Can't get viruses off--> mdmcls32.exe explorer.exe [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Can't get viruses off--> mdmcls32.exe explorer.exe [Closed] explorer.exe and mdmcls32.exe in Task Manager

#1 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 02 February 2009 - 04:33 PM

Hi. First of all I appreciate what you guys are doing. I've learned alot just reading through the forums. But, as I don't want to do irreparable damage to my computer, I'll post what I can't fix myself up here. So far I have run Vundofix and Maleware Anti Maleware and took out some things. I still can't get rid of explorer.exe and mdmcls32.exe. I'm sure these are the problems because when I ran a program called removeIT it showed me a list of files infected and they were on it and the only ones I could not manually delete. They are always running in Task Manager and eating lots of CPU. Also(and this one is horrible) my computer periodically pops up a window that says google installer has stopped working, cccleaner has stopped working, and others etc. when these aren't even running.

So here's a copy of my HijackThis Logfile.
Thanks,
Ben M.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:21, on 2/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Users\Yorick\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\mdmcls32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32\jusched.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 82.98.86.161 badmast.net
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RRT-Auto] C:\Users\Yorick\Desktop\RRT\RRT.exe auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Yorick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.co...sreqlab_ind.cab
O20 - AppInit_DLLs: iswrum.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\Windows\System32\svcprs32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10118 bytes

#2 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 09 February 2009 - 11:12 AM

Hello, nin9teen8ty, and welcome to GeeksToGo! Sorry for the delay in reply, the forums have been busy.

Download OTListIt2 to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

The log for OTListIt2 will be very long and may not fit in one post. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply.

#3 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 09 February 2009 - 01:05 PM

Hi,
Thanks for your reply.

I ran OTListIt and it worked with your specified instructions. Unfortunatley it did not produce a txt for 'Extras'. I looked in the download folder and performed a search.

