Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

%hs missing


  • This topic is locked This topic is locked
21 replies to this topic

#1 Amirs

Amirs

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 05 August 2012 - 02:26 AM

I really need help got no clue on how to fix this. evrtime i open my laptop blue screen comes up saying %hs missing.
i got the information below by follwing gingos posts. please help
========================== Registry (Whitelisted) =============

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2010-04-27] ()
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-04-12] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [197152 2011-02-10] (Trend Micro Inc.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-08-03] ()
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1597440 2010-07-02] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [395144 2011-05-16] (Ask)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe [75120 2011-04-25] (Driver-Soft Inc.)
HKLM-x32\...\Run: [TaskTray] C:\Program Files (x86)\Driver-Soft\DriverGenius\TaskTray.exe [292208 2011-05-21] (Driver-Soft Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-24] (Microsoft Corporation)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE [1700272 2011-09-15] (iMesh, Inc)
HKLM-x32\...\Run: [BSDAppUpdater] C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe [1660232 2011-10-14] (Bootstrap Software Development)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-06-06] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1147488 2012-08-02] ()
HKU\Amirrzz\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-08-03] (BitTorrent, Inc.)
HKU\Amirrzz\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\Amirrzz\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [1305408 2011-01-20] (DT Soft Ltd)
HKU\Amirrzz\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-08-03] (SUPERAntiSpyware.com)
HKU\Amirrzz\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-09-23] (Microsoft Corporation)
HKU\Amirrzz\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-04] (Google Inc.)
HKU\Amirrzz\...\Run: [cacaoweb] "C:\Users\Amirrzz\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer [399600 2011-12-27] ()
HKU\Amirrzz\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-12] (Skype Technologies S.A.)
HKLM\...\RunOnce: [DCERegBootClean64] C:\Windows\RegBootClean64.exe [129024 2012-08-04] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-08-03] (SUPERAntiSpyware.com)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2010-04-05] ()
3 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-02] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2314240 2009-09-30] (Intel Corporation)
2 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-08-02] ()
4 aliadwdm; [x]
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
4 DSI_SiUSBXp_3_1; [x]
4 pdscheduler; [x]
4 VIAPFD; [x]

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-02] (AVG Technologies)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-07-30] (DT Soft Ltd)
3 EraserUtilDrvI13; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [138360 2011-12-29] (Symantec Corporation)
2 ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [17464 2007-08-02] ()
3 JME; C:\Windows\System32\Drivers\JME.sys [115312 2010-02-24] (JMicron Technology Corp.)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800192 2009-08-19] ()
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [90704 2010-08-08] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [144464 2010-08-08] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [67664 2010-08-08] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105552 2010-08-08] (Trend Micro Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-08-06] ()
3 ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: aliadwdm -> ==> No File.
NETSVC: DSI_SiUSBXp_3_1 -> ==> No File.
NETSVC: VIAPFD -> ==> No File.
NETSVC: pdscheduler -> ==> No File.

============ One Month Created Files and Folders ==============

2012-08-05 17:10 - 2012-08-05 17:10 - 00000000 ____D C:\FRST
2012-08-03 22:30 - 2012-08-03 22:30 - 00000000 ____D C:\Users\Amirrzz\AppData\Local\Chromium
2012-08-03 22:29 - 2012-08-04 07:16 - 00001262 ____A C:\Windows\RegBootClean64.CFG
2012-08-03 22:28 - 2012-08-03 22:28 - 00000000 ____D C:\Users\Amirrzz\AppData\Local\{B4537D04-668E-4484-A579-01DEE5736450}
2012-08-03 16:59 - 2012-08-03 16:59 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2012-08-03 16:59 - 2012-08-03 16:59 - 00000000 ____D C:\Users\Amirrzz\Documents\Sports Interactive
2012-08-03 07:58 - 2012-08-03 07:58 - 00002069 ____A C:\Users\Public\Desktop\Football Manager 2012.lnk
2012-08-03 07:51 - 2012-08-03 07:51 - 00000000 ____D C:\Program Files (x86)\SEGA
2012-08-03 07:43 - 2012-08-03 07:44 - 00000000 ____D C:\Users\Amirrzz\AppData\Local\{BA4E0351-DCAA-4F8F-BD16-D0F0B082AE20}
2012-08-03 07:42 - 2012-08-03 07:45 - 00000308 ____A C:\Windows\Tasks\Registry Optimizer_UPDATES.job
2012-08-03 07:42 - 2012-08-03 07:45 - 00000300 ____A C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
2012-08-03 07:42 - 2012-08-03 07:42 - 00001132 ____A C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
2012-08-03 07:42 - 2012-08-03 07:42 - 00000000 ____D C:\Users\Amirrzz\AppData\Roaming\Nico Mak Computing
2012-08-03 07:42 - 2012-08-03 07:42 - 00000000 ____D C:\Program Files (x86)\WinZip Registry Optimizer
2012-08-03 07:42 - 2011-11-09 16:33 - 00018760 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot64.exe
2012-08-03 00:54 - 2012-08-03 00:54 - 00000000 ____D C:\Users\Amirrzz\Desktop\Musicc
2012-08-02 22:43 - 2012-08-02 22:43 - 00000000 ____D C:\Users\Amirrzz\AppData\Roaming\GRETECH
2012-08-02 22:43 - 2012-08-02 22:43 - 00000000 ____D C:\Users\Amirrzz\AppData\Local\AVG Secure Search
2012-08-02 22:42 - 2012-08-03 00:12 - 00000000 ____D C:\Users\Amirrzz\Downloads\Football.Manager.2012-SKIDROW
2012-08-02 22:42 - 2012-08-02 22:42 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-02 22:42 - 2012-08-02 22:42 - 00001191 ____A C:\Users\Public\Desktop\GOM Player.lnk
2012-08-02 22:42 - 2012-08-02 22:42 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-02 22:42 - 2012-08-02 22:42 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-02 22:39 - 2012-08-02 22:39 - 00000000 ____D C:\Program Files (x86)\GRETECH
2012-08-02 22:24 - 2012-08-03 21:38 - 00000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-08-02 22:22 - 2012-08-02 22:28 - 10402936 ____A (Gretech Corporation) C:\Users\Amirrzz\Downloads\GOMPLAYERENSETUP.EXE
2012-08-02 22:07 - 2012-08-02 22:07 - 00000000 ____D C:\Users\Amirrzz\AppData\Local\BitTorrent
2012-08-02 22:01 - 2012-08-02 22:01 - 00000000 ____D C:\Users\All Users\11CA

