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-14 10:07:39 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-14 10:07:21 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-14 10:07:21 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-14 10:07:16 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-04-14 10:04:34 -------- d-----w- c:\users\cheung\appdata\roaming\Ad-Aware Antivirus
2012-04-14 09:21:32 -------- d-----w- c:\users\cheung\appdata\local\{1E392024-CDA3-49EC-93EB-B0DE7AF0972C}
2012-04-13 16:34:12 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-04-13 16:34:12 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-04-13 16:34:06 -------- d-----w- c:\program files\IObit
2012-04-13 16:29:38 -------- d-----w- c:\program files\OpenDrive
2012-04-13 16:25:40 -------- d-----w- c:\users\cheung\appdata\local\{D6112BD0-2AF7-4B0C-8E20-FAE1BB86F637}
2012-04-13 01:36:23 -------- d-----w- c:\users\cheung\appdata\roaming\Cocylu
2012-04-13 01:26:04 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-12 12:42:16 -------- d-----w- c:\users\cheung\appdata\local\{92DA621C-FF95-4BA4-ABA2-E7B205A5D782}
2012-04-12 09:08:12 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 09:08:12 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:08:12 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:08:12 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:05:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 09:05:40 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:04:38 -------- d--h--w- c:\windows\AxInstSV
2012-04-10 06:47:33 -------- d-sh--w- C:\~LD
2012-04-10 06:41:25 -------- d-----w- c:\users\cheung\appdata\local\{60169B06-6F8A-498A-A7B9-643FFF6D2957}
2012-04-09 12:47:08 -------- d-----w- c:\users\cheung\appdata\local\{D6EAA220-7A43-4177-A20E-7C8254733C84}
2012-04-08 07:46:52 -------- d-----w- c:\users\cheung\appdata\local\{6629C97C-6288-42A9-8761-BB259B2D4764}
2012-04-08 07:44:15 -------- d-----w- c:\users\cheung\appdata\local\{DF38BF77-5464-466A-9BAE-D5CE7F1B42DE}
2012-04-08 06:19:44 -------- d-----w- c:\users\cheung\appdata\local\PCM4Everio
2012-04-08 06:07:07 -------- d-----w- c:\users\cheung\appdata\local\{EC6D206D-3F26-43D4-AFD5-2218779EC910}
2012-04-08 06:04:15 -------- d-----w- c:\users\cheung\appdata\local\{1185EBEB-4016-40FB-AA88-495E84239EB3}
2012-04-04 08:37:06 -------- d-----w- C:\xampp
2012-04-04 05:26:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 04:17:30 146904 ----a-w- c:\windows\system32\drivers\cbfs.sys
2012-04-04 04:16:34 -------- d-----w- c:\users\cheung\appdata\local\Megacloud
2012-04-04 04:16:32 -------- d-----w- c:\program files\Megacloud
2012-04-04 04:08:42 -------- d-----w- c:\program files\Spectromancer
2012-04-04 03:29:13 -------- d-----w- c:\users\cheung\appdata\local\OpenDrive
2012-04-03 09:20:15 -------- d-----w- c:\users\cheung\appdata\roaming\Fiabee
2012-04-03 09:19:53 -------- d-----w- c:\program files\Tuso
2012-03-28 03:45:27 -------- d-----w- c:\program files\Evernote
2012-03-27 14:25:40 -------- d-----w- c:\users\cheung\appdata\local\{BCAA9F1D-1F32-4204-958A-78CE64E21FCF}
2012-03-26 08:13:15 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-26 07:56:44 -------- d-----w- c:\users\cheung\.gstreamer-0.10
2012-03-26 07:48:50 -------- d-----w- c:\programdata\Motorola Media Link
2012-03-26 07:48:48 -------- d-----w- c:\program files\Motorola Mobility
2012-03-26 07:45:56 -------- d-----w- c:\users\cheung\appdata\roaming\MotoCast
2012-03-22 15:10:04 -------- d-----w- c:\users\cheung\appdata\local\{B11F8463-3B3C-4EFA-922C-AD55657175C5}
2012-03-22 15:06:59 97280 --sha-r- c:\windows\system32\FLACDX.ax
2012-03-22 15:06:59 81920 --sha-r- c:\windows\system32\aac_parser.ax
2012-03-22 15:06:59 227328 --sha-r- c:\windows\system32\ac3DX.ax
2012-03-22 15:06:59 179200 --sha-r- c:\windows\system32\DiracSplitter.ax
2012-03-22 15:06:59 175104 --sha-r- c:\windows\system32\CoreAAC.ax
2012-03-22 15:06:59 123904 --sha-r- c:\windows\system32\AVCDX.ax
2012-03-22 14:30:17 -------- d-----w- c:\users\cheung\appdata\local\{367D2617-E872-4FEA-8773-9F8476790042}
.
==================== Find3M ====================
.
2012-04-14 10:20:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-16 01:48:42 1734368 ----a-w- c:\windows\system32\LivedriveControlPanel.cpl
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 01:58:29 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-14 04:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-09 14:43:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-09 14:43:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-09 14:43:00 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-09 14:43:00 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-09 14:43:00 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-09 14:43:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-09 14:43:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-09 14:43:00 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-09 14:43:00 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-09 14:43:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-09 14:43:00 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-09 14:43:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:58:00 23808 ----a-w- c:\windows\system32\drivers\Motousbnet.sys
2012-01-25 05:57:48 24192 ----a-w- c:\windows\system32\drivers\motmodem.sys
2012-01-25 05:57:44 8448 ----a-w- c:\windows\system32\drivers\motccgpfl.sys
2012-01-25 05:57:36 20864 ----a-w- c:\windows\system32\drivers\motccgp.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2006-05-03 03:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 04:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 06:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 16:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
http://www.gmer.net
Windows 6.1.7601
.
CreateFile("
\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8709BFD0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [EAX+0x28]; PUSH EBP; MOV EBP, [ECX+0x4]; PUSH ESI; MOV ESI, [ESP+0x10]; PUSH EDI; MOV EDI, [ESI+0x60]; MOV AL, [EDI]; CMP AL, 0x16; JNZ 0x36; PUSH ESI; }
1 ntkrnlpa!IofCallDriver[0x82E4C52A] -> \Device\Harddisk0\DR0[0x8681E530]
3 CLASSPNP[0x8BC0459E] -> ntkrnlpa!IofCallDriver[0x82E4C52A] -> [0x86EBCEF8]
\Driver\00000944[0x86EA3E90] -> IRP_MJ_CREATE -> 0x8709BFD0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 9:38:26.36 ===============