Here is the OTListIt.txt

OTListIt logfile created on: 2/9/2009 12:52:29 - Run 3
OTListIt2 by OldTimer - Version 1.0.4.1 Folder = c:\Users\Yorick\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.24 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 44.89% Memory free
2.74 Gb Paging File | 1.41 Gb Available in Paging File | 51.39% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.13 Gb Total Space | 35.21 Gb Free Space | 24.95% Space Free | Partition Type: NTFS
Drive D: | 7.91 Gb Total Space | 1.07 Gb Free Space | 13.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465.64 Gb Total Space | 69.09 Gb Free Space | 14.84% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YORICK-PC
Current User Name: Yorick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Windows\System32\wininit.exe (Microsoft Corporation)
C:\Windows\System32\lsm.exe (Microsoft Corporation)
C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\dwm.exe (Microsoft Corporation)
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe (CA, Inc.)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe (Computer Associates International, Inc.)
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
C:\Windows\System32\svcprs32.exe ()
C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe (CA)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe (CA, Inc.)
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
C:\Windows\System32\hkcmd.exe (Intel Corporation)
C:\Windows\System32\igfxpers.exe (Intel Corporation)
C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
C:\Windows\System32\mobsync.exe (Microsoft Corporation)
C:\Windows\System32\mdmcls32.exe ()
C:\Windows\System32\mdmcls32.exe ()
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\CA\CA Internet Security Suite\ccupdate\ccupdate.exe (CA, Inc.)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\taskeng.exe (Microsoft Corporation)
C:\Windows\System32\mdmcls32.exe ()
c:\Users\Yorick\Downloads\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(AeLookupSvc [Auto | Running]) -- C:\Windows\System32\aelupsvc.dll (Microsoft Corporation)
(Appinfo [On_Demand | Running]) -- C:\Windows\System32\appinfo.dll (Microsoft Corporation)
(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(BFE [Auto | Running]) -- C:\Windows\System32\BFE.DLL (Microsoft Corporation)
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(BthServ [Auto | Running]) -- C:\Windows\System32\bthserv.dll (Microsoft Corporation)
(CaCCProvSP [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
(CAISafe [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe (Computer Associates International, Inc.)
(CertPropSvc [Unknown | Stopped]) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(DFSR [On_Demand | Stopped]) -- C:\Windows\System32\dfsr.exe (Microsoft Corporation)
(DPS [Unknown | Running]) -- C:\Windows\System32\dps.dll (Microsoft Corporation)
(EMDMgmt [Auto | Running]) -- C:\Windows\System32\emdmgmt.dll (Microsoft Corporation)
(fdPHost [On_Demand | Stopped]) -- C:\Windows\System32\fdPHost.dll (Microsoft Corporation)
(FDResPub [Auto | Running]) -- C:\Windows\System32\FDResPub.dll (Microsoft Corporation)
(FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
(gpsvc [Unknown | Running]) -- C:\Windows\System32\gpsvc.dll (Microsoft Corporation)
(HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
(hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
(hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
(idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
(IKEEXT [Auto | Running]) -- C:\Windows\System32\IKEEXT.DLL (Microsoft Corporation)
(IPBusEnum [On_Demand | Stopped]) -- C:\Windows\System32\IPBusEnum.dll (Microsoft Corporation)
(iphlpsvc [Auto | Running]) -- C:\Windows\System32\iphlpsvc.dll (Microsoft Corporation)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(ITMRTSVC [Auto | Running]) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.)
(KtmRm [Auto | Running]) -- C:\Windows\System32\msdtckrm.dll (Microsoft Corporation)
(lltdsvc [On_Demand | Stopped]) -- C:\Windows\System32\lltdsvc.dll (Microsoft Corporation)
(MMCSS [Auto | Running]) -- C:\Windows\System32\mmcss.dll (Microsoft Corporation)
(MpsSvc [Auto | Running]) -- C:\Windows\System32\MPSSVC.dll (Microsoft Corporation)
(MSiSCSI [On_Demand | Stopped]) -- C:\Windows\System32\iscsiexe.dll (Microsoft Corporation)
(NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
(Net Driver HPZ12 [Auto | Stopped]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
(netprofm [Auto | Running]) -- C:\Windows\System32\netprofm.dll (Microsoft Corporation)
(NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
(NlaSvc [Auto | Running]) -- C:\Windows\System32\nlasvc.dll (Microsoft Corporation)
(nsi [Auto | Running]) -- C:\Windows\System32\nsisvc.dll (Microsoft Corporation)
(odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
(ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
(p2pimsvc [On_Demand | Stopped]) -- C:\Windows\System32\p2psvc.dll (Microsoft Corporation)
(p2psvc [On_Demand | Stopped]) -- C:\Windows\System32\p2psvc.dll (Microsoft Corporation)
(PcaSvc [Auto | Running]) -- C:\Windows\System32\pcasvc.dll (Microsoft Corporation)
(pla [On_Demand | Stopped]) -- C:\Windows\System32\pla.dll (Microsoft Corporation)
(PlugPlay [Auto | Running]) -- C:\Windows\System32\umpnpmgr.dll (Microsoft Corporation)
(Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
(PNRPAutoReg [On_Demand | Stopped]) -- C:\Windows\System32\p2psvc.dll (Microsoft Corporation)
(PNRPsvc [On_Demand | Stopped]) -- C:\Windows\System32\p2psvc.dll (Microsoft Corporation)
(PolicyAgent [Auto | Running]) -- C:\Windows\System32\IPSECSVC.DLL (Microsoft Corporation)
(PPCtlPriv [On_Demand | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (CA, Inc.)
(ProfSvc [Auto | Running]) -- C:\Windows\System32\profsvc.dll (Microsoft Corporation)
(QWAVE [On_Demand | Stopped]) -- C:\Windows\System32\qwave.dll (Microsoft Corporation)
(RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
(SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
(SCardSvr [Unknown | Stopped]) -- C:\Windows\System32\SCardSvr.dll (Microsoft Corporation)
(SCPolicySvc [Unknown | Stopped]) -- C:\Windows\System32\certprop.dll (Microsoft Corporation)
(SDRSVC [On_Demand | Stopped]) -- C:\Windows\System32\sdrsvc.dll (Microsoft Corporation)
(SessionEnv [On_Demand | Stopped]) -- C:\Windows\System32\SessEnv.dll (Microsoft Corporation)
(slsvc [Auto | Running]) -- C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
(SLUINotify [On_Demand | Stopped]) -- C:\Windows\System32\SLUINotify.dll (Microsoft Corporation)
(SNMPTRAP [On_Demand | Stopped]) -- C:\Windows\System32\snmptrap.exe (Microsoft Corporation)
(SstpSvc [On_Demand | Running]) -- C:\Windows\System32\sstpsvc.dll (Microsoft Corporation)
(stllssvr [On_Demand | Stopped]) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
(swprv [On_Demand | Stopped]) -- C:\Windows\System32\swprv.dll (Microsoft Corporation)
(SysMain [Auto | Running]) -- C:\Windows\System32\sysmain.dll (Microsoft Corporation)
(TabletInputService [Auto | Running]) -- C:\Windows\System32\TabSvc.dll (Microsoft Corporation)
(TBS [Auto | Stopped]) -- C:\Windows\System32\tbssvc.dll (Microsoft Corporation)
(THREADORDER [On_Demand | Stopped]) -- C:\Windows\System32\mmcss.dll (Microsoft Corporation)
(TrustedInstaller [Unknown | Stopped]) -- C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation)
(UI0Detect [On_Demand | Stopped]) -- C:\Windows\System32\UI0Detect.exe (Microsoft Corporation)
(UmxAgent [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
(UmxCfg [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
(UmxFwHlp [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA)
(UmxPol [Auto | Running]) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
(UxSms [Auto | Running]) -- C:\Windows\System32\uxsms.dll (Microsoft Corporation)
(vds [On_Demand | Stopped]) -- C:\Windows\System32\vds.exe (Microsoft Corporation)
(VETMSGNT [Auto | Running]) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (CA, Inc.)
(Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
(WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
(wcncsvc [On_Demand | Stopped]) -- C:\Windows\System32\wcncsvc.dll (Microsoft Corporation)
(WcsPlugInService [On_Demand | Stopped]) -- C:\Windows\System32\WcsPlugInService.dll (Microsoft Corporation)
(WdiServiceHost [Unknown | Stopped]) -- C:\Windows\System32\wdi.dll (Microsoft Corporation)
(WdiSystemHost [Unknown | Running]) -- C:\Windows\System32\wdi.dll (Microsoft Corporation)
(Wecsvc [On_Demand | Stopped]) -- C:\Windows\System32\wecsvc.dll (Microsoft Corporation)
(wercplsupport [On_Demand | Stopped]) -- C:\Windows\System32\wercplsupport.dll (Microsoft Corporation)
(WerSvc [Auto | Running]) -- C:\Windows\System32\wersvc.dll (Microsoft Corporation)
(WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
(WinHttpAutoProxySvc [On_Demand | Running]) -- C:\Windows\System32\winhttp.dll (Microsoft Corporation)
(WinRM [On_Demand | Stopped]) -- C:\Windows\System32\WsmSvc.dll (Microsoft Corporation)
(WinSvchostManager [Auto | Running]) -- C:\Windows\System32\svcprs32.exe ()
(Wlansvc [On_Demand | Stopped]) -- C:\Windows\System32\wlansvc.dll (Microsoft Corporation)
(WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
(WPCSvc [On_Demand | Stopped]) -- C:\Windows\System32\wpcsvc.dll (Microsoft Corporation)
(WPDBusEnum [Auto | Running]) -- C:\Windows\System32\wpdbusenum.dll (Microsoft Corporation)
(WSearch [Auto | Running]) -- C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
(wuauserv [Auto | Running]) -- C:\Windows\System32\wuaueng.dll (Microsoft Corporation)
(wudfsvc [Auto | Running]) -- C:\Windows\System32\WUDFSvc.dll (Microsoft Corporation)
(XAudioService [Auto | Running]) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