============ 3 Months Modified Files ========================

2012-08-04 15:25 - 2011-12-28 09:49 - 00002412 ____A C:\Windows\DCEBOOT.RST
2012-08-04 15:25 - 2011-10-10 22:55 - 00000000 ____A C:\Windows\DCEBOOT.LOG
2012-08-04 07:16 - 2012-08-03 22:29 - 00001262 ____A C:\Windows\RegBootClean64.CFG
2012-08-04 07:16 - 2011-12-28 09:52 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-08-04 07:16 - 2011-03-04 19:28 - 01884260 ____A C:\Windows\WindowsUpdate.log
2012-08-04 06:58 - 2011-08-02 03:13 - 00000252 ___AH C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
2012-08-04 06:56 - 2011-07-31 02:49 - 00000332 ____A C:\Windows\Tasks\At1.job
2012-08-04 06:56 - 2011-07-31 02:49 - 00000330 ____A C:\Windows\Tasks\At3.job
2012-08-04 06:56 - 2011-07-31 02:49 - 00000328 ____A C:\Windows\Tasks\At4.job
2012-08-04 06:56 - 2011-07-31 02:49 - 00000326 ____A C:\Windows\Tasks\At5.job
2012-08-04 06:56 - 2011-07-31 02:49 - 00000326 ____A C:\Windows\Tasks\At2.job
2012-08-04 06:56 - 2011-03-04 19:53 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-04 06:56 - 2009-07-13 20:51 - 00048406 ____A C:\Windows\setupact.log
2012-08-03 22:34 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 22:34 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 22:30 - 2011-10-10 22:44 - 00021520 ____A C:\Windows\DCEBoot64.exe
2012-08-03 22:28 - 2011-03-04 19:53 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 21:38 - 2012-08-02 22:24 - 00000000 __ASH C:\Windows\System32\dds_log_ad13.cmd
2012-08-03 21:38 - 2011-09-07 04:11 - 00436054 ____A C:\Windows\PFRO.log
2012-08-03 21:38 - 2011-08-02 02:20 - 00000316 __ASH C:\Windows\Tasks\EFPZ.job
2012-08-03 21:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 17:02 - 2009-07-13 21:13 - 00741900 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 07:58 - 2012-08-03 07:58 - 00002069 ____A C:\Users\Public\Desktop\Football Manager 2012.lnk
2012-08-03 07:45 - 2012-08-03 07:42 - 00000308 ____A C:\Windows\Tasks\Registry Optimizer_UPDATES.job
2012-08-03 07:45 - 2012-08-03 07:42 - 00000300 ____A C:\Windows\Tasks\Registry Optimizer_DEFAULT.job
2012-08-03 07:42 - 2012-08-03 07:42 - 00001132 ____A C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
2012-08-03 07:41 - 2011-08-05 00:05 - 00000949 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-08-03 07:40 - 2011-03-04 20:24 - 00002282 ____A C:\Windows\System32\AutoRunFilter.ini
2012-08-03 07:40 - 2011-03-04 20:24 - 00001298 ____A C:\Windows\System32\ServiceFilter.ini
2012-08-02 22:42 - 2012-08-02 22:42 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-02 22:42 - 2012-08-02 22:42 - 00001191 ____A C:\Users\Public\Desktop\GOM Player.lnk
2012-08-02 22:28 - 2012-08-02 22:22 - 10402936 ____A (Gretech Corporation) C:\Users\Amirrzz\Downloads\GOMPLAYERENSETUP.EXE
2012-08-02 21:44 - 2011-08-23 22:28 - 00008192 ____A C:\Users\Amirrzz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-02 21:22 - 2011-10-01 05:15 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-06-09 23:10 - 2011-09-11 22:20 - 00000452 ___AH C:\Windows\Tasks\Norton Security Scan for Amirrzz.job

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4020.51 MB
Available physical RAM: 3427 MB
Total Pagefile: 4018.66 MB
Available Pagefile: 3410.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:115.22 GB) (Free:38.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Data) (Fixed) (Total:329.05 GB) (Free:129.36 GB) NTFS
4 Drive f: (AMIRZ USB) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3820 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 21 GB 32 KB
Partition 2 Primary 115 GB 21 GB
Partition 0 Extended 329 GB 136 GB
Partition 3 Logical 329 GB 136 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 115 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Data NTFS Partition 329 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3816 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F AMIRZ USB FAT32 Removable 3816 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-03 04:58

======================= End Of Log ==========================

Edited by Amirs, 05 August 2012 - 02:42 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 06 August 2012 - 01:00 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

SubSystems: [Windows] ATTENTION! ====> ZeroAccess
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
CMD: Del /q C:\Windows\Tasks\At*.job


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 August 2012 - 01:52 AM

This what igot after doing what youve told me and thanks so much for replaying back !


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-07 16:50:35 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

========= Del /q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 07 August 2012 - 02:45 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 August 2012 - 03:54 AM

I Uninstalled my superanispyware and trend micro because i didnt need them yet this warning sign still appears that there active

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 07 August 2012 - 04:01 AM

go ahead and run it
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 August 2012 - 04:21 AM

its been on "preparing log report " for a while now. 10 mins

#8 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 August 2012 - 04:29 AM

This is it, i wont replie after this for 1 hour because i have to go somewhere but this is there report i got. THANK YOU SOO MUCH MAN!


