Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef detection. Constant restarting PC (using Window Security Essential).


  • This topic is locked This topic is locked
24 replies to this topic

#1 Sivak

Sivak

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 19 July 2012 - 11:00 PM

Hi all,

After restarting my computer today, I noticed Microsoft Security Essentials wasn't running.

After I reinstall WSE, updated it, and start scanning, it stumble on 4 Sirefef files (.AH,.A and so forth).

This force my PC to keep restarting in 60 seconds ever since.

Any advice on how to fix this abomination?

I used ASUS G74SX and Window 7 32bit, btw.

Edited by Sivak, 19 July 2012 - 11:03 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 20 July 2012 - 12:38 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 20 July 2012 - 01:07 AM

Hello Gringo, thank you so much for your assistance.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 20-07-2012 12:53:46
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-01] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [x]
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\asus\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\asus\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\asus\...\Run: [Google Update] "C:\Users\asus\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-19] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\asus\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

================================ Services (Whitelisted) ==================

4 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [948736 2011-08-31] (Intel Corporation)
4 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
4 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-14] (ASUS)
4 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [102672 2011-06-02] (Intel® Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-07-27] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-09] (NVIDIA Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-09] (NVIDIA Corporation)

========================== Drivers (Whitelisted) =============

3 AiCharger; C:\Windows\System32\DRIVERS\AiCharger.sys [14592 2011-02-25] (ASUSTek Computer Inc.)
3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [243712 2011-08-07] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [243712 2011-08-07] (Windows ® Win 7 DDK provider)
2 ASMMAP; \??\C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
1 ATKWMIACPIIO; \??\C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [14080 2010-07-25] (ASUS)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-25] (DT Soft Ltd)
3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [159744 2011-10-16] (Fresco Logic)
3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [48640 2011-10-16] (Fresco Logic)
3 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [91936 2012-02-07] (Tonec Inc.)
3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-19 19:10 - 2012-07-19 19:10 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-19 19:09 - 2012-07-19 19:09 - 10288512 ____A (Microsoft Corporation) C:\Users\asus\Downloads\mseinstall.exe
2012-07-19 03:03 - 2012-07-19 03:03 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-18 23:54 - 2012-07-18 23:54 - 00000000 ____D C:\Users\asus\Desktop\50001staler-ch
2012-07-18 23:44 - 2012-07-18 23:44 - 00000000 ____D C:\Users\asus\Desktop\Game
2012-07-18 21:22 - 2012-07-18 21:24 - 00000000 ____D C:\Users\Public\Documents\stalker-shoc
2012-07-18 17:15 - 2012-07-18 17:17 - 00000000 ____D C:\Users\asus\Documents\Anomaly Warzone Earth
2012-07-18 04:20 - 2012-07-18 04:20 - 00000000 ____D C:\Users\asus\Desktop\New folder
2012-07-17 03:09 - 2012-07-17 03:09 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-07-17 03:08 - 2012-07-17 03:09 - 06955968 ____A (Microsoft Corporation) C:\Users\asus\Downloads\Silverlight.exe
2012-07-15 22:17 - 2012-07-15 23:12 - 60796745 ____A C:\Users\asus\Downloads\helms_deep_reborn_v16_100312_7302-L4D2.zip
2012-07-14 21:14 - 2012-07-14 21:39 - 00000000 ____D C:\Users\All Users\PopCap Games
2012-07-14 21:14 - 2012-07-14 21:14 - 00000000 ____D C:\Users\All Users\Steam
2012-07-14 05:49 - 2012-07-14 06:00 - 00000000 ____D C:\Users\asus\Desktop\The Binding of Isaac Soundtrack
2012-07-12 21:56 - 2012-07-12 21:56 - 00000000 ____D C:\Users\asus\Documents\AdobeStockPhotos
2012-07-12 21:34 - 2012-07-12 21:34 - 00000000 ____D C:\Users\asus\Documents\Updater
2012-07-12 21:33 - 2012-07-12 21:33 - 00000000 ____D C:\Users\All Users\Adobe Systems
2012-07-12 21:30 - 2012-07-12 21:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2012-07-12 21:30 - 2012-07-12 21:30 - 00000000 ____D C:\Program Files\Common Files\Adobe Systems Shared
2012-07-11 20:42 - 2012-07-11 20:52 - 182219726 ____A C:\Users\asus\Downloads\[Lunch] Koinaka (Complete, English).zip
2012-07-11 20:18 - 2012-07-11 20:19 - 07931642 ____A C:\Users\asus\Downloads\[Amatake Akewo] Ochiteiku no ha Kantan Debleepa.zip
2012-07-11 20:17 - 2012-07-11 20:18 - 12641517 ____A C:\Users\asus\Downloads\[Konchiwa] Impure Myself.zip
2012-07-11 20:14 - 2012-07-11 20:14 - 00000000 ____D C:\Users\asus\Downloads\[Carn] NNN Chapter 2
2012-07-11 20:09 - 2012-07-11 20:18 - 178742181 ____A C:\Users\asus\Downloads\[Musashimaru] Keep it a Secret From My Sister of Course (English).zip
2012-07-11 20:06 - 2012-07-11 20:07 - 15972579 ____A C:\Users\asus\Downloads\[Kuma no Tooru Michi (Kumada)] Kasen-chan to Sex!! ~Goui ja Nai kara Sex ja Nai mon!!~ .zip
2012-07-11 20:01 - 2012-07-11 20:02 - 16067639 ____A C:\Users\asus\Downloads\[Gyokotsu Kouzou (Kapo)] Signal Lost.zip
2012-07-11 20:01 - 2012-07-11 20:01 - 06558434 ____A C:\Users\asus\Downloads\[Carn] NNN Chapter 2.zip
2012-07-11 16:17 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 16:17 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 16:17 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 16:17 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 16:17 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 16:17 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 16:17 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 16:17 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 16:17 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 16:17 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 16:17 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 16:17 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 16:17 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 16:17 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 16:15 - 2012-06-11 18:44 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 01:08 - 2012-07-11 01:09 - 00000000 ____D C:\Users\asus\Documents\Orcs Must Die
2012-07-11 01:01 - 2012-07-11 01:07 - 00000000 ____D C:\Program Files\Orcs Must Die!
2012-07-10 17:20 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 17:20 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 17:20 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 17:20 - 2012-06-01 20:51 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 17:20 - 2012-06-01 20:51 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 17:20 - 2012-06-01 20:50 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 17:20 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 17:20 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 17:19 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-10 17:19 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-10 17:19 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-10 00:13 - 2012-01-09 07:59 - 00000000 ____D C:\Users\asus\Downloads\[SL]LoveThyNeighbor_Eng
2012-07-10 00:13 - 2011-04-27 06:50 - 00000000 ____D C:\Users\asus\Downloads\[SL]HisFinalMoveHitMyWeakSpot_Eng
2012-07-10 00:03 - 2012-01-20 01:06 - 00000000 ____D C:\Users\asus\Downloads\[Kogure Mariko] The New Morning [ENG]
2012-07-09 23:55 - 2012-06-26 00:14 - 00000000 ____D C:\Users\asus\Downloads\[Kogure Mariko] Himitsu [ENG]
2012-07-07 23:21 - 2012-07-07 02:13 - 00000000 ____D C:\Users\asus\Downloads\Max Anarchy OST (Disc 2)
2012-07-07 23:21 - 2012-07-07 01:40 - 00000000 ____D C:\Users\asus\Downloads\Max Anarchy OST (Disc 1)
2012-07-06 21:17 - 2012-07-06 21:17 - 09106493 ____A C:\Users\asus\Downloads\[SL]HisFinalMoveHitMyWeakSpot_Eng.rar
2012-07-06 21:17 - 2012-07-06 21:17 - 07061607 ____A C:\Users\asus\Downloads\[SL]UmiNoMieruIe_Eng.rar
2012-07-06 21:17 - 2012-07-06 21:17 - 06324221 ____A C:\Users\asus\Downloads\[SL]LoveThyNeighbor_Eng.rar
2012-07-05 19:02 - 2012-07-06 18:09 - 00000000 ____D C:\Users\asus\Documents\Endless Space
2012-07-05 18:47 - 2012-07-05 18:47 - 00000000 ____D C:\Users\All Users\REVOLT
2012-07-05 18:45 - 2012-07-05 18:46 - 00000000 ____D C:\Program Files\Endless Space
2012-06-27 18:54 - 2012-06-27 18:56 - 79558325 ____A C:\Users\asus\Downloads\Meet the Pyro.mp4
2012-06-27 09:32 - 2012-06-27 09:33 - 17872798 ____A C:\Users\asus\Downloads\[Asahiage (Poco)] Shiratamadango 3 [tap-trans].zip
2012-06-26 11:09 - 2012-06-26 11:09 - 00010690 ____A C:\Users\asus\Downloads\[No DVD Patch] [120622] ?キ??? for launch.rar
2012-06-26 11:09 - 2012-06-26 11:09 - 00002066 ____A C:\Users\asus\Downloads\[No DVD EXE] [120622] ?キ??? for reg.rar
2012-06-26 01:22 - 2012-06-26 01:22 - 00000000 ____D C:\Users\asus\Documents\Diablo III
2012-06-25 23:04 - 2012-07-11 02:34 - 00000000 ____D C:\Program Files\Diablo III
2012-06-25 23:04 - 2012-06-25 23:04 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-06-25 23:04 - 2012-06-25 23:04 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment
2012-06-25 23:03 - 2012-06-25 23:03 - 00000000 ____D C:\Users\All Users\Battle.net
2012-06-24 17:54 - 2012-06-24 17:56 - 35192229 ____A C:\Users\asus\Downloads\(English) [Kouchaya] Black Diamond 2.zip
2012-06-24 17:53 - 2012-06-24 17:54 - 18631813 ____A C:\Users\asus\Downloads\(English) Drain.zip
2012-06-24 17:52 - 2012-06-24 17:53 - 22704237 ____A C:\Users\asus\Downloads\(English) Drain II.zip
2012-06-24 05:09 - 2012-06-24 05:14 - 50772857 ____A C:\Users\asus\Downloads\U.N. Owen Was Her Remix_ ????????? (English Subbed) [Touhou][PV][EastNewSound].flv
2012-06-23 03:51 - 2012-06-23 03:51 - 00000000 ____D C:\Users\asus\Documents\Wizards of the Coast
2012-06-23 03:51 - 2012-06-23 03:51 - 00000000 ____D C:\Users\asus\AppData\Local\SKIDROW
2012-06-23 03:45 - 2012-07-10 22:18 - 00000000 ____D C:\Program Files\Wizards of the Coast LLC
2012-06-23 03:21 - 2012-06-23 02:44 - 00000000 ____D C:\Users\asus\Desktop\Mootang
2012-06-22 23:47 - 2012-06-22 23:48 - 36271920 ____A C:\Users\asus\Downloads\U.N. Owen Was Her Remix_ ????????? (English Subbed) [Touhou][PV][EastNewSound].mp4
2012-06-22 23:44 - 2012-06-22 23:46 - 65956306 ____A C:\Users\asus\Downloads\???Vocal????? EastNewSound - ????????? -1st Anniversary Remix-.mp4
2012-06-22 17:23 - 2012-06-22 17:23 - 00000000 __SHD C:\Windows\ftpcache
2012-06-21 16:39 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 16:39 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 16:39 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 16:39 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 16:39 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 16:39 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 16:39 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 16:38 - 2012-06-02 00:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 16:38 - 2012-06-02 00:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 15:21 - 2012-06-20 15:21 - 00000000 ____D C:\Users\asus\AppData\Roaming\LolClient
2012-06-20 04:51 - 2012-06-20 04:51 - 00000000 ____D C:\Program Files\Microsoft XNA