(adp94xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
(adpahci [Disabled | Stopped]) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
(adpu160m [Disabled | Stopped]) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
(adpu320 [Disabled | Stopped]) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
(aic78xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
(aliide [Disabled | Stopped]) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
(amdagp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\AMDAGP.SYS (Microsoft Corporation)
(amdide [Disabled | Stopped]) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
(AmdK7 [Disabled | Stopped]) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
(AmdK8 [Disabled | Stopped]) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
(arc [Disabled | Stopped]) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
(arcsas [Disabled | Stopped]) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
(bowser [On_Demand | Running]) -- C:\Windows\System32\drivers\bowser.sys (Microsoft Corporation)
(BrFiltLo [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BrFiltLo.sys (Brother Industries, Ltd.)
(BrFiltUp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BrFiltUp.sys (Brother Industries, Ltd.)
(Brserid [Disabled | Stopped]) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
(BrSerWdm [Disabled | Stopped]) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
(BrUsbMdm [Disabled | Stopped]) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
(BrUsbSer [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
(BTHMODEM [Disabled | Stopped]) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
(circlass [Disabled | Stopped]) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
(CLFS [Unknown | Running]) -- C:\Windows\System32\clfs.sys (Microsoft Corporation)
(cmdide [Disabled | Stopped]) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
(crcdisk [Boot | Running]) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
(Crusoe [Disabled | Stopped]) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
(DfsC [System | Running]) -- C:\Windows\System32\drivers\dfsc.sys (Microsoft Corporation)
(Dot4 [On_Demand | Running]) -- C:\Windows\System32\drivers\Dot4.sys (Microsoft Corporation)
(Dot4Print [On_Demand | Running]) -- C:\Windows\System32\drivers\Dot4Prt.sys (Microsoft Corporation)
(dot4usb [On_Demand | Running]) -- C:\Windows\System32\drivers\Dot4usb.sys (Microsoft Corporation)
(DXGKrnl [On_Demand | Running]) -- C:\Windows\System32\drivers\dxgkrnl.sys (Microsoft Corporation)
(E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
(Ecache [Boot | Running]) -- C:\Windows\System32\drivers\ecache.sys (Microsoft Corporation)
(elxstor [Disabled | Stopped]) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
(exfat [On_Demand | Stopped]) -- C:\Windows\System32\drivers\exfat.sys (Microsoft Corporation)
(FileInfo [Boot | Running]) -- C:\Windows\System32\drivers\fileinfo.sys (Microsoft Corporation)
(Filetrace [On_Demand | Stopped]) -- C:\Windows\System32\drivers\filetrace.sys (Microsoft Corporation)
(gagp30kx [On_Demand | Stopped]) -- C:\Windows\System32\drivers\GAGP30KX.SYS (Microsoft Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HdAudAddService [On_Demand | Stopped]) -- C:\Windows\System32\drivers\HdAudio.sys (Microsoft Corporation)
(HDAudBus [On_Demand | Running]) -- C:\Windows\System32\drivers\hdaudbus.sys (Microsoft Corporation)
(HidBth [Disabled | Stopped]) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
(HidIr [Disabled | Stopped]) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
(HpCISSs [Disabled | Stopped]) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
(HSF_DP [On_Demand | Running]) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
(HSXHWBS2 [On_Demand | Running]) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
(ialm [On_Demand | Stopped]) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
(iaStorV [Disabled | Stopped]) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
(igfx [On_Demand | Running]) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
(iirsp [Disabled | Stopped]) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
(IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
(IPMIDRV [Disabled | Stopped]) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
(iScsiPrt [On_Demand | Running]) -- C:\Windows\System32\drivers\msiscsi.sys (Microsoft Corporation)
(iteatapi [Disabled | Stopped]) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
(iteraid [Disabled | Stopped]) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
(kbdhid [Disabled | Stopped]) -- C:\Windows\System32\drivers\kbdhid.sys (Microsoft Corporation)
(KmxAgent [System | Running]) -- C:\Windows\System32\drivers\KmxAgent.sys (CA)
(KmxCF [Auto | Running]) -- C:\Windows\System32\drivers\KmxCF.sys (CA)
(KmxCfg [On_Demand | Running]) -- C:\Windows\System32\drivers\KmxCfg.sys (CA)
(KmxFile [System | Running]) -- C:\Windows\System32\drivers\KmxFile.sys (CA)
(KmxFilter [System | Running]) -- C:\Windows\System32\drivers\KmxFilter.sys (CA)
(KmxFw [Boot | Running]) -- C:\Windows\System32\drivers\KmxFw.sys (CA)
(KmxSbx [Auto | Running]) -- C:\Windows\System32\drivers\KmxSbx.sys (CA)
(lltdio [Auto | Running]) -- C:\Windows\System32\drivers\lltdio.sys (Microsoft Corporation)
(LSI_FC [Disabled | Stopped]) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
(LSI_SAS [Disabled | Stopped]) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
(LSI_SCSI [Disabled | Stopped]) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
(luafv [Auto | Running]) -- C:\Windows\System32\drivers\luafv.sys (Microsoft Corporation)
(mdmxsdk [Auto | Running]) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
(megasas [Disabled | Stopped]) -- C:\Windows\System32\drivers\megasas.sys (LSI Logic Corporation)
(monitor [On_Demand | Running]) -- C:\Windows\System32\drivers\monitor.sys (Microsoft Corporation)
(mpio [Disabled | Stopped]) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
(mpsdrv [On_Demand | Running]) -- C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Corporation)
(Mraid35x [Disabled | Stopped]) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
(mrxsmb10 [On_Demand | Running]) -- C:\Windows\System32\drivers\mrxsmb10.sys (Microsoft Corporation)
(mrxsmb20 [On_Demand | Running]) -- C:\Windows\System32\drivers\mrxsmb20.sys (Microsoft Corporation)
(msahci [Disabled | Stopped]) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
(msdsm [Disabled | Stopped]) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
(msisadrv [Boot | Running]) -- C:\Windows\System32\drivers\msisadrv.sys (Microsoft Corporation)
(MsRPC [On_Demand | Stopped]) -- C:\Windows\System32\drivers\msrpc.sys (Microsoft Corporation)
(NativeWifiP [On_Demand | Stopped]) -- C:\Windows\System32\drivers\nwifi.sys (Microsoft Corporation)
(nfrd960 [Disabled | Stopped]) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
(nsiproxy [System | Running]) -- C:\Windows\System32\drivers\nsiproxy.sys (Microsoft Corporation)