ComboFix 12-08-07.01 - Amirrzz 07/08/2012 18:57:29.1.1 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4021.2720 [GMT 10:00]
Running from: E:\ComboFix.exe
AV: Trend Micro Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\Net4Switch.ico
c:\programdata\FullRemove.exe
c:\users\Amirrzz\AppData\Local\Minibar
c:\users\Amirrzz\AppData\Local\Minibar\chrome\background.html
c:\users\Amirrzz\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Amirrzz\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Amirrzz\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Amirrzz\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Amirrzz\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Amirrzz\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\main.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\manifest.json
c:\users\Amirrzz\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\popup.html
c:\users\Amirrzz\AppData\Local\Minibar\chrome\popup.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome\tab.html
c:\users\Amirrzz\AppData\Local\Minibar\chrome\tab.js
c:\users\Amirrzz\AppData\Local\Minibar\chrome_installer.js
c:\users\Amirrzz\AppData\Local\Minibar\common.js
c:\users\Amirrzz\AppData\Local\Minibar\install.json
c:\users\Amirrzz\AppData\Local\Minibar\minibar.crx
c:\users\Amirrzz\AppData\Local\Minibar\sqlite3.exe
c:\users\Amirrzz\AppData\Local\Minibar\Uninstall.exe
c:\users\Amirrzz\AppData\Roaming\cacaoweb
c:\users\Amirrzz\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Amirrzz\AppData\Roaming\cacaoweb\download31VOMQB0803932884.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\download96AARCQH453011002.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\downloadAKRPACOS590495080.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\downloadEQ3MZX19842570174.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\downloadISPRV4NG381805074.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\downloadRXESPXZW341592022.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\downloadWCX8IARO283419872.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\downloadYDSA9EG3181977668.cacao
c:\users\Amirrzz\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Amirrzz\AppData\Roaming\cacaoweb\storage.db
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 09:11 . 2012-08-07 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 08:40 . 2012-08-07 08:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-07 07:54 . 2012-08-07 07:54 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-08-06 01:10 . 2012-08-06 01:10 -------- d-----w- C:\FRST
2012-08-04 15:06 . 2012-08-04 15:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-04 06:30 . 2012-08-04 06:30 -------- d-----w- c:\users\Amirrzz\AppData\Local\Chromium
2012-08-03 15:51 . 2012-08-03 15:51 -------- d-----w- c:\program files (x86)\SEGA
2012-08-03 15:42 . 2012-08-03 15:42 -------- d-----w- c:\users\Amirrzz\AppData\Roaming\Nico Mak Computing
2012-08-03 15:42 . 2011-11-10 00:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-08-03 15:42 . 2012-08-03 15:42 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\Amirrzz\AppData\Roaming\GRETECH
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\Amirrzz\AppData\Local\AVG Secure Search
2012-08-03 06:42 . 2012-08-03 06:42 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-03 06:42 . 2012-08-03 06:42 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-03 06:42 . 2012-08-03 06:42 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-03 06:42 . 2012-08-03 06:42 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-03 06:39 . 2012-08-03 06:39 -------- d--h--w- c:\programdata\Common Files
2012-08-03 06:39 . 2012-08-03 06:39 -------- d-----w- c:\program files (x86)\GRETECH
2012-08-03 06:24 . 2012-08-04 05:38 0 --sha-w- c:\windows\system32\dds_log_ad13.cmd
2012-08-03 06:07 . 2012-08-03 06:07 -------- d-----w- c:\users\Amirrzz\AppData\Local\BitTorrent
2012-08-03 06:01 . 2012-08-03 06:01 -------- d-----w- c:\programdata\11CA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 08:43 . 2011-10-01 13:15 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-04 15:16 . 2011-12-28 17:52 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-08-04 06:30 . 2011-10-11 06:44 21520 ----a-w- c:\windows\DCEBoot64.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-08-03 11:31 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-03 06:42 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 03:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-08-03 89008]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-03 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-03 1022352]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-05 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Starter"="c:\program files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe" [2011-04-26 75120]
"TaskTray"="c:\program files (x86)\Driver-Soft\DriverGenius\TaskTray.exe" [2011-05-22 292208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BSDAppUpdater"="c:\program files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe" [2011-10-15 1660232]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-5 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-3-5 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 EraserUtilDrvI13;EraserUtilDrvI13;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [2011-12-29 138360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 135664]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-09 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-03 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-30 254528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-11 203264]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-03 830048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-11 7765504]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-11 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 03:53]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-05 03:53]
.
2012-08-03 c:\windows\Tasks\Registry Optimizer_DEFAULT.job
- c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-08-03 00:33]
.
2012-08-03 c:\windows\Tasks\Registry Optimizer_UPDATES.job
- c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe [2012-08-03 00:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aliadwdm
DSI_SiUSBXp_3_1
VIAPFD
pdscheduler
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={9C499C28-07EA-4AC1-BD99-2E0B8953E4F8}&mid=29013d00d34c47d084df9f14262c2a7b-2755f556917fddf5f986d1ec45c36e96de7336e0&lang=en&ds=gm011&pr=sa&d=2012-08-03 16:42&v=12.1.0.21&sap=hp
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-cacaoweb - c:\users\Amirrzz\AppData\Roaming\cacaoweb\cacaoweb.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Astroburn Toolbar - c:\program files (x86)\Astroburn Toolbar\uninst.exe
AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\uninst.exe
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
AddRemove-VideoPad - c:\program files (x86)\NCH Software\VideoPad\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliadwdm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSI_SiUSBXp_3_1]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdscheduler]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VIAPFD]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5a,e9,28,d5,1f,7c,44,bc,f3,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5a,e9,28,d5,1f,7c,44,bc,f3,fe,\
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-07 19:26:49
ComboFix-quarantined-files.txt 2012-08-07 09:26
.
Pre-Run: 43,391,197,184 bytes free
Post-Run: 54,377,299,968 bytes free
.
- - End Of File - - 67C7C8528CBFBA161980EA08E227A71B

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 07 August 2012 - 04:34 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 07 August 2012 - 07:17 AM