============ 3 Months Modified Files ========================

2012-07-19 21:49 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-19 21:48 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 21:48 - 2009-07-13 20:39 - 00025617 ____A C:\Windows\setupact.log
2012-07-19 19:11 - 2012-05-29 20:07 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-19 19:11 - 2011-12-17 20:37 - 01171519 ____A C:\Windows\WindowsUpdate.log
2012-07-19 19:10 - 2011-12-17 20:39 - 00006434 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-19 19:09 - 2012-07-19 19:09 - 10288512 ____A (Microsoft Corporation) C:\Users\asus\Downloads\mseinstall.exe
2012-07-19 19:09 - 2011-12-19 21:51 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725256947-3714608868-1989082813-1000UA.job
2012-07-19 18:44 - 2012-06-12 19:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-19 16:59 - 2009-07-13 20:34 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 16:59 - 2009-07-13 20:34 - 00013584 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 23:09 - 2011-12-19 21:51 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725256947-3714608868-1989082813-1000Core.job
2012-07-17 03:09 - 2012-07-17 03:08 - 06955968 ____A (Microsoft Corporation) C:\Users\asus\Downloads\Silverlight.exe
2012-07-15 23:12 - 2012-07-15 22:17 - 60796745 ____A C:\Users\asus\Downloads\helms_deep_reborn_v16_100312_7302-L4D2.zip
2012-07-15 05:29 - 2009-07-13 20:33 - 00409584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 21:56 - 2011-12-17 21:00 - 00108824 ____A C:\Users\asus\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-12 16:44 - 2012-04-20 18:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-12 16:44 - 2011-12-17 21:13 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-11 20:52 - 2012-07-11 20:42 - 182219726 ____A C:\Users\asus\Downloads\[Lunch] Koinaka (Complete, English).zip
2012-07-11 20:19 - 2012-07-11 20:18 - 07931642 ____A C:\Users\asus\Downloads\[Amatake Akewo] Ochiteiku no ha Kantan Debleepa.zip
2012-07-11 20:18 - 2012-07-11 20:17 - 12641517 ____A C:\Users\asus\Downloads\[Konchiwa] Impure Myself.zip
2012-07-11 20:18 - 2012-07-11 20:09 - 178742181 ____A C:\Users\asus\Downloads\[Musashimaru] Keep it a Secret From My Sister of Course (English).zip
2012-07-11 20:07 - 2012-07-11 20:06 - 15972579 ____A C:\Users\asus\Downloads\[Kuma no Tooru Michi (Kumada)] Kasen-chan to Sex!! ~Goui ja Nai kara Sex ja Nai mon!!~ .zip
2012-07-11 20:02 - 2012-07-11 20:01 - 16067639 ____A C:\Users\asus\Downloads\[Gyokotsu Kouzou (Kapo)] Signal Lost.zip
2012-07-11 20:01 - 2012-07-11 20:01 - 06558434 ____A C:\Users\asus\Downloads\[Carn] NNN Chapter 2.zip
2012-07-11 16:17 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-07-06 21:17 - 2012-07-06 21:17 - 09106493 ____A C:\Users\asus\Downloads\[SL]HisFinalMoveHitMyWeakSpot_Eng.rar
2012-07-06 21:17 - 2012-07-06 21:17 - 07061607 ____A C:\Users\asus\Downloads\[SL]UmiNoMieruIe_Eng.rar
2012-07-06 21:17 - 2012-07-06 21:17 - 06324221 ____A C:\Users\asus\Downloads\[SL]LoveThyNeighbor_Eng.rar
2012-06-27 18:56 - 2012-06-27 18:54 - 79558325 ____A C:\Users\asus\Downloads\Meet the Pyro.mp4
2012-06-27 09:33 - 2012-06-27 09:32 - 17872798 ____A C:\Users\asus\Downloads\[Asahiage (Poco)] Shiratamadango 3 [tap-trans].zip
2012-06-26 11:09 - 2012-06-26 11:09 - 00010690 ____A C:\Users\asus\Downloads\[No DVD Patch] [120622] ?キ??? for launch.rar
2012-06-26 11:09 - 2012-06-26 11:09 - 00002066 ____A C:\Users\asus\Downloads\[No DVD EXE] [120622] ?キ??? for reg.rar
2012-06-24 17:56 - 2012-06-24 17:54 - 35192229 ____A C:\Users\asus\Downloads\(English) [Kouchaya] Black Diamond 2.zip
2012-06-24 17:54 - 2012-06-24 17:53 - 18631813 ____A C:\Users\asus\Downloads\(English) Drain.zip
2012-06-24 17:53 - 2012-06-24 17:52 - 22704237 ____A C:\Users\asus\Downloads\(English) Drain II.zip
2012-06-24 05:14 - 2012-06-24 05:09 - 50772857 ____A C:\Users\asus\Downloads\U.N. Owen Was Her Remix_ ????????? (English Subbed) [Touhou][PV][EastNewSound].flv
2012-06-22 23:48 - 2012-06-22 23:47 - 36271920 ____A C:\Users\asus\Downloads\U.N. Owen Was Her Remix_ ????????? (English Subbed) [Touhou][PV][EastNewSound].mp4
2012-06-22 23:46 - 2012-06-22 23:44 - 65956306 ____A C:\Users\asus\Downloads\???Vocal????? EastNewSound - ????????? -1st Anniversary Remix-.mp4
2012-06-22 17:26 - 2011-12-17 20:44 - 00095036 ____A C:\Windows\DirectX.log
2012-06-17 04:00 - 2012-06-17 03:58 - 21381187 ____A C:\Users\asus\Downloads\Ch 0 Zombie bleep.zip
2012-06-16 23:24 - 2012-06-16 23:00 - 68882566 ____A C:\Users\asus\Downloads\[SaHa] Mochi-ya - Inju (English).rar
2012-06-16 23:21 - 2012-06-16 23:20 - 34662949 ____A C:\Users\asus\Downloads\High School DxD Ending HD.mp4
2012-06-15 15:44 - 2011-12-17 21:07 - 00019440 ____A C:\Windows\PFRO.log
2012-06-11 18:44 - 2012-07-11 16:15 - 02344448 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 17:50 - 2012-06-09 17:46 - 110784952 ____A C:\Users\asus\Downloads\Mirai_Nikki_Inspired_Album_Vol.2_~Ingaritsu_Decibel~.rar
2012-06-08 20:46 - 2012-07-10 17:20 - 12868608 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:09 - 2012-07-10 17:20 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:09 - 2012-07-10 17:20 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-03 15:38 - 2012-06-03 15:38 - 11739198 ____A C:\Users\asus\Downloads\[nann (nan)] A Date with Wanko (Maji de Watashi ni Koi Shinasai) (English).zip
2012-06-02 14:19 - 2012-06-21 16:39 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 16:39 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 16:39 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 16:39 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 16:39 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 16:39 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 16:39 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 01:07 - 2012-07-11 16:17 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 16:17 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 16:17 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 16:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 16:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 16:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 16:17 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 16:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 16:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 16:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 16:17 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:19 - 2012-06-21 16:38 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 00:17 - 2012-07-11 16:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 16:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 16:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 00:12 - 2012-06-21 16:38 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:51 - 2012-07-10 17:20 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:51 - 2012-07-10 17:20 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:50 - 2012-07-10 17:20 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:48 - 2012-07-10 17:20 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:47 - 2012-07-10 17:20 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-05-31 15:30 - 2012-05-31 15:30 - 00580608 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00434176 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-31 15:30 - 2012-05-31 15:30 - 00353792 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00353584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00227840 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00223232 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00203776 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00162304 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00161792 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00152064 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-05-31 15:30 - 2012-05-31 15:30 - 00150528 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-05-31 15:30 - 2012-05-31 15:30 - 00130560 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00123392 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00118784 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00110592 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00101888 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00086528 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00078848 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-05-31 15:30 - 2012-05-31 15:30 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-05-31 15:30 - 2012-05-31 15:30 - 00074752 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00074240 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-31 15:30 - 2012-05-31 15:30 - 00066048 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00063488 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-05-31 15:30 - 2012-05-31 15:30 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00035840 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00031744 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-31 15:30 - 2012-05-31 15:30 - 00011776 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-05-31 15:30 - 2012-05-31 15:30 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-31 15:30 - 2012-05-31 15:28 - 00003792 ____A C:\Windows\IE9_main.log
2012-05-31 15:29 - 2012-05-31 15:29 - 03181568 ____A (Microsoft Corporation) C:\Windows\System32\mf.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 01619456 ____A (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2012-05-31 15:29 - 2012-05-31 15:29 - 01495040 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 00801792 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 00728448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-05-31 15:29 - 2012-05-31 15:29 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 00283648 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 00219008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-05-31 15:29 - 2012-05-31 15:29 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-05-31 15:29 - 2012-05-31 15:29 - 00107520 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-05-31 15:21 - 2012-05-31 15:21 - 00288472 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-05-31 15:21 - 2012-05-31 15:21 - 00286018 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-05-28 04:23 - 2012-05-28 04:22 - 11691868 ____A C:\Users\asus\Downloads\[Sameda Koban] Puru Puru Milk Pudding Ch.06-10 [ENG].zip
2012-05-25 03:42 - 2012-05-25 03:42 - 00002296 ____A C:\Users\asus\Desktop\Play Firefall.lnk
2012-05-25 01:06 - 2012-05-25 01:06 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-25 01:06 - 2012-05-25 01:06 - 00001900 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-05-25 00:56 - 2011-12-17 20:47 - 00000188 ____A C:\Windows\System32\MsiExec.exe.log
2012-05-23 21:25 - 2012-03-07 22:55 - 00013307 ____A C:\Users\asus\Desktop\Exam + Assignment timetable.xlsx
2012-05-23 03:39 - 2012-05-23 03:31 - 101064442 ____A C:\Users\asus\Downloads\Yamatogawa - Witchcraft (uncensored).rar
2012-05-22 01:16 - 2012-05-22 01:14 - 31682857 ____A C:\Users\asus\Downloads\Everyday Monster Girls 03 (anon).zip
2012-05-11 02:27 - 2012-05-11 02:25 - 36875435 ____A C:\Users\asus\Downloads\2.zip
2012-05-08 02:37 - 2012-05-08 02:35 - 15706137 ____A C:\Users\asus\Downloads\The Ocean Meets the Sky [yuriproject].zip
2012-04-27 19:19 - 2012-06-12 20:38 - 00177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:48 - 2012-06-12 20:38 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:48 - 2012-06-12 20:38 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:43 - 2012-06-12 20:38 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:47 - 2012-07-10 17:19 - 01156608 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:47 - 2012-07-10 17:19 - 00139264 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:47 - 2012-07-10 17:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 04:36 - 2012-04-23 04:34 - 25035127 ____A C:\Users\asus\Downloads\[Yamazaki Kana] Hinadori no Koe Ch.1 [English][LWB + LoliLoli Hunters].zip
2012-04-22 01:57 - 2012-04-22 01:56 - 08088401 ____A C:\Users\asus\Downloads\NEEDLESS-ZERO-II_ch03.rar