(ntrigdigi [Disabled | Stopped]) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
(nvraid [Disabled | Stopped]) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
(nvstor [Disabled | Stopped]) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
(nv_agp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\NV_AGP.SYS (Microsoft Corporation)
(pcouffin [On_Demand | Running]) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software)
(PEAUTH [Auto | Running]) -- C:\Windows\System32\drivers\PEAuth.sys (Microsoft Corporation)
(PSched [System | Running]) -- C:\Windows\System32\drivers\pacer.sys (Microsoft Corporation)
(PxHelp20 [Boot | Running]) -- C:\Windows\System32\drivers\pxhelp20.sys (Sonic Solutions)
(QCDonner [On_Demand | Stopped]) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)
(ql2300 [Disabled | Stopped]) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
(ql40xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
(QWAVEdrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\qwavedrv.sys (Microsoft Corporation)
(RasSstp [On_Demand | Running]) -- C:\Windows\System32\drivers\rassstp.sys (Microsoft Corporation)
(RDPENCDD [System | Running]) -- C:\Windows\System32\drivers\RDPENCDD.sys (Microsoft Corporation)
(rspndr [Auto | Running]) -- C:\Windows\System32\drivers\rspndr.sys (Microsoft Corporation)
(RTL8169 [On_Demand | Running]) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
(SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(sbp2port [Disabled | Stopped]) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
(SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
(secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sermouse [Disabled | Stopped]) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
(sffdisk [Disabled | Stopped]) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
(sffp_mmc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\sffp_mmc.sys (Microsoft Corporation)
(sffp_sd [On_Demand | Stopped]) -- C:\Windows\System32\drivers\sffp_sd.sys (Microsoft Corporation)
(sisagp [On_Demand | Stopped]) -- C:\Windows\System32\drivers\SISAGP.SYS (Microsoft Corporation)
(SiSRaid2 [Disabled | Stopped]) -- C:\Windows\System32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
(SiSRaid4 [Disabled | Stopped]) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
(Smb [System | Running]) -- C:\Windows\System32\drivers\smb.sys (Microsoft Corporation)
(spldr [Boot | Running]) -- C:\Windows\System32\drivers\spldr.sys (Microsoft Corporation)
(sptd [Boot | Running]) -- C:\Windows\System32\drivers\sptd.sys ()
(srv2 [On_Demand | Running]) -- C:\Windows\System32\drivers\srv2.sys (Microsoft Corporation)
(srvnet [On_Demand | Running]) -- C:\Windows\System32\drivers\srvnet.sys (Microsoft Corporation)
(Symc8xx [Disabled | Stopped]) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
(Sym_hi [Disabled | Stopped]) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
(Sym_u3 [Disabled | Stopped]) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
(tcpipreg [Auto | Running]) -- C:\Windows\System32\drivers\tcpipreg.sys (Microsoft Corporation)
(tdx [System | Running]) -- C:\Windows\System32\drivers\tdx.sys (Microsoft Corporation)
(tssecsrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tssecsrv.sys (Microsoft Corporation)
(tunmp [On_Demand | Running]) -- C:\Windows\System32\drivers\TUNMP.SYS (Microsoft Corporation)
(tunnel [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tunnel.sys (Microsoft Corporation)
(uagp35 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\UAGP35.SYS (Microsoft Corporation)
(uliagpkx [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ULIAGPKX.SYS (Microsoft Corporation)
(uliahci [Disabled | Stopped]) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
(UlSata [Disabled | Stopped]) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
(ulsata2 [Disabled | Stopped]) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
(umbus [On_Demand | Running]) -- C:\Windows\System32\drivers\umbus.sys (Microsoft Corporation)
(USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaapl.sys (Apple, Inc.)
(usbcir [Disabled | Stopped]) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
(USB_RNDIS [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
(usb_rndisx [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation)
(VET-FILT [System | Running]) -- C:\Windows\System32\drivers\vet-filt.sys (Computer Associates International, Inc.)
(VET-REC [System | Running]) -- C:\Windows\System32\drivers\vet-rec.sys (Computer Associates International, Inc.)
(VETEBOOT [On_Demand | Running]) -- C:\Windows\System32\drivers\veteboot.sys (Computer Associates International, Inc.)
(VETEFILE [System | Running]) -- C:\Windows\System32\drivers\vetefile.sys (Computer Associates International, Inc.)
(VETFDDNT [System | Running]) -- C:\Windows\System32\drivers\vetfddnt.sys (Computer Associates International, Inc.)
(VETMONNT [System | Running]) -- C:\Windows\System32\drivers\vetmonnt.sys (Computer Associates International, Inc.)
(vga [On_Demand | Stopped]) -- C:\Windows\System32\drivers\vgapnp.sys (Microsoft Corporation)
(ViaC7 [Disabled | Stopped]) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
(viaide [Disabled | Stopped]) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
(volmgr [Boot | Running]) -- C:\Windows\System32\drivers\volmgr.sys (Microsoft Corporation)
(volmgrx [Boot | Running]) -- C:\Windows\System32\drivers\volmgrx.sys (Microsoft Corporation)
(vsmraid [Disabled | Stopped]) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
(WacomPen [Disabled | Stopped]) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
(Wd [Disabled | Stopped]) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
(Wdf01000 [Boot | Running]) -- C:\Windows\System32\drivers\Wdf01000.sys (Microsoft Corporation)
(winachsf [On_Demand | Running]) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
(WmiAcpi [Disabled | Stopped]) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
(ws2ifsl [System | Running]) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
(XAudio [Auto | Running]) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default =
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (224352 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 82.98.86.161 badmast.net
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 7874 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl (CA, Inc.)
O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.)
O4 - HKLM..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)
O4 - HKLM..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)
O4 - HKLM..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" (CA)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RRT-Auto] C:\Users\Yorick\Desktop\RRT\RRT.exe auto File not found
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" (DT Soft Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O18 - Protocol\Handler: - about - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-help - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\System32\browseui.dll (Microsoft Corporation)