Tdsskiller scan


21:46:49.0929 1184 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:46:51.0099 1184 ============================================================
21:46:51.0099 1184 Current date / time: 2012/08/07 21:46:51.0099
21:46:51.0099 1184 SystemInfo:
21:46:51.0099 1184
21:46:51.0099 1184 OS Version: 6.1.7600 ServicePack: 0.0
21:46:51.0099 1184 Product type: Workstation
21:46:51.0099 1184 ComputerName: AMIRRZZ-PC
21:46:51.0099 1184 UserName: Amirrzz
21:46:51.0099 1184 Windows directory: C:\Windows
21:46:51.0099 1184 System windows directory: C:\Windows
21:46:51.0099 1184 Running under WOW64
21:46:51.0099 1184 Processor architecture: Intel x64
21:46:51.0099 1184 Number of processors: 1
21:46:51.0099 1184 Page size: 0x1000
21:46:51.0099 1184 Boot type: Normal boot
21:46:51.0099 1184 ============================================================
21:46:53.0049 1184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:46:53.0049 1184 Drive \Device\Harddisk1\DR1 - Size: 0xEEC00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:46:53.0064 1184 ============================================================
21:46:53.0064 1184 \Device\Harddisk0\DR0:
21:46:53.0064 1184 MBR partitions:
21:46:53.0064 1184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF8040, BlocksNum 0xE671A8D
21:46:53.0080 1184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1116A2CD, BlocksNum 0x2921BD63
21:46:53.0080 1184 \Device\Harddisk1\DR1:
21:46:53.0080 1184 MBR partitions:
21:46:53.0080 1184 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x774080
21:46:53.0080 1184 ============================================================
21:46:53.0111 1184 C: <-> \Device\Harddisk0\DR0\Partition0
21:46:53.0142 1184 D: <-> \Device\Harddisk0\DR0\Partition1
21:46:53.0142 1184 ============================================================
21:46:53.0142 1184 Initialize success
21:46:53.0142 1184 ============================================================
21:46:55.0705 2616 ============================================================
21:46:55.0705 2616 Scan started
21:46:55.0706 2616 Mode: Manual;
21:46:55.0706 2616 ============================================================
21:46:56.0618 2616 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:46:56.0618 2616 1394ohci - ok
21:46:56.0680 2616 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:46:56.0680 2616 ACPI - ok
21:46:56.0712 2616 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:46:56.0712 2616 AcpiPmi - ok
21:46:56.0743 2616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:46:56.0774 2616 adp94xx - ok
21:46:56.0805 2616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:46:56.0821 2616 adpahci - ok
21:46:56.0868 2616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:46:56.0868 2616 adpu320 - ok
21:46:56.0946 2616 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
21:46:56.0946 2616 ADSMService - ok
21:46:56.0977 2616 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:46:56.0977 2616 AeLookupSvc - ok
21:46:57.0039 2616 AFBAgent (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe
21:46:57.0039 2616 AFBAgent - ok
21:46:57.0102 2616 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:46:57.0117 2616 AFD - ok
21:46:57.0164 2616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:46:57.0164 2616 agp440 - ok
21:46:57.0211 2616 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:46:57.0211 2616 ALG - ok
21:46:57.0304 2616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:46:57.0304 2616 aliide - ok
21:46:57.0336 2616 AMD External Events Utility (4dc67e735cf6ff48c0aa65addd9ed02b) C:\Windows\system32\atiesrxx.exe
21:46:57.0336 2616 AMD External Events Utility - ok
21:46:57.0351 2616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:46:57.0351 2616 amdide - ok
21:46:57.0382 2616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:46:57.0382 2616 AmdK8 - ok
21:46:57.0772 2616 amdkmdag (83ce9dbeb00232195c55ca1a71ec4626) C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:57.0928 2616 amdkmdag - ok
21:46:58.0069 2616 amdkmdap (ede53a9c875a1fb6281a8d25f56ccd72) C:\Windows\system32\DRIVERS\atikmpag.sys
21:46:58.0069 2616 amdkmdap - ok
21:46:58.0100 2616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:46:58.0100 2616 AmdPPM - ok
21:46:58.0162 2616 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:46:58.0162 2616 amdsata - ok
21:46:58.0194 2616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:46:58.0194 2616 amdsbs - ok
21:46:58.0225 2616 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:46:58.0225 2616 amdxata - ok
21:46:58.0272 2616 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:46:58.0272 2616 AppID - ok
21:46:58.0287 2616 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:46:58.0287 2616 AppIDSvc - ok
21:46:58.0334 2616 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:46:58.0334 2616 Appinfo - ok
21:46:58.0428 2616 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:46:58.0459 2616 Apple Mobile Device - ok
21:46:58.0490 2616 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:46:58.0506 2616 AppMgmt - ok
21:46:58.0537 2616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:46:58.0537 2616 arc - ok
21:46:58.0568 2616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:46:58.0568 2616 arcsas - ok
21:46:58.0584 2616 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
21:46:58.0584 2616 AsDsm - ok
21:46:58.0646 2616 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:46:58.0646 2616 ASLDRService - ok
21:46:58.0662 2616 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:46:58.0662 2616 ASMMAP64 - ok
21:46:58.0708 2616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:58.0708 2616 AsyncMac - ok
21:46:58.0724 2616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:46:58.0724 2616 atapi - ok
21:46:58.0833 2616 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
21:46:58.0880 2616 athr - ok
21:46:59.0052 2616 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
21:46:59.0052 2616 AtiHDAudioService - ok
21:46:59.0114 2616 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:46:59.0114 2616 ATKGFNEXSrv - ok
21:46:59.0192 2616 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:46:59.0223 2616 AudioEndpointBuilder - ok
21:46:59.0239 2616 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:46:59.0239 2616 AudioSrv - ok
21:46:59.0286 2616 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\Windows\system32\drivers\avgtpx64.sys
21:46:59.0286 2616 avgtp - ok
21:46:59.0348 2616 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:46:59.0348 2616 AxInstSV - ok
21:46:59.0520 2616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:46:59.0535 2616 b06bdrv - ok
21:46:59.0582 2616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:59.0598 2616 b57nd60a - ok
21:46:59.0660 2616 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:46:59.0660 2616 BDESVC - ok
21:46:59.0676 2616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:46:59.0676 2616 Beep - ok
21:46:59.0738 2616 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:46:59.0769 2616 BFE - ok
21:46:59.0847 2616 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:46:59.0847 2616 BITS - ok
21:46:59.0910 2616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:46:59.0910 2616 blbdrive - ok
21:47:00.0003 2616 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:47:00.0003 2616 Bonjour Service - ok
21:47:00.0034 2616 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:47:00.0050 2616 bowser - ok
21:47:00.0066 2616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:00.0066 2616 BrFiltLo - ok
21:47:00.0081 2616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:00.0081 2616 BrFiltUp - ok
21:47:00.0128 2616 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:47:00.0128 2616 BridgeMP - ok