ZeroAccess:
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d}
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d}\@
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d}\L
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d}\n
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d}\U

ZeroAccess:
C:\Users\asus\AppData\Local\{de2571a4-c979-e028-d249-797fd3aeb53d}
C:\Users\asus\AppData\Local\{de2571a4-c979-e028-d249-797fd3aeb53d}\@
C:\Users\asus\AppData\Local\{de2571a4-c979-e028-d249-797fd3aeb53d}\L
C:\Users\asus\AppData\Local\{de2571a4-c979-e028-d249-797fd3aeb53d}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 3%
Total physical RAM: 16361.16 MB
Available physical RAM: 15772.37 MB
Total Pagefile: 16359.44 MB
Available Pagefile: 15785.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:195.35 GB) (Free:40.88 GB) NTFS
2 Drive d: (Mootang) (Fixed) (Total:465.76 GB) (Free:135.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.24 GB) (Free:0.23 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 270 GB
Disk 1 Online 465 GB 1024 KB
Disk 2 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 195 GB 25 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 195 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Mootang NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 244 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 23:24

======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-20 12:55:59
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-19 21:49] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 20 July 2012 - 02:07 AM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d}
C:\Users\asus\AppData\Local\{de2571a4-c979-e028-d249-797fd3aeb53d} 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 20 July 2012 - 02:44 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by SYSTEM at 2012-07-20 14:39:30 Run:1
Running from F:\

==============================================

Could not find Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe .
Could not find Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe .
C:\Windows\System32\services.exe moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\Installer\{de2571a4-c979-e028-d249-797fd3aeb53d} moved successfully.
C:\Users\asus\AppData\Local\{de2571a4-c979-e028-d249-797fd3aeb53d} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 20 July 2012 - 02:52 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 20 July 2012 - 05:18 AM

ComboFix 12-07-20.01 - asus 7/2012 Fri 16:55:20.1.8 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.3569.2456 [GMT 7:00]
Running from: c:\users\asus\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Windows
c:\programdata\windows\dumd.dat
c:\programdata\windows\xdor.dat
c:\windows\7Loader.TAG
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 20:53 . 2012-07-20 20:53 -------- d-----w- C:\FRST
2012-07-20 10:01 . 2012-07-20 10:01 -------- d-----w- c:\users\asus\AppData\Local\temp
2012-07-20 09:48 . 2012-06-28 18:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC06E0D7-3F26-4304-A53E-38AEEBE93070}\mpengine.dll
2012-07-18 12:01 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F1EBC87-3ECF-4B8B-9B08-0A6D4BA25678}\mpengine.dll
2012-07-17 11:09 . 2012-07-17 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-17 06:18 . 2012-06-29 08:44 6891424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-15 05:14 . 2012-07-15 05:14 -------- d-----w- c:\programdata\Steam
2012-07-15 05:14 . 2012-07-15 05:39 -------- d-----w- c:\programdata\PopCap Games
2012-07-13 05:33 . 2012-07-13 05:33 -------- d-----w- c:\programdata\Adobe Systems
2012-07-13 05:30 . 2012-07-13 05:30 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-07-12 00:15 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 09:01 . 2012-07-11 09:07 -------- d-----w- c:\program files\Orcs Must Die!
2012-07-11 01:20 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 01:20 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 01:20 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 01:20 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 01:20 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 01:20 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:20 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 01:20 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 01:19 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 01:19 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 01:19 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-07 12:03 . 2012-07-11 04:37 -------- d-----w- c:\users\asus\riotsGamesLogs
2012-07-06 02:47 . 2012-07-06 02:47 -------- d-----w- c:\programdata\REVOLT
2012-07-06 02:45 . 2012-07-06 02:46 -------- d-----w- c:\program files\Endless Space
2012-07-04 00:34 . 2012-05-30 04:11 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BED25610-BC9D-4666-B401-CC7E7CF6BE73}\gapaengine.dll
2012-06-26 07:04 . 2012-07-11 10:34 -------- d-----w- c:\program files\Diablo III
2012-06-26 07:04 . 2012-06-26 07:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-06-26 07:04 . 2012-06-26 07:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-06-26 07:03 . 2012-06-26 07:03 -------- d-----w- c:\programdata\Battle.net
2012-06-23 11:51 . 2012-06-23 11:51 -------- d-----w- c:\users\asus\AppData\Local\SKIDROW
2012-06-23 11:45 . 2012-07-11 06:18 -------- d-----w- c:\program files\Wizards of the Coast LLC
2012-06-23 01:39 . 2012-06-23 01:39 -------- d-----w- c:\programdata\Media Center Programs
2012-06-23 01:23 . 2012-06-23 01:23 -------- d-sh--w- c:\windows\ftpcache
2012-06-22 00:39 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 00:39 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 00:39 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 00:39 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 00:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 00:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 00:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 00:38 . 2012-06-02 08:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 00:38 . 2012-06-02 08:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 23:21 . 2012-06-20 23:21 -------- d-----w- c:\users\asus\AppData\Roaming\LolClient
2012-06-20 12:51 . 2012-06-20 12:51 -------- d-----w- c:\program files\Microsoft XNA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 00:44 . 2012-04-21 02:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 00:44 . 2011-12-18 05:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 23:30 . 2012-05-31 23:30 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-31 23:30 . 2012-05-31 23:30 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-31 23:30 . 2012-05-31 23:30 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-31 23:30 . 2012-05-31 23:30 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-31 23:30 . 2012-05-31 23:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-31 23:30 . 2012-05-31 23:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-31 23:30 . 2012-05-31 23:30 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-31 23:30 . 2012-05-31 23:30 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-31 23:30 . 2012-05-31 23:30 367104 ----a-w- c:\windows\system32\html.iec
2012-05-31 23:30 . 2012-05-31 23:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-31 23:30 . 2012-05-31 23:30 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-31 23:30 . 2012-05-31 23:30 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-31 23:30 . 2012-05-31 23:30 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-31 23:30 . 2012-05-31 23:30 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-31 23:30 . 2012-05-31 23:30 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-31 23:30 . 2012-05-31 23:30 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-31 23:29 . 2012-05-31 23:29 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-05-31 23:29 . 2012-05-31 23:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-05-31 23:29 . 2012-05-31 23:29 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-31 23:29 . 2012-05-31 23:29 3181568 ----a-w- c:\windows\system32\mf.dll
2012-05-31 23:29 . 2012-05-31 23:29 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-31 23:29 . 2012-05-31 23:29 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-31 23:29 . 2012-05-31 23:29 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-31 23:29 . 2012-05-31 23:29 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-31 23:29 . 2012-05-31 23:29 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-31 23:29 . 2012-05-31 23:29 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-31 23:29 . 2012-05-31 23:29 107520 ----a-w- c:\windows\system32\cdd.dll
2012-05-30 04:11 . 2012-06-13 22:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-25 09:06 . 2012-05-25 09:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-28 03:19 . 2012-06-13 04:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:48 . 2012-06-13 04:38 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:48 . 2012-06-13 04:38 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:43 . 2012-06-13 04:38 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-20 00:24 . 2012-03-02 03:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 03:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 20:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2010-10-07 07:05 170624 ----a-w- c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2010-08-17 07:55 5732992 ----a-w- c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLxHCIm]
2011-10-17 03:24 43008 ----a-w- c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-20 05:51 136176 ----atw- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 11:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-06-19 03:29 105016 ----a-w- c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelPAN]
2011-07-27 13:28 1210640 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 15:10 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\protect_autorun]
2009-01-28 03:32 139264 ----a-w- c:\cpe17 autorun killer (antiautorun)\CPE17AntiAutorun1400.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-03-23 16:18 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 06:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBChargerPlusTray]
2011-04-18 09:51 496560 ----a-w- c:\program files\ASUS\USBChargerPlus\USBChargerPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AMPPALP;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMPPALR3;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 00:44]
.
2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725256947-3714608868-1989082813-1000Core.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 05:51]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725256947-3714608868-1989082813-1000UA.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 05:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.th/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\go
TCP: DhcpNameServer = 192.168.1.1
DPF: {38D3C132-7140-461D-9876-6D3E16A8579B} - hxxps://trading4.kimeng.co.th/ketrade3/control/cswxset.cab
DPF: {9A221A36-CABE-496A-983E-61B7CF9FDEBB} - hxxps://trading4.kimeng.co.th/ketrade3/control/axmenu.cab
FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\wd1hb9jq.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
AddRemove-charactercreator_is1 - c:\program files\SEGA\PHANTASYSTARONLINE2_CHARACTERCREATOR\unins000.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST9500423AS rev.0002SDM1 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1725256947-3714608868-1989082813-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1725256947-3714608868-1989082813-1000)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1725256947-3714608868-1989082813-1000)
@Denied: (2) (LocalSystem)
"Progid"="pngfile"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-20 17:03:19
ComboFix-quarantined-files.txt 2012-07-20 10:03
.
Pre-Run: 45,799,874,560 bytes free
Post-Run: 46,703,493,120 bytes free
.
- - End Of File - - 6175274EAC36AFF60A84C2B8C40081EE

How is the computer doing now?

The window doesn't constantly restart now.

But at the bottom right of the screen states the my copy of window is not genuine for some reason. (Which is impossible since it came with the laptop.)