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = iswrum.dll
> File not found

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\Windows\explorer.exe (Microsoft Corporation)

"UserInit" = C:\Windows\system32\userinit.exe,
>C:\Windows\System32\userinit.exe (Microsoft Corporation)

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\Windows\System32\shell32.dll (Microsoft Corporation)
>C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

========== HKCU Winlogon Settings ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = Explorer.exe
>C:\Windows\explorer.exe (Microsoft Corporation)

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxdev.dll -- C:\Windows\System32\igfxdev.dll (Intel Corporation)
PFW: "DllName" = UmxWnp.Dll -- C:\Windows\System32\UmxWNP.dll (CA)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
"{8912DBA0-A96F-48F1-9A42-EE6CD54B7A9D}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = credssp.dll
>C:\Windows\System32\credssp.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,C:\Windows\system32\ljJBTNDW,
>C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
> File not found

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,tspkg,
>C:\Windows\System32\kerberos.dll (Microsoft Corporation)
>C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
>C:\Windows\System32\schannel.dll (Microsoft Corporation)
>C:\Windows\System32\wdigest.dll (Microsoft Corporation)
>C:\Windows\System32\TSpkg.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
C:\autoexec.bat () -- [ NTFS ]

Autoruns []
C:\Autoruns [2008/10/15 16:57:55 00,000,000 | ---D | M] -- [ NTFS ]

Autoruns.zip [PK | ]
C:\Autoruns.zip () -- [ NTFS ]

autorun.inf [[autorun] | open=wd_windows_tools\setup.exe | ICON=AUTORUN\WDLOGO.ICO | ]
G:\autorun.inf () -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22ced3bf-ae93-11dc-ae6a-001d6073177f}\Shell\AutoRun\command]
"" = G:\wd_windows_tools\setup.exe -- [2005/12/02 10:57:50 | 00,782,336 | ---- | M] (Western Digital Technologies)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
"" = F:\wd_windows_tools\setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
"" = G:\wd_windows_tools\setup.exe -- [2005/12/02 10:57:50 | 00,782,336 | ---- | M] (Western Digital Technologies)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
"" = H:\Launch.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\Shell\AutoRun\command]
"" = I:\GRIM.EXE -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/08 16:06:16 | 00,000,776 | ---- | C] () -- C:\Users\Yorick\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
[2009/02/08 11:53:39 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Local\Ahead
[2009/02/08 11:49:59 | 01,077,248 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2009/02/07 23:59:42 | 00,001,955 | ---- | C] () -- C:\Users\Yorick\Desktop\Subtitle Workshop.lnk
[2009/02/07 23:59:40 | 00,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2009/02/06 23:05:12 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009/02/06 22:35:54 | 00,000,826 | ---- | C] () -- C:\Users\Yorick\Desktop\FairUse Wizard 2.lnk
[2009/02/06 22:33:21 | 00,000,000 | ---D | C] -- C:\Program Files\FairUse Wizard 2
[2009/02/06 20:29:32 | 00,000,754 | ---- | C] () -- C:\Users\Yorick\Desktop\Audacity.lnk
[2009/02/06 20:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/02/06 16:12:49 | 00,000,583 | ---- | C] () -- C:\Users\Yorick\AppData\Roaming\AutoGK.ini
[2009/02/06 15:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\XviD
[2009/02/06 15:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/02/06 15:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\AutoGK
[2009/02/05 17:22:29 | 00,058,377 | ---- | C] () -- C:\Users\Yorick\Documents\Star Wars Episode 1 The Phantom Menace Rifftrax.torrent
[2009/02/03 15:03:14 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Local\Apple
[2009/02/03 14:57:38 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Local\Apple Computer
[2009/02/03 13:13:53 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Local\Adobe
[2009/02/02 15:27:06 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/02/02 15:24:04 | 00,268,052 | ---- | C] () -- C:\Users\Yorick\Desktop\Rooter.exe
[2009/02/02 15:03:46 | 03,185,465 | ---- | C] () -- C:\Users\Yorick\Desktop\Combo-Fix.exe
[2009/02/02 14:57:06 | 00,132,597 | ---- | C] () -- C:\Users\Yorick\Desktop\Flash_Disinfecto