21:47:00.0159 2616 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:47:00.0175 2616 Browser - ok
21:47:00.0206 2616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:47:00.0222 2616 Brserid - ok
21:47:00.0253 2616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:00.0253 2616 BrSerWdm - ok
21:47:00.0268 2616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:00.0284 2616 BrUsbMdm - ok
21:47:00.0284 2616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:00.0300 2616 BrUsbSer - ok
21:47:00.0331 2616 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:47:00.0331 2616 BthEnum - ok
21:47:00.0362 2616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:00.0362 2616 BTHMODEM - ok
21:47:00.0378 2616 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:47:00.0378 2616 BthPan - ok
21:47:00.0424 2616 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
21:47:00.0440 2616 BTHPORT - ok
21:47:00.0471 2616 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:47:00.0471 2616 bthserv - ok
21:47:00.0487 2616 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
21:47:00.0487 2616 BTHUSB - ok
21:47:00.0534 2616 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
21:47:00.0534 2616 btusbflt - ok
21:47:00.0565 2616 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
21:47:00.0565 2616 btwaudio - ok
21:47:00.0612 2616 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
21:47:00.0612 2616 btwavdt - ok
21:47:00.0721 2616 btwdins (4e63c48e7328a11ed0e9075c18fce782) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:47:00.0736 2616 btwdins - ok
21:47:00.0768 2616 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:47:00.0768 2616 btwl2cap - ok
21:47:00.0799 2616 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
21:47:00.0799 2616 btwrchid - ok
21:47:00.0830 2616 catchme - ok
21:47:00.0861 2616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:47:00.0861 2616 cdfs - ok
21:47:00.0908 2616 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:47:00.0908 2616 cdrom - ok
21:47:00.0955 2616 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:47:00.0955 2616 CertPropSvc - ok
21:47:01.0002 2616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:47:01.0002 2616 circlass - ok
21:47:01.0033 2616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:47:01.0048 2616 CLFS - ok
21:47:01.0111 2616 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:01.0111 2616 clr_optimization_v2.0.50727_32 - ok
21:47:01.0158 2616 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:47:01.0173 2616 clr_optimization_v2.0.50727_64 - ok
21:47:01.0236 2616 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:47:01.0282 2616 clr_optimization_v4.0.30319_32 - ok
21:47:01.0345 2616 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:47:01.0360 2616 clr_optimization_v4.0.30319_64 - ok
21:47:01.0470 2616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:01.0470 2616 CmBatt - ok
21:47:01.0485 2616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:47:01.0485 2616 cmdide - ok
21:47:01.0532 2616 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:47:01.0548 2616 CNG - ok
21:47:01.0626 2616 CnxtHdAudService (1d6c3f92af23e352875438085f6aedee) C:\Windows\system32\drivers\CHDRT64.sys
21:47:01.0626 2616 CnxtHdAudService - ok
21:47:01.0704 2616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:47:01.0704 2616 Compbatt - ok
21:47:01.0735 2616 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:47:01.0735 2616 CompositeBus - ok
21:47:01.0750 2616 COMSysApp - ok
21:47:01.0766 2616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:01.0766 2616 crcdisk - ok
21:47:01.0813 2616 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:47:01.0813 2616 CryptSvc - ok
21:47:01.0844 2616 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
21:47:01.0860 2616 CSC - ok
21:47:01.0906 2616 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
21:47:01.0906 2616 CscService - ok
21:47:01.0984 2616 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:47:01.0984 2616 DcomLaunch - ok
21:47:02.0016 2616 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:47:02.0031 2616 defragsvc - ok
21:47:02.0094 2616 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:47:02.0094 2616 DfsC - ok
21:47:02.0156 2616 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:47:02.0172 2616 Dhcp - ok
21:47:02.0187 2616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:47:02.0187 2616 discache - ok
21:47:02.0234 2616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:47:02.0234 2616 Disk - ok
21:47:02.0265 2616 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:47:02.0265 2616 Dnscache - ok
21:47:02.0312 2616 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:47:02.0312 2616 dot3svc - ok
21:47:02.0343 2616 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:47:02.0343 2616 DPS - ok
21:47:02.0390 2616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:47:02.0390 2616 drmkaud - ok
21:47:02.0452 2616 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:47:02.0452 2616 dtsoftbus01 - ok
21:47:02.0530 2616 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:47:02.0530 2616 DXGKrnl - ok
21:47:02.0577 2616 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:47:02.0577 2616 EapHost - ok
21:47:02.0764 2616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:47:02.0842 2616 ebdrv - ok
21:47:02.0967 2616 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:47:02.0983 2616 EFS - ok
21:47:03.0076 2616 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:47:03.0108 2616 ehRecvr - ok
21:47:03.0123 2616 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:47:03.0123 2616 ehSched - ok
21:47:03.0248 2616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:47:03.0264 2616 elxstor - ok
21:47:03.0420 2616 EraserUtilDrvI13 (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys
21:47:03.0435 2616 EraserUtilDrvI13 - ok
21:47:03.0466 2616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:47:03.0466 2616 ErrDev - ok
21:47:03.0529 2616 ETD (0975bf32399a24117e317b5bf1d5d0aa) C:\Windows\system32\DRIVERS\ETD.sys
21:47:03.0529 2616 ETD - ok
21:47:03.0576 2616 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:47:03.0576 2616 EventSystem - ok
21:47:03.0622 2616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:47:03.0622 2616 exfat - ok
21:47:03.0638 2616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:47:03.0654 2616 fastfat - ok
21:47:03.0716 2616 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:47:03.0747 2616 Fax - ok
21:47:03.0763 2616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:47:03.0763 2616 fdc - ok
21:47:03.0794 2616 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:47:03.0794 2616 fdPHost - ok
21:47:03.0810 2616 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:47:03.0810 2616 FDResPub - ok
21:47:03.0841 2616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:47:03.0841 2616 FileInfo - ok
21:47:03.0872 2616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:47:03.0872 2616 Filetrace - ok
21:47:03.0888 2616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:03.0888 2616 flpydisk - ok
21:47:03.0950 2616 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:47:03.0950 2616 FltMgr - ok
21:47:04.0044 2616 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:47:04.0075 2616 FontCache - ok
21:47:04.0137 2616 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:47:04.0137 2616 FontCache3.0.0.0 - ok
21:47:04.0184 2616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:47:04.0184 2616 FsDepends - ok
21:47:04.0231 2616 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:47:04.0231 2616 fssfltr - ok
21:47:04.0387 2616 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:47:04.0434 2616 fsssvc - ok
21:47:04.0558 2616 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:47:04.0558 2616 Fs_Rec - ok