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 20 July 2012 - 10:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 July 2012 - 06:44 AM

18:29:25.0978 2876 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:29:26.0680 2876 ============================================================
18:29:26.0680 2876 Current date / time: 2012/07/21 18:29:26.0680
18:29:26.0680 2876 SystemInfo:
18:29:26.0680 2876
18:29:26.0680 2876 OS Version: 6.1.7600 ServicePack: 0.0
18:29:26.0680 2876 Product type: Workstation
18:29:26.0680 2876 ComputerName: ASUS-PC
18:29:26.0680 2876 UserName: asus
18:29:26.0680 2876 Windows directory: C:\Windows
18:29:26.0680 2876 System windows directory: C:\Windows
18:29:26.0680 2876 Processor architecture: Intel x86
18:29:26.0680 2876 Number of processors: 8
18:29:26.0680 2876 Page size: 0x1000
18:29:26.0680 2876 Boot type: Normal boot
18:29:26.0680 2876 ============================================================
18:29:31.0251 2876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:29:31.0267 2876 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:29:31.0282 2876 Drive \Device\Harddisk2\DR2 - Size: 0xF4FFE00 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:29:31.0282 2876 ============================================================
18:29:31.0282 2876 \Device\Harddisk0\DR0:
18:29:31.0313 2876 MBR partitions:
18:29:31.0313 2876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
18:29:31.0313 2876 \Device\Harddisk1\DR1:
18:29:31.0313 2876 MBR partitions:
18:29:31.0313 2876 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x186B5000
18:29:31.0313 2876 \Device\Harddisk2\DR2:
18:29:31.0313 2876 MBR partitions:
18:29:31.0313 2876 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0x63, BlocksNum 0x7A59D
18:29:31.0313 2876 ============================================================
18:29:31.0345 2876 C: <-> \Device\Harddisk1\DR1\Partition0
18:29:31.0360 2876 D: <-> \Device\Harddisk0\DR0\Partition0
18:29:31.0360 2876 ============================================================
18:29:31.0360 2876 Initialize success
18:29:31.0360 2876 ============================================================
18:29:36.0945 2916 ============================================================
18:29:36.0945 2916 Scan started
18:29:36.0945 2916 Mode: Manual;
18:29:36.0945 2916 ============================================================
18:29:38.0411 2916 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:29:38.0411 2916 1394ohci - ok
18:29:38.0458 2916 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:29:38.0474 2916 ACPI - ok
18:29:38.0489 2916 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:29:38.0489 2916 AcpiPmi - ok
18:29:38.0583 2916 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
18:29:38.0599 2916 Adobe LM Service - ok
18:29:38.0661 2916 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:38.0677 2916 AdobeFlashPlayerUpdateSvc - ok
18:29:38.0739 2916 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:29:38.0755 2916 adp94xx - ok
18:29:38.0770 2916 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:29:38.0786 2916 adpahci - ok
18:29:38.0801 2916 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:29:38.0817 2916 adpu320 - ok
18:29:38.0848 2916 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:29:38.0848 2916 AeLookupSvc - ok
18:29:38.0911 2916 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
18:29:38.0911 2916 AFD - ok
18:29:38.0957 2916 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:29:38.0957 2916 agp440 - ok
18:29:38.0989 2916 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:29:38.0989 2916 aic78xx - ok
18:29:39.0051 2916 AiCharger (8ab7a3d7ef425d0d7373de00ab0d8ded) C:\Windows\system32\DRIVERS\AiCharger.sys
18:29:39.0051 2916 AiCharger - ok
18:29:39.0098 2916 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:29:39.0098 2916 ALG - ok
18:29:39.0113 2916 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:29:39.0129 2916 aliide - ok
18:29:39.0129 2916 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:29:39.0145 2916 amdagp - ok
18:29:39.0145 2916 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:29:39.0145 2916 amdide - ok
18:29:39.0160 2916 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:29:39.0160 2916 AmdK8 - ok
18:29:39.0160 2916 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:29:39.0176 2916 AmdPPM - ok
18:29:39.0176 2916 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
18:29:39.0191 2916 amdsata - ok
18:29:39.0207 2916 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:29:39.0207 2916 amdsbs - ok
18:29:39.0223 2916 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
18:29:39.0223 2916 amdxata - ok
18:29:39.0238 2916 AMPPAL (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\AMPPAL.sys
18:29:39.0238 2916 AMPPAL - ok
18:29:39.0254 2916 AMPPALP (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\amppal.sys
18:29:39.0254 2916 AMPPALP - ok
18:29:39.0379 2916 AMPPALR3 (7af00f567da8ea4079cd76d70bfcbb50) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:29:39.0394 2916 AMPPALR3 - ok
18:29:39.0441 2916 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:29:39.0457 2916 AppID - ok
18:29:39.0472 2916 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:29:39.0472 2916 AppIDSvc - ok
18:29:39.0488 2916 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
18:29:39.0488 2916 Appinfo - ok
18:29:39.0550 2916 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:29:39.0550 2916 AppMgmt - ok
18:29:39.0597 2916 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:29:39.0597 2916 arc - ok
18:29:39.0613 2916 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:29:39.0613 2916 arcsas - ok
18:29:39.0706 2916 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
18:29:39.0706 2916 ASLDRService - ok
18:29:39.0722 2916 ASMMAP (b9fdfa552eba5b4bf377f7ccec9b8bc7) C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
18:29:39.0722 2916 ASMMAP - ok
18:29:39.0847 2916 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:29:39.0862 2916 aspnet_state - ok
18:29:39.0893 2916 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:39.0893 2916 AsyncMac - ok
18:29:39.0909 2916 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:29:39.0909 2916 atapi - ok
18:29:39.0940 2916 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
18:29:39.0940 2916 ATKGFNEXSrv - ok
18:29:39.0956 2916 ATKWMIACPIIO (cbae641cb32872302102d751d66f4493) C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys
18:29:39.0956 2916 ATKWMIACPIIO - ok
18:29:40.0018 2916 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:29:40.0034 2916 AudioEndpointBuilder - ok
18:29:40.0049 2916 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:29:40.0049 2916 Audiosrv - ok
18:29:40.0081 2916 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
18:29:40.0096 2916 AxInstSV - ok
18:29:40.0143 2916 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:29:40.0159 2916 b06bdrv - ok
18:29:40.0205 2916 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:29:40.0205 2916 b57nd60x - ok
18:29:40.0283 2916 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:29:40.0283 2916 BBSvc - ok
18:29:40.0330 2916 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:29:40.0346 2916 BBUpdate - ok
18:29:40.0393 2916 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:29:40.0393 2916 BDESVC - ok
18:29:40.0424 2916 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:29:40.0424 2916 Beep - ok
18:29:40.0471 2916 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
18:29:40.0502 2916 BFE - ok
18:29:40.0549 2916 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
18:29:40.0564 2916 BITS - ok
18:29:40.0595 2916 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:29:40.0595 2916 blbdrive - ok
18:29:40.0627 2916 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
18:29:40.0627 2916 bowser - ok
18:29:40.0642 2916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:29:40.0642 2916 BrFiltLo - ok
18:29:40.0642 2916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:29:40.0658 2916 BrFiltUp - ok
18:29:40.0689 2916 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
18:29:40.0689 2916 BridgeMP - ok
18:29:40.0705 2916 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
18:29:40.0705 2916 Browser - ok
18:29:40.0736 2916 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:29:40.0736 2916 Brserid - ok
18:29:40.0751 2916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:40.0751 2916 BrSerWdm - ok
18:29:40.0783 2916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:40.0783 2916 BrUsbMdm - ok
18:29:40.0783 2916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:40.0798 2916 BrUsbSer - ok
18:29:40.0798 2916 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:29:40.0814 2916 BTHMODEM - ok
18:29:40.0845 2916 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:29:40.0845 2916 bthserv - ok
18:29:40.0923 2916 BTHSSecurityMgr (8893814133afdd17431e2682ede2dce9) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:29:40.0923 2916 BTHSSecurityMgr - ok
18:29:41.0017 2916 catchme - ok
18:29:41.0048 2916 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:41.0048 2916 cdfs - ok
18:29:41.0110 2916 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:41.0110 2916 cdrom - ok
18:29:41.0141 2916 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:29:41.0141 2916 CertPropSvc - ok
18:29:41.0157 2916 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:29:41.0157 2916 circlass - ok
18:29:41.0204 2916 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:29:41.0219 2916 CLFS - ok
18:29:41.0266 2916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:41.0282 2916 clr_optimization_v2.0.50727_32 - ok
18:29:41.0360 2916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:41.0407 2916 clr_optimization_v4.0.30319_32 - ok
18:29:41.0438 2916 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:41.0438 2916 CmBatt - ok
18:29:41.0453 2916 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:29:41.0453 2916 cmdide - ok
18:29:41.0516 2916 CNG (db5e008b3744dd60c8498cbbf2a1cfa6) C:\Windows\system32\Drivers\cng.sys
18:29:41.0516 2916 CNG - ok
18:29:41.0547 2916 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:29:41.0547 2916 Compbatt - ok
18:29:41.0594 2916 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:29:41.0594 2916 CompositeBus - ok
18:29:41.0609 2916 COMSysApp - ok
18:29:41.0609 2916 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:29:41.0609 2916 crcdisk - ok
18:29:41.0672 2916 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
18:29:41.0672 2916 CryptSvc - ok
18:29:41.0719 2916 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
18:29:41.0734 2916 CSC - ok
18:29:41.0781 2916 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
18:29:41.0797 2916 CscService - ok
18:29:41.0828 2916 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:29:41.0859 2916 DcomLaunch - ok
18:29:41.0890 2916 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:29:41.0890 2916 defragsvc - ok
18:29:41.0953 2916 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
18:29:41.0953 2916 DfsC - ok
18:29:41.0999 2916 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
18:29:41.0999 2916 Dhcp - ok
18:29:42.0031 2916 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:29:42.0031 2916 discache - ok
18:29:42.0077 2916 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:29:42.0077 2916 Disk - ok
18:29:42.0124 2916 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
18:29:42.0124 2916 Dnscache - ok
18:29:42.0140 2916 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
18:29:42.0155 2916 dot3svc - ok
18:29:42.0155 2916 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
18:29:42.0171 2916 DPS - ok
18:29:42.0202 2916 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:29:42.0202 2916 drmkaud - ok
18:29:42.0249 2916 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:29:42.0249 2916 dtsoftbus01 - ok
18:29:42.0327 2916 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:42.0343 2916 DXGKrnl - ok
18:29:42.0389 2916 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:29:42.0389 2916 EapHost - ok
18:29:42.0561 2916 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:29:42.0670 2916 ebdrv - ok
18:29:42.0764 2916 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
18:29:42.0764 2916 EFS - ok
18:29:42.0811 2916 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
18:29:42.0826 2916 ehRecvr - ok
18:29:42.0857 2916 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:29:42.0857 2916 ehSched - ok
18:29:42.0935 2916 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:29:42.0951 2916 elxstor - ok
18:29:42.0967 2916 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:29:42.0967 2916 ErrDev - ok
18:29:43.0029 2916 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:29:43.0029 2916 EventSystem - ok
18:29:43.0154 2916 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:29:43.0185 2916 EvtEng - ok
18:29:43.0247 2916 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:29:43.0247 2916 exfat - ok
18:29:43.0279 2916 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:29:43.0294 2916 fastfat - ok
18:29:43.0372 2916 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
18:29:43.0388 2916 Fax - ok
18:29:43.0403 2916 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:29:43.0403 2916 fdc - ok
18:29:43.0419 2916 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:29:43.0419 2916 fdPHost - ok
18:29:43.0435 2916 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:29:43.0435 2916 FDResPub - ok
18:29:43.0466 2916 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:29:43.0466 2916 FileInfo - ok
18:29:43.0481 2916 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:29:43.0481 2916 Filetrace - ok
18:29:43.0481 2916 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:43.0481 2916 flpydisk - ok
18:29:43.0528 2916 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:29:43.0528 2916 FltMgr - ok
18:29:43.0591 2916 FLxHCIc (089a887ed204493229db1283897d2921) C:\Windows\system32\DRIVERS\FLxHCIc.sys
18:29:43.0591 2916 FLxHCIc - ok
18:29:43.0606 2916 FLxHCIh (e204776102febe038d547ddb6322f7af) C:\Windows\system32\DRIVERS\FLxHCIh.sys
18:29:43.0606 2916 FLxHCIh - ok
18:29:43.0669 2916 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
18:29:43.0700 2916 FontCache - ok
18:29:43.0747 2916 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:43.0762 2916 FontCache3.0.0.0 - ok
18:29:43.0778 2916 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:29:43.0778 2916 FsDepends - ok
18:29:43.0793 2916 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:43.0793 2916 Fs_Rec - ok
18:29:43.0840 2916 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
18:29:43.0840 2916 fvevol - ok
18:29:43.0871 2916 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:43.0871 2916 gagp30kx - ok
18:29:43.0918 2916 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
18:29:43.0949 2916 gpsvc - ok
18:29:43.0965 2916 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:29:43.0965 2916 hcw85cir - ok
18:29:44.0027 2916 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:29:44.0043 2916 HdAudAddService - ok
18:29:44.0090 2916 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:44.0090 2916 HDAudBus - ok
18:29:44.0090 2916 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:29:44.0090 2916 HidBatt - ok
18:29:44.0121 2916 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:29:44.0121 2916 HidBth - ok
18:29:44.0137 2916 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:29:44.0137 2916 HidIr - ok
18:29:44.0168 2916 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
18:29:44.0168 2916 hidserv - ok
18:29:44.0183 2916 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:44.0183 2916 HidUsb - ok
18:29:44.0199 2916 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
18:29:44.0199 2916 hkmsvc - ok
18:29:44.0230 2916 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
18:29:44.0230 2916 HomeGroupListener - ok
18:29:44.0293 2916 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
18:29:44.0293 2916 HomeGroupProvider - ok
18:29:44.0339 2916 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:29:44.0339 2916 HpSAMD - ok
18:29:44.0402 2916 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:29:44.0417 2916 HTTP - ok
18:29:44.0433 2916 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:29:44.0433 2916 hwpolicy - ok