#4 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 09 February 2009 - 01:07 PM

[2009/02/02 14:57:06 | 00,132,597 | ---- | C] () -- C:\Users\Yorick\Desktop\Flash_Disinfector.exe
[2009/02/02 14:54:21 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Yorick\Desktop\SysRestorePoint.exe
[2009/02/02 14:27:12 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Users\Yorick\Desktop\OTMoveIt3.exe
[2009/02/02 02:07:01 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\Malwarebytes
[2009/02/01 23:03:58 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/01 23:03:57 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/01 23:03:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/01 23:03:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/01 23:03:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/01 14:25:06 | 00,001,877 | ---- | C] () -- C:\Users\Yorick\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/02/01 14:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2009/01/31 22:30:04 | 00,001,876 | ---- | C] () -- C:\Users\Yorick\Desktop\HijackThis.lnk
[2009/01/31 22:30:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/31 18:57:39 | 00,016,244 | ---- | C] () -- C:\Windows\System32\rrt_is.wav
[2009/01/31 18:57:39 | 00,007,302 | ---- | C] () -- C:\Windows\System32\rrt_vf.wav
[2009/01/31 18:57:39 | 00,007,148 | ---- | C] () -- C:\Windows\System32\rrt_tv.wav
[2009/01/31 18:57:39 | 00,006,282 | ---- | C] () -- C:\Windows\System32\rrt_tn.wav
[2009/01/31 18:33:01 | 00,000,691 | ---- | C] () -- C:\Users\Yorick\AppData\Roaming\GetValue.vbs
[2009/01/31 18:33:01 | 00,000,035 | ---- | C] () -- C:\Users\Yorick\AppData\Roaming\SetValue.bat
[2009/01/31 18:24:32 | 00,003,350 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2009/01/31 18:18:00 | 01,661,611 | ---- | C] () -- C:\Users\Yorick\Desktop\SmitfraudFix.exe
[2009/01/31 13:16:56 | 03,550,064 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Yorick\Desktop\procexp.exe
[2009/01/31 03:37:15 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/01/31 03:11:03 | 00,223,368 | ---- | C] () -- C:\Users\Yorick\Desktop\CrucialScan.exe
[2009/01/31 00:19:48 | 00,000,000 | ---D | C] -- C:\Users\Yorick\Desktop\Steampunk
[2009/01/30 21:00:50 | 00,000,000 | ---D | C] -- C:\Users\Yorick\Desktop\cpuz_149.1.321C02
[2009/01/29 17:06:23 | 00,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2009/01/29 17:06:15 | 00,001,704 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2009/01/29 17:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\WorldOfGoo
[2009/01/29 16:45:26 | 00,094,270 | ---- | C] () -- C:\Users\Yorick\Documents\Rory Gallagher.torrent
[2009/01/29 16:45:26 | 00,000,000 | ---D | C] -- C:\Users\Yorick\Documents\Rory Gallagher
[2009/01/29 13:22:18 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\Opera
[2009/01/29 13:22:18 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Local\Opera
[2009/01/29 13:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/01/27 10:04:18 | 00,000,000 | ---D | C] -- C:\Users\Yorick\Desktop\AnUntitledStory
[2009/01/25 15:10:48 | 00,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/21 16:04:59 | 01,339,641 | ---- | C] () -- C:\Users\Yorick\Documents\Comical-Win32-0.8.rar
[2009/01/21 14:57:21 | 01,361,993 | ---- | C] (James Athey ) -- C:\Users\Yorick\Documents\Comical-Win32-0.8.exe
[2009/01/19 15:01:38 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\Teeworlds
[2009/01/19 11:29:44 | 00,000,981 | ---- | C] () -- C:\Users\Yorick\Desktop\Aquaria.lnk
[2009/01/18 16:24:47 | 00,000,000 | ---D | C] -- C:\Users\Yorick\Desktop\Games
[2009/01/18 13:40:57 | 00,000,000 | ---D | C] -- C:\Program Files\Telltale
[2009/01/18 13:34:05 | 00,000,000 | ---D | C] -- C:\Program Files\DaemonTools_WhenUSave_Installer
[2009/01/18 13:33:56 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2009/01/18 13:33:08 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\DAEMON Tools Pro
[2009/01/18 13:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2009/01/18 13:15:59 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/17 22:54:55 | 00,000,919 | ---- | C] () -- C:\Users\Yorick\Desktop\Noitu Love 2 - Devolution.lnk
[2009/01/17 22:54:48 | 00,000,000 | ---D | C] -- C:\Program Files\Noitu Love 2
[2009/01/17 15:08:35 | 00,000,000 | ---D | C] -- C:\Users\Yorick\Documents\Crayon Physics Deluxe
[2009/01/16 21:18:28 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\Crayon Physics Deluxe
[2009/01/16 21:17:48 | 00,000,897 | ---- | C] () -- C:\Users\Public\Desktop\Play Crayon Physics Deluxe.lnk
[2009/01/16 21:17:12 | 00,000,000 | ---D | C] -- C:\Program Files\Crayon Physics Deluxe
[2009/01/16 20:43:19 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\uTorrent
[2009/01/15 18:24:40 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/01/14 22:41:09 | 00,000,586 | ---- | C] () -- C:\Users\Public\Desktop\YouTubeGet.lnk
[2009/01/14 22:41:09 | 00,000,569 | ---- | C] () -- C:\Users\Public\Desktop\Video Browser.lnk
[2009/01/14 22:41:06 | 00,000,000 | ---D | C] -- C:\YouTubeGetRegged
[2009/01/14 01:31:33 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/01/11 11:15:16 | 00,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2009/01/11 11:15:09 | 00,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2009/01/11 11:14:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2009/01/11 00:04:18 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Roaming\Media Player Classic