21:47:04.0605 2616 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:47:04.0605 2616 fvevol - ok
21:47:04.0621 2616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:04.0636 2616 gagp30kx - ok
21:47:04.0668 2616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:04.0668 2616 GEARAspiWDM - ok
21:47:04.0777 2616 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
21:47:04.0777 2616 ghaio - ok
21:47:04.0839 2616 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:47:04.0839 2616 gpsvc - ok
21:47:04.0964 2616 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:47:04.0964 2616 gupdate - ok
21:47:04.0980 2616 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:47:04.0980 2616 gupdatem - ok
21:47:05.0011 2616 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:47:05.0011 2616 gusvc - ok
21:47:05.0042 2616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:47:05.0042 2616 hcw85cir - ok
21:47:05.0073 2616 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:47:05.0089 2616 HdAudAddService - ok
21:47:05.0136 2616 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:05.0136 2616 HDAudBus - ok
21:47:05.0167 2616 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:47:05.0167 2616 HECIx64 - ok
21:47:05.0198 2616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:47:05.0198 2616 HidBatt - ok
21:47:05.0214 2616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:47:05.0214 2616 HidBth - ok
21:47:05.0229 2616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:47:05.0229 2616 HidIr - ok
21:47:05.0260 2616 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:47:05.0276 2616 hidserv - ok
21:47:05.0307 2616 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:47:05.0307 2616 HidUsb - ok
21:47:05.0323 2616 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:47:05.0338 2616 hkmsvc - ok
21:47:05.0354 2616 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:47:05.0370 2616 HomeGroupListener - ok
21:47:05.0416 2616 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:47:05.0416 2616 HomeGroupProvider - ok
21:47:05.0479 2616 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:47:05.0479 2616 HpSAMD - ok
21:47:05.0541 2616 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:47:05.0572 2616 HTTP - ok
21:47:05.0588 2616 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:47:05.0588 2616 hwpolicy - ok
21:47:05.0619 2616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:47:05.0635 2616 i8042prt - ok
21:47:05.0666 2616 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:47:05.0666 2616 iaStor - ok
21:47:05.0728 2616 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:47:05.0744 2616 iaStorV - ok
21:47:05.0869 2616 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:47:05.0869 2616 IDriverT - ok
21:47:05.0978 2616 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:47:06.0009 2616 idsvc - ok
21:47:06.0118 2616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:47:06.0134 2616 iirsp - ok
21:47:06.0196 2616 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:47:06.0228 2616 IKEEXT - ok
21:47:06.0259 2616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:47:06.0259 2616 intelide - ok
21:47:06.0290 2616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:47:06.0290 2616 intelppm - ok
21:47:06.0306 2616 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:47:06.0321 2616 IPBusEnum - ok
21:47:06.0337 2616 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:06.0337 2616 IpFilterDriver - ok
21:47:06.0384 2616 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:47:06.0384 2616 iphlpsvc - ok
21:47:06.0415 2616 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:47:06.0415 2616 IPMIDRV - ok
21:47:06.0446 2616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:47:06.0446 2616 IPNAT - ok
21:47:06.0540 2616 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
21:47:06.0555 2616 iPod Service - ok
21:47:06.0571 2616 ipswuio - ok
21:47:06.0602 2616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:47:06.0602 2616 IRENUM - ok
21:47:06.0618 2616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:47:06.0618 2616 isapnp - ok
21:47:06.0649 2616 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:47:06.0649 2616 iScsiPrt - ok
21:47:06.0696 2616 JMCR (db917b998cbc15a153c00dd6efc34c13) C:\Windows\system32\DRIVERS\jmcr.sys
21:47:06.0696 2616 JMCR - ok
21:47:06.0727 2616 JME (de4b2249d95c7815d06a39ea5ff4ee53) C:\Windows\system32\DRIVERS\JME.sys
21:47:06.0727 2616 JME - ok
21:47:06.0758 2616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:06.0758 2616 kbdclass - ok
21:47:06.0805 2616 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:47:06.0805 2616 kbdhid - ok
21:47:06.0836 2616 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:47:06.0836 2616 kbfiltr - ok
21:47:06.0867 2616 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:47:06.0867 2616 KeyIso - ok
21:47:06.0898 2616 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:47:06.0898 2616 KSecDD - ok
21:47:06.0930 2616 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:47:06.0930 2616 KSecPkg - ok
21:47:06.0961 2616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:47:06.0961 2616 ksthunk - ok
21:47:07.0008 2616 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:47:07.0023 2616 KtmRm - ok
21:47:07.0086 2616 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:47:07.0086 2616 LanmanServer - ok
21:47:07.0132 2616 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:47:07.0132 2616 LanmanWorkstation - ok
21:47:07.0179 2616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:47:07.0179 2616 lltdio - ok
21:47:07.0210 2616 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:47:07.0242 2616 lltdsvc - ok
21:47:07.0257 2616 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:47:07.0257 2616 lmhosts - ok
21:47:07.0351 2616 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:47:07.0351 2616 LMS - ok
21:47:07.0398 2616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:47:07.0398 2616 LSI_FC - ok
21:47:07.0413 2616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:47:07.0413 2616 LSI_SAS - ok
21:47:07.0429 2616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:47:07.0444 2616 LSI_SAS2 - ok
21:47:07.0460 2616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:47:07.0460 2616 LSI_SCSI - ok
21:47:07.0476 2616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:47:07.0491 2616 luafv - ok
21:47:07.0522 2616 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:47:07.0522 2616 Mcx2Svc - ok
21:47:07.0538 2616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:47:07.0554 2616 megasas - ok
21:47:07.0569 2616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:47:07.0585 2616 MegaSR - ok
21:47:07.0678 2616 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:47:07.0710 2616 Microsoft Office Groove Audit Service - ok
21:47:07.0741 2616 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:47:07.0741 2616 MMCSS - ok
21:47:07.0772 2616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:47:07.0772 2616 Modem - ok
21:47:07.0803 2616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:47:07.0803 2616 monitor - ok
21:47:07.0819 2616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:47:07.0819 2616 mouclass - ok
21:47:07.0850 2616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:47:07.0850 2616 mouhid - ok
21:47:07.0866 2616 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:47:07.0866 2616 mountmgr - ok
21:47:07.0897 2616 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:47:07.0897 2616 mpio - ok
21:47:07.0912 2616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:47:07.0928 2616 mpsdrv - ok
21:47:07.0975 2616 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:47:08.0022 2616 MpsSvc - ok