18:29:44.0495 2916 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:44.0495 2916 i8042prt - ok
18:29:44.0527 2916 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
18:29:44.0527 2916 iaStorV - ok
18:29:44.0589 2916 IDMWFP (abdb3c09f68292f0eb9c81855c0e47b5) C:\Windows\system32\DRIVERS\idmwfp.sys
18:29:44.0589 2916 IDMWFP - ok
18:29:44.0683 2916 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:44.0714 2916 idsvc - ok
18:29:44.0729 2916 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:29:44.0729 2916 iirsp - ok
18:29:44.0807 2916 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
18:29:44.0839 2916 IKEEXT - ok
18:29:44.0854 2916 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:29:44.0854 2916 intelide - ok
18:29:44.0885 2916 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:44.0885 2916 intelppm - ok
18:29:44.0901 2916 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:29:44.0901 2916 IPBusEnum - ok
18:29:44.0932 2916 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:44.0948 2916 IpFilterDriver - ok
18:29:45.0603 2916 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
18:29:45.0634 2916 iphlpsvc - ok
18:29:45.0650 2916 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:29:45.0650 2916 IPMIDRV - ok
18:29:45.0728 2916 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:29:45.0728 2916 IPNAT - ok
18:29:45.0759 2916 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:29:45.0759 2916 IRENUM - ok
18:29:45.0837 2916 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:29:45.0853 2916 isapnp - ok
18:29:45.0899 2916 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:45.0915 2916 iScsiPrt - ok
18:29:45.0962 2916 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:45.0962 2916 kbdclass - ok
18:29:46.0009 2916 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:46.0009 2916 kbdhid - ok
18:29:46.0071 2916 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:46.0071 2916 KeyIso - ok
18:29:46.0133 2916 KSecDD (52fc17c8589f11747d01d3cf592673d0) C:\Windows\system32\Drivers\ksecdd.sys
18:29:46.0133 2916 KSecDD - ok
18:29:46.0274 2916 KSecPkg (3e5474b03568cfab834da3c38e8c9efa) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:46.0274 2916 KSecPkg - ok
18:29:46.0321 2916 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:29:46.0321 2916 KtmRm - ok
18:29:46.0430 2916 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
18:29:46.0445 2916 LanmanServer - ok
18:29:46.0523 2916 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
18:29:46.0539 2916 LanmanWorkstation - ok
18:29:46.0664 2916 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:46.0679 2916 lltdio - ok
18:29:46.0929 2916 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:29:46.0929 2916 lltdsvc - ok
18:29:46.0960 2916 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:29:46.0960 2916 lmhosts - ok
18:29:47.0101 2916 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:47.0101 2916 LSI_FC - ok
18:29:47.0210 2916 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:47.0210 2916 LSI_SAS - ok
18:29:47.0288 2916 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:47.0288 2916 LSI_SAS2 - ok
18:29:47.0413 2916 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:47.0413 2916 LSI_SCSI - ok
18:29:47.0459 2916 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:29:47.0459 2916 luafv - ok
18:29:47.0475 2916 mcdbus - ok
18:29:47.0506 2916 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
18:29:47.0522 2916 Mcx2Svc - ok
18:29:47.0537 2916 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:29:47.0537 2916 megasas - ok
18:29:47.0553 2916 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:29:47.0569 2916 MegaSR - ok
18:29:47.0615 2916 MEI (cfcb18986426a2d8e66f1992636221d0) C:\Windows\system32\DRIVERS\HECI.sys
18:29:47.0615 2916 MEI - ok
18:29:47.0709 2916 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:29:47.0725 2916 Microsoft Office Groove Audit Service - ok
18:29:47.0740 2916 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:29:47.0740 2916 MMCSS - ok
18:29:47.0756 2916 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:29:47.0756 2916 Modem - ok
18:29:47.0803 2916 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:29:47.0803 2916 monitor - ok
18:29:47.0849 2916 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:47.0849 2916 mouclass - ok
18:29:47.0881 2916 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:47.0881 2916 mouhid - ok
18:29:47.0927 2916 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:29:47.0927 2916 mountmgr - ok
18:29:48.0021 2916 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:29:48.0021 2916 MozillaMaintenance - ok
18:29:48.0037 2916 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:29:48.0052 2916 mpio - ok
18:29:48.0052 2916 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:29:48.0068 2916 mpsdrv - ok
18:29:48.0115 2916 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
18:29:48.0146 2916 MpsSvc - ok
18:29:48.0161 2916 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:29:48.0161 2916 MRxDAV - ok
18:29:48.0208 2916 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:48.0208 2916 mrxsmb - ok
18:29:48.0239 2916 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:48.0239 2916 mrxsmb10 - ok
18:29:48.0286 2916 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:48.0286 2916 mrxsmb20 - ok
18:29:48.0302 2916 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:29:48.0302 2916 msahci - ok
18:29:48.0349 2916 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:29:48.0349 2916 msdsm - ok
18:29:48.0380 2916 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:29:48.0395 2916 MSDTC - ok
18:29:48.0427 2916 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:29:48.0427 2916 Msfs - ok
18:29:48.0442 2916 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:48.0458 2916 mshidkmdf - ok
18:29:48.0473 2916 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:29:48.0473 2916 msisadrv - ok
18:29:48.0520 2916 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:29:48.0520 2916 MSiSCSI - ok
18:29:48.0536 2916 msiserver - ok
18:29:48.0567 2916 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:48.0567 2916 MSKSSRV - ok
18:29:48.0567 2916 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:48.0567 2916 MSPCLOCK - ok
18:29:48.0583 2916 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:29:48.0583 2916 MSPQM - ok
18:29:48.0598 2916 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:29:48.0598 2916 MsRPC - ok
18:29:48.0614 2916 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:48.0614 2916 mssmbios - ok
18:29:48.0614 2916 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:29:48.0614 2916 MSTEE - ok
18:29:48.0614 2916 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:29:48.0614 2916 MTConfig - ok
18:29:48.0629 2916 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:29:48.0629 2916 Mup - ok
18:29:48.0707 2916 MyWiFiDHCPDNS (59cb80ba7388b3d76ab28d5919688925) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:29:48.0723 2916 MyWiFiDHCPDNS - ok
18:29:48.0754 2916 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
18:29:48.0770 2916 napagent - ok
18:29:48.0832 2916 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:48.0832 2916 NativeWifiP - ok
18:29:48.0895 2916 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:29:48.0910 2916 NDIS - ok
18:29:48.0926 2916 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:48.0926 2916 NdisCap - ok
18:29:48.0957 2916 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:48.0957 2916 NdisTapi - ok
18:29:49.0004 2916 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:49.0004 2916 Ndisuio - ok
18:29:49.0019 2916 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:49.0019 2916 NdisWan - ok
18:29:49.0035 2916 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:29:49.0035 2916 NDProxy - ok
18:29:49.0051 2916 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:29:49.0051 2916 NetBIOS - ok
18:29:49.0082 2916 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:29:49.0082 2916 NetBT - ok
18:29:49.0129 2916 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:49.0129 2916 Netlogon - ok
18:29:49.0175 2916 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:29:49.0191 2916 Netman - ok
18:29:49.0285 2916 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0316 2916 NetMsmqActivator - ok
18:29:49.0331 2916 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0331 2916 NetPipeActivator - ok
18:29:49.0378 2916 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:29:49.0394 2916 netprofm - ok
18:29:49.0409 2916 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0409 2916 NetTcpActivator - ok
18:29:49.0425 2916 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:49.0425 2916 NetTcpPortSharing - ok
18:29:49.0753 2916 NETwNs32 (5c979c481981e04919ecbb3b88d54b34) C:\Windows\system32\DRIVERS\NETwNs32.sys
18:29:49.0909 2916 NETwNs32 - ok
18:29:50.0018 2916 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:29:50.0018 2916 nfrd960 - ok
18:29:50.0049 2916 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
18:29:50.0065 2916 NlaSvc - ok
18:29:50.0080 2916 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:29:50.0080 2916 Npfs - ok
18:29:50.0096 2916 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:29:50.0111 2916 nsi - ok
18:29:50.0111 2916 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:29:50.0111 2916 nsiproxy - ok
18:29:50.0189 2916 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
18:29:50.0221 2916 Ntfs - ok
18:29:50.0236 2916 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:29:50.0236 2916 Null - ok
18:29:50.0299 2916 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
18:29:50.0299 2916 NVHDA - ok
18:29:50.0720 2916 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:29:50.0767 2916 nvlddmkm - ok
18:29:50.0907 2916 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
18:29:50.0923 2916 nvraid - ok
18:29:50.0938 2916 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
18:29:50.0938 2916 nvstor - ok
18:29:51.0032 2916 nvsvc (70145ade9efe2ce296dd5fc761b4969b) C:\Windows\system32\nvvsvc.exe
18:29:51.0047 2916 nvsvc - ok
18:29:51.0219 2916 nvUpdatusService (d3acc38a963b71bd4d2dfdc1050219b9) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:29:51.0281 2916 nvUpdatusService - ok
18:29:51.0391 2916 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:29:51.0391 2916 nv_agp - ok
18:29:51.0469 2916 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:51.0484 2916 odserv - ok
18:29:51.0531 2916 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:51.0531 2916 ohci1394 - ok
18:29:51.0593 2916 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:51.0625 2916 ose - ok
18:29:51.0671 2916 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:29:51.0671 2916 p2pimsvc - ok
18:29:51.0703 2916 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:29:51.0718 2916 p2psvc - ok
18:29:51.0749 2916 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:29:51.0749 2916 Parport - ok
18:29:51.0796 2916 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
18:29:51.0796 2916 partmgr - ok
18:29:51.0796 2916 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:29:51.0812 2916 Parvdm - ok
18:29:51.0827 2916 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:29:51.0827 2916 PcaSvc - ok
18:29:51.0874 2916 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:29:51.0890 2916 pci - ok
18:29:51.0890 2916 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:29:51.0890 2916 pciide - ok
18:29:51.0921 2916 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:29:51.0921 2916 pcmcia - ok
18:29:51.0937 2916 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:29:51.0937 2916 pcw - ok
18:29:51.0999 2916 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:29:52.0077 2916 PEAUTH - ok
18:29:52.0155 2916 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:29:52.0186 2916 PeerDistSvc - ok
18:29:52.0280 2916 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
18:29:52.0311 2916 pla - ok
18:29:52.0436 2916 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
18:29:52.0451 2916 PlugPlay - ok
18:29:52.0467 2916 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:29:52.0467 2916 PNRPAutoReg - ok
18:29:52.0498 2916 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:29:52.0498 2916 PNRPsvc - ok
18:29:52.0529 2916 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
18:29:52.0545 2916 PolicyAgent - ok
18:29:52.0561 2916 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
18:29:52.0576 2916 Power - ok
18:29:52.0639 2916 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:52.0654 2916 PptpMiniport - ok
18:29:52.0670 2916 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:29:52.0670 2916 Processor - ok
18:29:52.0717 2916 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
18:29:52.0732 2916 ProfSvc - ok
18:29:52.0763 2916 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:52.0763 2916 ProtectedStorage - ok
18:29:52.0810 2916 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:29:52.0810 2916 Psched - ok
18:29:52.0904 2916 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:29:52.0935 2916 ql2300 - ok
18:29:53.0029 2916 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:53.0029 2916 ql40xx - ok
18:29:53.0060 2916 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:29:53.0075 2916 QWAVE - ok
18:29:53.0091 2916 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:29:53.0091 2916 QWAVEdrv - ok
18:29:53.0107 2916 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:53.0107 2916 RasAcd - ok
18:29:53.0138 2916 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:53.0138 2916 RasAgileVpn - ok
18:29:53.0153 2916 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:29:53.0153 2916 RasAuto - ok
18:29:53.0169 2916 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:53.0185 2916 Rasl2tp - ok
18:29:53.0200 2916 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
18:29:53.0200 2916 RasMan - ok
18:29:53.0216 2916 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:53.0216 2916 RasPppoe - ok
18:29:53.0231 2916 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:53.0247 2916 RasSstp - ok
18:29:53.0263 2916 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:53.0263 2916 rdbss - ok
18:29:53.0278 2916 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:53.0278 2916 rdpbus - ok
18:29:53.0294 2916 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:53.0294 2916 RDPCDD - ok
18:29:53.0325 2916 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
18:29:53.0325 2916 RDPDR - ok
18:29:53.0356 2916 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:29:53.0356 2916 RDPENCDD - ok
18:29:53.0372 2916 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:29:53.0372 2916 RDPREFMP - ok
18:29:53.0419 2916 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
18:29:53.0419 2916 RDPWD - ok
18:29:53.0434 2916 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:29:53.0450 2916 rdyboost - ok
18:29:53.0543 2916 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:29:53.0559 2916 RegSrvc - ok
18:29:53.0606 2916 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:29:53.0606 2916 RemoteAccess - ok
18:29:53.0637 2916 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:29:53.0637 2916 RemoteRegistry - ok
18:29:53.0653 2916 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:29:53.0653 2916 RpcEptMapper - ok
18:29:53.0668 2916 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:29:53.0684 2916 RpcLocator - ok
18:29:53.0715 2916 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:29:53.0715 2916 RpcSs - ok
18:29:53.0777 2916 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:53.0777 2916 rspndr - ok
18:29:53.0855 2916 RTL8167 (3e7c3e75a40118e267db10fe4cbce0da) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:29:53.0855 2916 RTL8167 - ok
18:29:53.0871 2916 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
18:29:53.0871 2916 s3cap - ok
18:29:53.0918 2916 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:53.0918 2916 SamSs - ok
18:29:53.0949 2916 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:29:53.0949 2916 sbp2port - ok
18:29:53.0980 2916 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:29:53.0996 2916 SCardSvr - ok
18:29:53.0996 2916 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:54.0011 2916 scfilter - ok
18:29:54.0074 2916 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