[2009/01/10 23:49:02 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2009/01/10 23:49:02 | 00,118,784 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2009/01/10 23:49:02 | 00,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2009/01/10 23:49:01 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009/01/10 23:48:57 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/10 23:48:57 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/01/10 23:48:47 | 00,000,000 | ---D | C] -- C:\Users\Yorick\AppData\Local\Real
[2009/01/10 23:48:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/01/10 23:48:47 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/02/09 12:55:40 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E024FCC-BAC5-46E3-B566-C04E625F966C}.job
[2009/02/09 12:04:37 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/02/09 12:04:37 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/02/09 12:00:02 | 00,000,502 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job
[2009/02/09 08:08:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/08 18:04:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/08 16:06:16 | 00,000,776 | ---- | M] () -- C:\Users\Yorick\Desktop\VisualBoyAdvance.exe - Shortcut.lnk
[2009/02/08 11:49:59 | 01,077,248 | ---- | M] () -- C:\Windows\System32\mdmcls32.exe
[2009/02/08 01:04:59 | 00,120,832 | ---- | M] () -- C:\Users\Yorick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 23:59:42 | 00,001,955 | ---- | M] () -- C:\Users\Yorick\Desktop\Subtitle Workshop.lnk
[2009/02/07 21:37:49 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/02/07 21:37:49 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/02/07 21:37:49 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/02/06 22:35:54 | 00,000,826 | ---- | M] () -- C:\Users\Yorick\Desktop\FairUse Wizard 2.lnk
[2009/02/06 20:29:32 | 00,000,754 | ---- | M] () -- C:\Users\Yorick\Desktop\Audacity.lnk
[2009/02/06 20:20:48 | 00,000,583 | ---- | M] () -- C:\Users\Yorick\AppData\Roaming\AutoGK.ini
[2009/02/05 17:22:29 | 00,058,377 | ---- | M] () -- C:\Users\Yorick\Documents\Star Wars Episode 1 The Phantom Menace Rifftrax.torrent
[2009/02/02 15:24:04 | 00,268,052 | ---- | M] () -- C:\Users\Yorick\Desktop\Rooter.exe
[2009/02/02 15:04:12 | 03,185,465 | ---- | M] () -- C:\Users\Yorick\Desktop\Combo-Fix.exe
[2009/02/02 14:57:06 | 00,132,597 | ---- | M] () -- C:\Users\Yorick\Desktop\Flash_Disinfector.exe
[2009/02/02 14:27:15 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Users\Yorick\Desktop\OTMoveIt3.exe
[2009/02/02 02:03:17 | 04,028,000 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2009/02/02 02:03:17 | 00,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2009/02/02 02:02:52 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/02/01 23:03:58 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/01 14:25:06 | 00,001,877 | ---- | M] () -- C:\Users\Yorick\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/01/31 23:43:31 | 00,000,498 | ---- | M] () -- C:\Users\Yorick\AppData\Roaming\wklnhst.dat
[2009/01/31 22:30:04 | 00,001,876 | ---- | M] () -- C:\Users\Yorick\Desktop\HijackThis.lnk
[2009/01/31 18:57:39 | 00,016,244 | ---- | M] () -- C:\Windows\System32\rrt_is.wav
[2009/01/31 18:57:39 | 00,007,302 | ---- | M] () -- C:\Windows\System32\rrt_vf.wav
[2009/01/31 18:57:39 | 00,007,148 | ---- | M] () -- C:\Windows\System32\rrt_tv.wav
[2009/01/31 18:57:39 | 00,006,282 | ---- | M] () -- C:\Windows\System32\rrt_tn.wav
[2009/01/31 18:33:01 | 00,003,350 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2009/01/31 18:33:01 | 00,000,691 | ---- | M] () -- C:\Users\Yorick\AppData\Roaming\GetValue.vbs
[2009/01/31 18:33:01 | 00,000,035 | ---- | M] () -- C:\Users\Yorick\AppData\Roaming\SetValue.bat
[2009/01/31 18:18:00 | 01,661,611 | ---- | M] () -- C:\Users\Yorick\Desktop\SmitfraudFix.exe
[2009/01/31 03:11:04 | 00,223,368 | ---- | M] () -- C:\Users\Yorick\Desktop\CrucialScan.exe
[2009/01/29 17:06:15 | 00,001,704 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2009/01/29 16:45:26 | 00,094,270 | ---- | M] () -- C:\Users\Yorick\Documents\Rory Gallagher.torrent
[2009/01/25 15:10:48 | 00,179,200 | ---- | M] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/21 16:05:01 | 01,339,641 | ---- | M] () -- C:\Users\Yorick\Documents\Comical-Win32-0.8.rar
[2009/01/21 14:57:30 | 01,361,993 | ---- | M] (James Athey ) -- C:\Users\Yorick\Documents\Comical-Win32-0.8.exe
[2009/01/19 11:29:44 | 00,000,981 | ---- | M] () -- C:\Users\Yorick\Desktop\Aquaria.lnk
[2009/01/18 13:15:59 | 00,685,816 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/01/17 22:54:55 | 00,000,919 | ---- | M] () -- C:\Users\Yorick\Desktop\Noitu Love 2 - Devolution.lnk
[2009/01/16 21:17:48 | 00,000,897 | ---- | M] () -- C:\Users\Public\Desktop\Play Crayon Physics Deluxe.lnk
[2009/01/16 17:12:06 | 00,000,516 | ---- | M] () -- C:\Windows\tasks\CAAntiSpywareScan_Daily as Yorick at 3 52 PM.job
[2009/01/14 22:41:09 | 00,000,586 | ---- | M] () -- C:\Users\Public\Desktop\YouTubeGet.lnk
[2009/01/14 22:41:09 | 00,000,569 | ---- | M] () -- C:\Users\Public\Desktop\Video Browser.lnk
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/01/11 17:25:35 | 00,058,111 | ---- | M] () -- C:\Users\Yorick\Documents\emmawass.jpg