21:47:08.0037 2616 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:47:08.0037 2616 MRxDAV - ok
21:47:08.0084 2616 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:08.0084 2616 mrxsmb - ok
21:47:08.0115 2616 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:08.0131 2616 mrxsmb10 - ok
21:47:08.0162 2616 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:08.0162 2616 mrxsmb20 - ok
21:47:08.0209 2616 msahci (94a5023d130bf79a4e54875f6e88a69f) C:\Windows\system32\DRIVERS\msahci.sys
21:47:08.0209 2616 msahci - ok
21:47:08.0224 2616 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:47:08.0224 2616 msdsm - ok
21:47:08.0271 2616 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:47:08.0271 2616 MSDTC - ok
21:47:08.0318 2616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:47:08.0318 2616 Msfs - ok
21:47:08.0365 2616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:47:08.0365 2616 mshidkmdf - ok
21:47:08.0380 2616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:47:08.0380 2616 msisadrv - ok
21:47:08.0412 2616 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:47:08.0412 2616 MSiSCSI - ok
21:47:08.0427 2616 msiserver - ok
21:47:08.0458 2616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:47:08.0458 2616 MSKSSRV - ok
21:47:08.0474 2616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:08.0474 2616 MSPCLOCK - ok
21:47:08.0490 2616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:47:08.0490 2616 MSPQM - ok
21:47:08.0536 2616 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:47:08.0552 2616 MsRPC - ok
21:47:08.0568 2616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:47:08.0568 2616 mssmbios - ok
21:47:08.0583 2616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:47:08.0583 2616 MSTEE - ok
21:47:08.0599 2616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:47:08.0614 2616 MTConfig - ok
21:47:08.0646 2616 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:47:08.0646 2616 MTsensor - ok
21:47:08.0661 2616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:47:08.0661 2616 Mup - ok
21:47:08.0708 2616 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:47:08.0724 2616 napagent - ok
21:47:08.0786 2616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:47:08.0802 2616 NativeWifiP - ok
21:47:08.0880 2616 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:47:08.0880 2616 NDIS - ok
21:47:08.0926 2616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:08.0926 2616 NdisCap - ok
21:47:08.0973 2616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:08.0973 2616 NdisTapi - ok
21:47:08.0989 2616 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:08.0989 2616 Ndisuio - ok
21:47:09.0004 2616 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:09.0004 2616 NdisWan - ok
21:47:09.0020 2616 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:47:09.0020 2616 NDProxy - ok
21:47:09.0036 2616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:47:09.0036 2616 NetBIOS - ok
21:47:09.0067 2616 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:47:09.0082 2616 NetBT - ok
21:47:09.0114 2616 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:47:09.0114 2616 Netlogon - ok
21:47:09.0160 2616 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:47:09.0176 2616 Netman - ok
21:47:09.0223 2616 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:47:09.0223 2616 netprofm - ok
21:47:09.0301 2616 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:47:09.0301 2616 NetTcpPortSharing - ok
21:47:09.0332 2616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:47:09.0332 2616 nfrd960 - ok
21:47:09.0394 2616 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:47:09.0410 2616 NlaSvc - ok
21:47:09.0426 2616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:47:09.0426 2616 Npfs - ok
21:47:09.0441 2616 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:47:09.0441 2616 nsi - ok
21:47:09.0457 2616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:47:09.0457 2616 nsiproxy - ok
21:47:09.0566 2616 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:47:09.0613 2616 Ntfs - ok
21:47:09.0738 2616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:47:09.0738 2616 Null - ok
21:47:09.0784 2616 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:47:09.0784 2616 nvraid - ok
21:47:09.0816 2616 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:47:09.0816 2616 nvstor - ok
21:47:09.0831 2616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:47:09.0847 2616 nv_agp - ok
21:47:09.0972 2616 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:47:10.0018 2616 odserv - ok
21:47:10.0034 2616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:47:10.0034 2616 ohci1394 - ok
21:47:10.0096 2616 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:47:10.0112 2616 ose - ok
21:47:10.0159 2616 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:47:10.0174 2616 p2pimsvc - ok
21:47:10.0221 2616 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:47:10.0252 2616 p2psvc - ok
21:47:10.0268 2616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:47:10.0268 2616 Parport - ok
21:47:10.0284 2616 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:47:10.0299 2616 partmgr - ok
21:47:10.0315 2616 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:47:10.0330 2616 PcaSvc - ok
21:47:10.0346 2616 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:47:10.0346 2616 pci - ok
21:47:10.0362 2616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:47:10.0362 2616 pciide - ok
21:47:10.0393 2616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:10.0408 2616 pcmcia - ok
21:47:10.0424 2616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:47:10.0424 2616 pcw - ok
21:47:10.0611 2616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:47:10.0658 2616 PEAUTH - ok
21:47:10.0970 2616 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:47:11.0014 2616 PeerDistSvc - ok
21:47:11.0084 2616 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:47:11.0094 2616 PerfHost - ok
21:47:11.0254 2616 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:47:11.0304 2616 pla - ok
21:47:11.0364 2616 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:47:11.0384 2616 PlugPlay - ok
21:47:11.0414 2616 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:47:11.0414 2616 PNRPAutoReg - ok
21:47:11.0444 2616 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:47:11.0444 2616 PNRPsvc - ok
21:47:11.0494 2616 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:47:11.0504 2616 PolicyAgent - ok
21:47:11.0544 2616 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:47:11.0554 2616 Power - ok
21:47:11.0626 2616 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:47:11.0626 2616 PptpMiniport - ok
21:47:11.0642 2616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:47:11.0642 2616 Processor - ok
21:47:11.0688 2616 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:47:11.0688 2616 ProfSvc - ok
21:47:11.0720 2616 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:47:11.0720 2616 ProtectedStorage - ok
21:47:11.0751 2616 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:47:11.0766 2616 Psched - ok
21:47:11.0844 2616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:47:11.0891 2616 ql2300 - ok
21:47:12.0032 2616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:47:12.0047 2616 ql40xx - ok
21:47:12.0141 2616 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:47:12.0156 2616 QWAVE - ok
21:47:12.0172 2616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:47:12.0172 2616 QWAVEdrv - ok
21:47:12.0219 2616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:47:12.0234 2616 RasAcd - ok
21:47:12.0437 2616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:12.0437 2616 RasAgileVpn - ok
21:47:12.0468 2616 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:47:12.0468 2616 RasAuto - ok