18:29:54.0089 2916 Schedule - ok
18:29:54.0121 2916 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:29:54.0121 2916 SCPolicySvc - ok
18:29:54.0136 2916 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
18:29:54.0136 2916 SDRSVC - ok
18:29:54.0183 2916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:29:54.0183 2916 secdrv - ok
18:29:54.0199 2916 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:29:54.0199 2916 seclogon - ok
18:29:54.0214 2916 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
18:29:54.0214 2916 SENS - ok
18:29:54.0230 2916 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:29:54.0245 2916 SensrSvc - ok
18:29:54.0261 2916 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:29:54.0261 2916 Serenum - ok
18:29:54.0292 2916 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:29:54.0308 2916 Serial - ok
18:29:54.0339 2916 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:29:54.0339 2916 sermouse - ok
18:29:54.0370 2916 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
18:29:54.0370 2916 SessionEnv - ok
18:29:54.0386 2916 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:29:54.0386 2916 sffdisk - ok
18:29:54.0401 2916 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:29:54.0401 2916 sffp_mmc - ok
18:29:54.0417 2916 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:29:54.0417 2916 sffp_sd - ok
18:29:54.0433 2916 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:54.0433 2916 sfloppy - ok
18:29:54.0479 2916 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:29:54.0495 2916 SharedAccess - ok
18:29:54.0526 2916 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
18:29:54.0542 2916 ShellHWDetection - ok
18:29:54.0573 2916 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:29:54.0573 2916 sisagp - ok
18:29:54.0620 2916 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:54.0620 2916 SiSRaid2 - ok
18:29:54.0635 2916 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:54.0635 2916 SiSRaid4 - ok
18:29:55.0057 2916 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
18:29:55.0057 2916 SkypeUpdate - ok
18:29:55.0088 2916 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:29:55.0103 2916 Smb - ok
18:29:55.0150 2916 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:29:55.0150 2916 SNMPTRAP - ok
18:29:55.0166 2916 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:29:55.0166 2916 spldr - ok
18:29:55.0228 2916 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
18:29:55.0228 2916 Spooler - ok
18:29:55.0369 2916 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
18:29:55.0462 2916 sppsvc - ok
18:29:55.0525 2916 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
18:29:55.0540 2916 sppuinotify - ok
18:29:55.0571 2916 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
18:29:55.0571 2916 srv - ok
18:29:55.0603 2916 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
18:29:55.0618 2916 srv2 - ok
18:29:55.0634 2916 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:55.0634 2916 srvnet - ok
18:29:55.0649 2916 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:29:55.0665 2916 SSDPSRV - ok
18:29:55.0681 2916 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:29:55.0696 2916 SstpSvc - ok
18:29:55.0759 2916 Steam Client Service - ok
18:29:55.0852 2916 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:29:55.0852 2916 Stereo Service - ok
18:29:55.0883 2916 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:29:55.0883 2916 stexstor - ok
18:29:55.0915 2916 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
18:29:55.0946 2916 StiSvc - ok
18:29:55.0961 2916 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
18:29:55.0961 2916 storflt - ok
18:29:55.0993 2916 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
18:29:55.0993 2916 storvsc - ok
18:29:56.0008 2916 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:29:56.0008 2916 swenum - ok
18:29:56.0149 2916 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:29:56.0164 2916 SwitchBoard - ok
18:29:56.0211 2916 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:29:56.0227 2916 swprv - ok
18:29:56.0289 2916 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
18:29:56.0320 2916 SysMain - ok
18:29:56.0336 2916 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
18:29:56.0336 2916 TabletInputService - ok
18:29:56.0367 2916 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
18:29:56.0367 2916 TapiSrv - ok
18:29:56.0383 2916 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:29:56.0383 2916 TBS - ok
18:29:56.0476 2916 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
18:29:56.0539 2916 Tcpip - ok
18:29:56.0570 2916 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
18:29:56.0585 2916 TCPIP6 - ok
18:29:56.0617 2916 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:29:56.0617 2916 tcpipreg - ok
18:29:56.0632 2916 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:29:56.0632 2916 TDPIPE - ok
18:29:56.0679 2916 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
18:29:56.0679 2916 TDTCP - ok
18:29:56.0695 2916 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:29:56.0695 2916 tdx - ok
18:29:56.0710 2916 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:29:56.0710 2916 TermDD - ok
18:29:56.0757 2916 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
18:29:56.0773 2916 TermService - ok
18:29:56.0788 2916 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:29:56.0788 2916 Themes - ok
18:29:56.0804 2916 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:29:56.0804 2916 THREADORDER - ok
18:29:56.0851 2916 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:29:56.0851 2916 TrkWks - ok
18:29:56.0897 2916 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
18:29:56.0897 2916 TrustedInstaller - ok
18:29:56.0913 2916 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:56.0913 2916 tssecsrv - ok
18:29:56.0960 2916 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:29:56.0975 2916 tunnel - ok
18:29:56.0975 2916 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:29:56.0991 2916 uagp35 - ok
18:29:57.0007 2916 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:29:57.0022 2916 udfs - ok
18:29:57.0038 2916 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:29:57.0038 2916 UI0Detect - ok
18:29:57.0069 2916 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:29:57.0069 2916 uliagpkx - ok
18:29:57.0100 2916 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:29:57.0100 2916 umbus - ok
18:29:57.0116 2916 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:29:57.0116 2916 UmPass - ok
18:29:57.0163 2916 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
18:29:57.0163 2916 UmRdpService - ok
18:29:57.0194 2916 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:29:57.0194 2916 upnphost - ok
18:29:57.0241 2916 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:57.0241 2916 usbccgp - ok
18:29:57.0256 2916 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:29:57.0272 2916 usbcir - ok
18:29:57.0303 2916 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
18:29:57.0303 2916 usbehci - ok
18:29:57.0334 2916 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
18:29:57.0334 2916 usbhub - ok
18:29:57.0350 2916 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:29:57.0365 2916 usbohci - ok
18:29:57.0365 2916 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:29:57.0381 2916 usbprint - ok
18:29:57.0412 2916 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:57.0412 2916 USBSTOR - ok
18:29:57.0428 2916 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
18:29:57.0428 2916 usbuhci - ok
18:29:57.0475 2916 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
18:29:57.0475 2916 usbvideo - ok
18:29:57.0490 2916 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:29:57.0506 2916 UxSms - ok
18:29:57.0537 2916 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:57.0537 2916 VaultSvc - ok
18:29:57.0584 2916 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:29:57.0584 2916 vdrvroot - ok
18:29:57.0615 2916 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
18:29:57.0631 2916 vds - ok
18:29:57.0677 2916 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:57.0677 2916 vga - ok
18:29:57.0693 2916 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:29:57.0693 2916 VgaSave - ok
18:29:57.0724 2916 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:29:57.0724 2916 vhdmp - ok
18:29:57.0755 2916 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:29:57.0755 2916 viaagp - ok
18:29:57.0771 2916 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:29:57.0771 2916 ViaC7 - ok
18:29:57.0787 2916 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:29:57.0787 2916 viaide - ok
18:29:57.0818 2916 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
18:29:57.0833 2916 vmbus - ok
18:29:57.0849 2916 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
18:29:57.0849 2916 VMBusHID - ok
18:29:57.0865 2916 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:29:57.0865 2916 volmgr - ok
18:29:57.0896 2916 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:29:57.0896 2916 volmgrx - ok
18:29:57.0943 2916 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:29:57.0958 2916 volsnap - ok
18:29:58.0005 2916 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:29:58.0005 2916 vsmraid - ok
18:29:58.0067 2916 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
18:29:58.0099 2916 VSS - ok
18:29:58.0114 2916 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:29:58.0114 2916 vwifibus - ok
18:29:58.0145 2916 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:29:58.0145 2916 vwififlt - ok
18:29:58.0161 2916 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
18:29:58.0161 2916 vwifimp - ok
18:29:58.0208 2916 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:29:58.0208 2916 W32Time - ok
18:29:58.0239 2916 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:29:58.0239 2916 WacomPen - ok
18:29:58.0270 2916 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:58.0270 2916 WANARP - ok
18:29:58.0286 2916 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:29:58.0286 2916 Wanarpv6 - ok
18:29:58.0395 2916 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:29:58.0457 2916 WatAdminSvc - ok
18:29:58.0567 2916 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
18:29:58.0613 2916 wbengine - ok
18:29:58.0629 2916 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:29:58.0645 2916 WbioSrvc - ok
18:29:58.0660 2916 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
18:29:58.0676 2916 wcncsvc - ok
18:29:58.0676 2916 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:29:58.0691 2916 WcsPlugInService - ok
18:29:58.0723 2916 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:29:58.0723 2916 Wd - ok
18:29:58.0738 2916 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:29:58.0769 2916 Wdf01000 - ok
18:29:58.0785 2916 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:29:58.0785 2916 WdiServiceHost - ok
18:29:58.0785 2916 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:29:58.0801 2916 WdiSystemHost - ok
18:29:58.0816 2916 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
18:29:58.0816 2916 WebClient - ok
18:29:58.0847 2916 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:29:58.0847 2916 Wecsvc - ok
18:29:58.0863 2916 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:29:58.0863 2916 wercplsupport - ok
18:29:58.0894 2916 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:29:58.0910 2916 WerSvc - ok
18:29:58.0941 2916 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:58.0957 2916 WfpLwf - ok
18:29:58.0972 2916 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:29:58.0972 2916 WIMMount - ok
18:29:59.0066 2916 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:29:59.0081 2916 WinDefend - ok
18:29:59.0081 2916 WinHttpAutoProxySvc - ok
18:29:59.0144 2916 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:29:59.0144 2916 Winmgmt - ok
18:29:59.0222 2916 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
18:29:59.0269 2916 WinRM - ok
18:29:59.0347 2916 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:29:59.0362 2916 Wlansvc - ok
18:29:59.0409 2916 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:29:59.0409 2916 WmiAcpi - ok
18:29:59.0471 2916 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:29:59.0471 2916 wmiApSrv - ok
18:29:59.0565 2916 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:29:59.0612 2916 WMPNetworkSvc - ok
18:29:59.0627 2916 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:29:59.0627 2916 WPCSvc - ok
18:29:59.0643 2916 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
18:29:59.0643 2916 WPDBusEnum - ok
18:29:59.0721 2916 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:29:59.0721 2916 ws2ifsl - ok
18:29:59.0737 2916 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
18:29:59.0737 2916 wscsvc - ok
18:29:59.0752 2916 WSearch - ok
18:29:59.0877 2916 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
18:29:59.0939 2916 wuauserv - ok
18:30:00.0002 2916 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:30:00.0002 2916 WudfPf - ok
18:30:00.0049 2916 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:00.0049 2916 WUDFRd - ok
18:30:00.0095 2916 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
18:30:00.0095 2916 wudfsvc - ok
18:30:00.0127 2916 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:30:00.0142 2916 WwanSvc - ok
18:30:00.0454 2916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:30:00.0673 2916 \Device\Harddisk0\DR0 - ok
18:30:00.0735 2916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:30:00.0813 2916 \Device\Harddisk1\DR1 - ok
18:30:00.0829 2916 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
18:30:00.0829 2916 \Device\Harddisk2\DR2 - ok
18:30:00.0844 2916 Boot (0x1200) (99fe9bf46eb87219923407ed2c059a06) \Device\Harddisk0\DR0\Partition0
18:30:00.0844 2916 \Device\Harddisk0\DR0\Partition0 - ok
18:30:00.0844 2916 Boot (0x1200) (c0c71b18989f77ce5634009b67a78568) \Device\Harddisk1\DR1\Partition0
18:30:00.0844 2916 \Device\Harddisk1\DR1\Partition0 - ok
18:30:00.0860 2916 Boot (0x1200) (db3da60c0803d757e706baba448ce18b) \Device\Harddisk2\DR2\Partition0
18:30:00.0860 2916 \Device\Harddisk2\DR2\Partition0 - ok
18:30:00.0860 2916 ============================================================
18:30:00.0860 2916 Scan finished
18:30:00.0860 2916 ============================================================
18:30:00.0875 3024 Detected object count: 0
18:30:00.0875 3024 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-21 18:31:18
-----------------------------
18:31:18.096 OS Version: Windows 6.1.7600
18:31:18.096 Number of processors: 8 586 0x2A07
18:31:18.096 ComputerName: ASUS-PC UserName: asus
18:31:30.482 Initialize success
18:34:10.811 AVAST engine defs: 12072100
18:34:31.325 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:34:31.325 Disk 0 Vendor: ST9500423AS 0002SDM1 Size: 476940MB BusType: 11
18:34:31.340 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:34:31.340 Disk 1 Vendor: ST9500423AS 0002SDM1 Size: 476940MB BusType: 11
18:34:31.450 Disk 1 MBR read successfully
18:34:31.450 Disk 1 MBR scan
18:34:31.465 Disk 1 Windows 7 default MBR code
18:34:31.481 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200042 MB offset 52430848
18:34:31.496 Disk 1 scanning sectors +462116864
18:34:31.559 Disk 1 scanning C:\Windows\system32\drivers
18:34:41.122 Service scanning
18:34:59.904 Modules scanning
18:35:07.486 Disk 1 trace - called modules:
18:35:07.517 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
18:35:07.517 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86661640]
18:35:07.517 3 CLASSPNP.SYS[8c9b359e] -> nt!IofCallDriver -> [0x860c7918]
18:35:07.532 5 ACPI.sys[8c4463b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x861133d0]
18:35:18.250 AVAST engine scan C:\Windows
18:35:25.660 AVAST engine scan C:\Windows\system32
18:37:55.623 AVAST engine scan C:\Windows\system32\drivers
18:38:10.115 AVAST engine scan C:\Users\asus
18:41:41.651 AVAST engine scan C:\ProgramData
18:42:20.667 Scan finished successfully
18:42:42.164 Disk 1 MBR has been saved successfully to "C:\Users\asus\Desktop\MBR.dat"
18:42:42.164 The log file has been saved successfully to "C:\Users\asus\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 21 July 2012 - 08:56 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 July 2012 - 07:38 PM