========== LOP Check ==========

[2009/01/16 17:12:06 | 00,000,516 | ---- | M] () -- C:\Windows\Tasks\CAAntiSpywareScan_Daily as Yorick at 3 52 PM.job
[2009/02/09 12:00:02 | 00,000,502 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job
[2009/02/08 18:04:20 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/02/02 02:02:52 | 00,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/02/09 12:55:40 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5E024FCC-BAC5-46E3-B566-C04E625F966C}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> %AllUsersProfile%\TEMP:AC6124CA
< End of report >

#5 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 09 February 2009 - 09:59 PM

First off, can I ask why you are thinking that mdmcls32.exe and explorer.exe are viruses? They are completely legitimate files on your computer (explorer.exe being imperative to have your computer functional).

Please download the OTMoveIt3 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):"msv1_0,"

:Commands
[emptytemp]
[start explorer]
[Reboot]

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Please post the OTMoveIt3 log, the Uninstall list, and a new HijackThis log in your next reply.

#6 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 09 February 2009 - 11:37 PM

"First off, can I ask why you are thinking that mdmcls32.exe and explorer.exe are viruses? They are completely legitimate files on your computer"

I thought the mdmcls32 was the infection because I used a program called RemoveIt Pro and it came up with that name as the infection. My mistake. It was probably just kidding.

Anyways, I copied and pasted your previously posted commands into OTMoveIt and I'll post the txt it produced in a moment, but first I want to say that the program did require a reboot. So I saved the txt to my desktop and rebooted the sytem. Everything came up normally until I reached the login account screen(vista 32-bit), or rather tried to reach it. The only thing I reached was a black screen with my cursor on it. Stayed that way for a half hour or so. I rebooted and tried safe mode but got the same results. Heres the txt.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):"msv1_0," /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\Users\Yorick\AppData\Local\Temp\~DF333A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Temp\~DF6B7D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Temp\~DF804F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Temp\~DF8B0F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Temp\~DFBE60.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Temp\~DFF25E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0007\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0007\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0007\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0007\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0007\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0006\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Users\Yorick\AppData\Local\Opera\Opera\Profile\vps\0006\md.dat scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02092009_220603

#7 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 09 February 2009 - 11:42 PM

Do you have the Recovery Console installed? Is it an option when you boot up?

#8 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 09 February 2009 - 11:44 PM

The previous posts' log from OTMoveIT was before I had to do a system restore. So I'm guessing that I'll have to take another course of action as the computer doesn't start(normally or in repair startup) when I reboot after running the program.

#9 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 09 February 2009 - 11:50 PM

Not System Restore.

Before the Windows logo appears, there may be a screen in which you choose to boot into the "Microsoft Windows Recovery Console" or the "Microsoft Windows XP".

If you don't see this screen though, you may not have it.

In that event, do you have your Windows XP disk, we may have to reload system files. No worries though, none of your personal files will be deleted, if it comes to that.

#10 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 10 February 2009 - 12:01 AM

Actually I'm running Vista Home Basic Super Cheap Version. I do have recovery discs for them, but I thought running them would restore my computer to back to the time I originally bought it: A naive young boy with his new computer and the OS from the ninth level of Hades. Which would mean I would lose my files(???) I thought everything went all 1955, Doc, when you used recovery discs..

But, yeah, my only option was to restore it or recover using Discs. If I can recover and keep my files then I'll do that.

#11 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 10 February 2009 - 01:18 AM

Okay, we'll give it a shot with the disks you have.

Please read this guide here. It's a beginner's guide to recovering your Windows Vista system. Let me know how things go.

#12 nin9teen8ty

Group: Member
Posts: 8
Joined: 02-February 09

Posted 10 February 2009 - 10:28 AM

Thanks for your help. I'll give it a shot.

#13 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 10 February 2009 - 11:09 AM

Okay.

#14 handhfan

Group: Malware Removal
Posts: 13,659
Joined: 15-June 06

Posted 16 February 2009 - 11:52 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Can't get viruses off--> mdmcls32.exe explorer.exe [Closed] - Geeks to Go Forums