ComboFix 12-07-21.01 - asus 7/2012 Sun 7:25.2.8 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.932.81.1033.18.3569.2551 [GMT 7:00]
Running from: c:\users\asus\Desktop\ComboFix.exe
Command switches used :: c:\users\asus\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 00:32 . 2012-07-22 00:32 -------- d-----w- c:\users\UpdatusUser.asus-PC\AppData\Local\temp
2012-07-22 00:32 . 2012-07-22 00:32 -------- d-----w- c:\users\UpdatusUser.asus-PC.000\AppData\Local\temp
2012-07-22 00:32 . 2012-07-22 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 13:29 . 2012-07-21 13:29 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD8F60F1-9CD2-40C4-B25C-6728F9C6DC92}\offreg.dll
2012-07-21 10:35 . 2012-07-21 10:35 119808 ----a-r- c:\users\asus\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-21 01:46 . 2012-07-21 10:06 -------- d-----w- C:\Torrent
2012-07-20 20:53 . 2012-07-20 20:53 -------- d-----w- C:\FRST
2012-07-20 10:03 . 2012-07-22 00:32 -------- d-----w- c:\users\asus\AppData\Local\temp
2012-07-17 11:09 . 2012-07-17 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-15 05:14 . 2012-07-15 05:14 -------- d-----w- c:\programdata\Steam
2012-07-15 05:14 . 2012-07-15 05:39 -------- d-----w- c:\programdata\PopCap Games
2012-07-13 05:33 . 2012-07-13 05:33 -------- d-----w- c:\programdata\Adobe Systems
2012-07-13 05:30 . 2012-07-13 05:30 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2012-07-12 00:15 . 2012-06-12 02:44 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 09:01 . 2012-07-11 09:07 -------- d-----w- c:\program files\Orcs Must Die!
2012-07-11 01:20 . 2012-06-02 04:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 01:20 . 2012-06-02 04:50 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 01:20 . 2012-06-02 04:51 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 01:20 . 2012-06-02 04:48 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 01:20 . 2012-06-02 04:47 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 01:20 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 01:20 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 01:20 . 2012-06-06 05:09 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 01:19 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 01:19 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 01:19 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-07 12:03 . 2012-07-11 04:37 -------- d-----w- c:\users\asus\riotsGamesLogs
2012-07-06 02:47 . 2012-07-06 02:47 -------- d-----w- c:\programdata\REVOLT
2012-07-06 02:45 . 2012-07-06 02:46 -------- d-----w- c:\program files\Endless Space
2012-06-26 07:04 . 2012-07-11 10:34 -------- d-----w- c:\program files\Diablo III
2012-06-26 07:04 . 2012-06-26 07:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-06-26 07:04 . 2012-06-26 07:04 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-06-26 07:03 . 2012-06-26 07:03 -------- d-----w- c:\programdata\Battle.net
2012-06-23 11:51 . 2012-06-23 11:51 -------- d-----w- c:\users\asus\AppData\Local\SKIDROW
2012-06-23 11:45 . 2012-07-11 06:18 -------- d-----w- c:\program files\Wizards of the Coast LLC
2012-06-23 01:39 . 2012-06-23 01:39 -------- d-----w- c:\programdata\Media Center Programs
2012-06-23 01:23 . 2012-06-23 01:23 -------- d-sh--w- c:\windows\ftpcache
2012-06-22 00:39 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 00:39 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 00:39 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 00:39 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 00:39 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 00:39 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 00:39 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 00:38 . 2012-06-02 08:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 00:38 . 2012-06-02 08:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 00:44 . 2012-04-21 02:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 00:44 . 2011-12-18 05:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 23:30 . 2012-05-31 23:30 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-31 23:30 . 2012-05-31 23:30 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-31 23:30 . 2012-05-31 23:30 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-31 23:30 . 2012-05-31 23:30 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-31 23:30 . 2012-05-31 23:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-31 23:30 . 2012-05-31 23:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-31 23:30 . 2012-05-31 23:30 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-31 23:30 . 2012-05-31 23:30 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-31 23:30 . 2012-05-31 23:30 367104 ----a-w- c:\windows\system32\html.iec
2012-05-31 23:30 . 2012-05-31 23:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-31 23:30 . 2012-05-31 23:30 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-31 23:30 . 2012-05-31 23:30 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-31 23:30 . 2012-05-31 23:30 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-31 23:30 . 2012-05-31 23:30 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-31 23:30 . 2012-05-31 23:30 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-31 23:30 . 2012-05-31 23:30 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-31 23:29 . 2012-05-31 23:29 801792 ----a-w- c:\windows\system32\FntCache.dll
2012-05-31 23:29 . 2012-05-31 23:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-05-31 23:29 . 2012-05-31 23:29 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-31 23:29 . 2012-05-31 23:29 3181568 ----a-w- c:\windows\system32\mf.dll
2012-05-31 23:29 . 2012-05-31 23:29 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-31 23:29 . 2012-05-31 23:29 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-31 23:29 . 2012-05-31 23:29 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-31 23:29 . 2012-05-31 23:29 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-31 23:29 . 2012-05-31 23:29 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-31 23:29 . 2012-05-31 23:29 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-31 23:29 . 2012-05-31 23:29 107520 ----a-w- c:\windows\system32\cdd.dll
2012-05-25 09:06 . 2012-05-25 09:06 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-28 03:19 . 2012-06-13 04:38 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:48 . 2012-06-13 04:38 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:48 . 2012-06-13 04:38 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:43 . 2012-06-13 04:38 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-20 00:24 . 2012-03-02 03:20 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\users\asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 03:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-05 20:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2010-10-07 07:05 170624 ----a-w- c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2010-08-17 07:55 5732992 ----a-w- c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLxHCIm]
2011-10-17 03:24 43008 ----a-w- c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-20 05:51 136176 ----atw- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 11:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-06-19 03:29 105016 ----a-w- c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelPAN]
2011-07-27 13:28 1210640 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 15:10 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\protect_autorun]
2009-01-28 03:32 139264 ----a-w- c:\cpe17 autorun killer (antiautorun)\CPE17AntiAutorun1400.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-03-23 16:18 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 06:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBChargerPlusTray]
2011-04-18 09:51 496560 ----a-w- c:\program files\ASUS\USBChargerPlus\USBChargerPlus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AMPPALP;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AMPPALR3;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]
S3 AMPPAL;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 00:44]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725256947-3714608868-1989082813-1000Core.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 05:51]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1725256947-3714608868-1989082813-1000UA.job
- c:\users\asus\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-20 05:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.th/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\go
TCP: DhcpNameServer = 192.168.1.1
DPF: {38D3C132-7140-461D-9876-6D3E16A8579B} - hxxps://trading4.kimeng.co.th/ketrade3/control/cswxset.cab
DPF: {9A221A36-CABE-496A-983E-61B7CF9FDEBB} - hxxps://trading4.kimeng.co.th/ketrade3/control/axmenu.cab
FF - ProfilePath - c:\users\asus\AppData\Roaming\Mozilla\Firefox\Profiles\wd1hb9jq.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Company of Heroes - d:\company.of.heroes.tales.of.valor-reloaded\Uninstall_English.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: ST9500423AS rev.0002SDM1 -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.032"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ani"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bay"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cr2"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.crw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cs1"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cur"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcr"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djv"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.djvu"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dng"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.eps"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.erf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fff"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fpx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1725256947-3714608868-1989082813-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icl"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.icn"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ico"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iff"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.int"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.inta"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.iw4"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2c"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.j2k"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jp2"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpc"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1725256947-3714608868-1989082813-1000)
@Denied: (2) (LocalSystem)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpk"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.lbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mos"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mrw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.nef"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.orf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcd"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pct"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pef"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pgm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pict"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pix"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1725256947-3714608868-1989082813-1000)
@Denied: (2) (LocalSystem)
"Progid"="pngfile"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ppm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psd"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.psp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ras"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.raw"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgb"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rgba"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rsb"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sgi"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sr2"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.srf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.thm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttc"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ttf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xbm"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"
.
[HKEY_USERS\S-1-5-21-1725256947-3714608868-1989082813-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-22 07:33:29
ComboFix-quarantined-files.txt 2012-07-22 00:33
ComboFix2.txt 2012-07-20 10:03
.
Pre-Run: 100,938,604,544 bytes free
Post-Run: 100,773,400,576 bytes free
.
- - End Of File - - B5FF84E84BF658770283F051AD3E6D0E

No problem running whatsoever.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 21 July 2012 - 08:44 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 July 2012 - 08:50 PM

Update for Microsoft Office 2007 (KB2508958)
?????? Windows Live
????????? Intel® PROSet/Wireless WiFi
???????????????????? Windows Live
????????????????????????? Windows Live
ACDSee 10 Photo Manager
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Photoshop CS5
Adobe Reader 9.5.1
Adobe Stock Photos 1.0
Amnesia: The Dark Descent
ASUS USB Charger Plus
ATK Package
Bastion
Bing Bar
Braid
Cheat Engine 6.1
Company of Heroes
Company of Heroes - FAKEMSI
DAEMON Tools Lite
Diablo III
Dota 2
Endless.Space
Fresco Logic USB3.0 Host Controller
GOM Player
Google Chrome
Intel PROSet Wireless
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
League of Legends
Left 4 Dead 2
LIMBO
Lone Survivor
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 295.73
NVIDIA 3D Vision Driver 295.73
NVIDIA Control Panel 295.73
NVIDIA Graphics Driver 295.73
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.11
NVIDIA Update Components
Orcs Must Die!
Pando Media Booster
piaip AppLocale
Plants vs. Zombies: Game of the Year
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shoot Many Robots
Skype? 5.10
Steam
Super Meat Boy
Super Meat Boy Editor
Superbrothers: Sword & Sworcery EP
System Requirements Lab
The Binding of Isaac
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
VCRedistSetup
VLC media player 2.0.0
Winamp
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Writer
WinRAR archiver
Xiph.Org Open Codecs 0.85.17777
μTorrent
かみのゆ
ネトワクネトラル カレマチカノジョ

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:55 PM

Posted 21 July 2012 - 09:08 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1
Java 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshopョ Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshopョ Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Sivak

Sivak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 21 July 2012 - 10:07 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
asus :: ASUS-PC [administrator]

22/07/2012 9:59:30 AM
mbam-log-2012-07-22 (09-59-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225023
Time elapsed: 2 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:55 AM, on 22/07/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\asus\Desktop\HijackThis.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-21-1725256947-3714608868-1989082813-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1725256947-3714608868-1989082813-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ?????????? - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &???????????? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://go.microsoft.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {38D3C132-7140-461D-9876-6D3E16A8579B} (CSWSet Control) - https://trading4.kimeng.co.th/ketrade3/control/cswxset.cab
O16 - DPF: {9A221A36-CABE-496A-983E-61B7CF9FDEBB} (AXMenuCtrl Class) - https://trading4.kimeng.co.th/ketrade3/control/axmenu.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5090 bytes

No problem running the program whatsoever




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users