21:47:12.0484 2616 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:12.0484 2616 Rasl2tp - ok
21:47:12.0515 2616 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:47:12.0531 2616 RasMan - ok
21:47:12.0578 2616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:12.0593 2616 RasPppoe - ok
21:47:12.0671 2616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:47:12.0671 2616 RasSstp - ok
21:47:12.0718 2616 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:47:12.0718 2616 rdbss - ok
21:47:12.0749 2616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:12.0749 2616 rdpbus - ok
21:47:12.0765 2616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:12.0765 2616 RDPCDD - ok
21:47:12.0796 2616 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
21:47:12.0796 2616 RDPDR - ok
21:47:12.0827 2616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:47:12.0827 2616 RDPENCDD - ok
21:47:12.0843 2616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:47:12.0843 2616 RDPREFMP - ok
21:47:12.0874 2616 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:47:12.0874 2616 RDPWD - ok
21:47:12.0921 2616 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
21:47:12.0921 2616 rdyboost - ok
21:47:12.0952 2616 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:47:12.0952 2616 RemoteAccess - ok
21:47:12.0999 2616 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:47:13.0014 2616 RemoteRegistry - ok
21:47:13.0046 2616 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:47:13.0046 2616 RFCOMM - ok
21:47:13.0155 2616 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:47:13.0170 2616 RichVideo - ok
21:47:13.0217 2616 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:47:13.0217 2616 RpcEptMapper - ok
21:47:13.0248 2616 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:47:13.0248 2616 RpcLocator - ok
21:47:13.0295 2616 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:47:13.0295 2616 RpcSs - ok
21:47:13.0342 2616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:47:13.0358 2616 rspndr - ok
21:47:13.0373 2616 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
21:47:13.0373 2616 s3cap - ok
21:47:13.0389 2616 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:47:13.0404 2616 SamSs - ok
21:47:13.0420 2616 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:47:13.0420 2616 sbp2port - ok
21:47:13.0451 2616 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:47:13.0467 2616 SCardSvr - ok
21:47:13.0467 2616 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:47:13.0482 2616 scfilter - ok
21:47:13.0560 2616 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:47:13.0592 2616 Schedule - ok
21:47:13.0623 2616 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:47:13.0623 2616 SCPolicySvc - ok
21:47:13.0654 2616 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
21:47:13.0654 2616 sdbus - ok
21:47:13.0685 2616 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:47:13.0701 2616 SDRSVC - ok
21:47:13.0716 2616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:47:13.0732 2616 secdrv - ok
21:47:13.0732 2616 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:47:13.0732 2616 seclogon - ok
21:47:13.0763 2616 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:47:13.0763 2616 SENS - ok
21:47:13.0779 2616 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:47:13.0794 2616 SensrSvc - ok
21:47:13.0826 2616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:47:13.0826 2616 Serenum - ok
21:47:13.0857 2616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:47:13.0857 2616 Serial - ok
21:47:13.0888 2616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:47:13.0888 2616 sermouse - ok
21:47:13.0919 2616 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:47:13.0919 2616 SessionEnv - ok
21:47:13.0950 2616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:47:13.0950 2616 sffdisk - ok
21:47:13.0982 2616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:47:13.0982 2616 sffp_mmc - ok
21:47:13.0997 2616 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:47:13.0997 2616 sffp_sd - ok
21:47:14.0013 2616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:47:14.0028 2616 sfloppy - ok
21:47:14.0075 2616 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:47:14.0091 2616 SharedAccess - ok
21:47:14.0138 2616 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:47:14.0138 2616 ShellHWDetection - ok
21:47:14.0169 2616 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:47:14.0184 2616 SiSGbeLH - ok
21:47:14.0216 2616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:47:14.0216 2616 SiSRaid2 - ok
21:47:14.0231 2616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:47:14.0247 2616 SiSRaid4 - ok
21:47:14.0356 2616 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:47:14.0356 2616 SkypeUpdate - ok
21:47:14.0387 2616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:47:14.0387 2616 Smb - ok
21:47:14.0434 2616 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:47:14.0434 2616 SNMPTRAP - ok
21:47:14.0574 2616 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:47:14.0625 2616 SNP2UVC - ok
21:47:14.0756 2616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:47:14.0757 2616 spldr - ok
21:47:14.0851 2616 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
21:47:14.0851 2616 spmgr - ok
21:47:14.0902 2616 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:47:14.0906 2616 Spooler - ok
21:47:15.0100 2616 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:47:15.0116 2616 sppsvc - ok
21:47:15.0248 2616 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:47:15.0253 2616 sppuinotify - ok
21:47:15.0315 2616 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:47:15.0328 2616 srv - ok
21:47:15.0374 2616 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:47:15.0394 2616 srv2 - ok
21:47:15.0427 2616 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:47:15.0430 2616 srvnet - ok
21:47:15.0483 2616 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:47:15.0489 2616 SSDPSRV - ok
21:47:15.0509 2616 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:47:15.0513 2616 SstpSvc - ok
21:47:15.0530 2616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:47:15.0530 2616 stexstor - ok
21:47:15.0599 2616 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:47:15.0625 2616 stisvc - ok
21:47:15.0660 2616 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:47:15.0660 2616 storflt - ok
21:47:15.0688 2616 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:47:15.0692 2616 StorSvc - ok
21:47:15.0729 2616 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
21:47:15.0729 2616 storvsc - ok
21:47:15.0744 2616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:47:15.0744 2616 swenum - ok
21:47:15.0791 2616 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:47:15.0807 2616 swprv - ok
21:47:15.0916 2616 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:47:15.0916 2616 SysMain - ok
21:47:16.0087 2616 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:47:16.0087 2616 TabletInputService - ok
21:47:16.0134 2616 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:47:16.0150 2616 TapiSrv - ok
21:47:16.0165 2616 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:47:16.0165 2616 TBS - ok
21:47:16.0306 2616 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:47:16.0368 2616 Tcpip - ok
21:47:16.0602 2616 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:47:16.0618 2616 TCPIP6 - ok
21:47:16.0758 2616 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:47:16.0758 2616 tcpipreg - ok
21:47:16.0774 2616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:47:16.0774 2616 TDPIPE - ok
21:47:16.0789 2616 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:47:16.0789 2616 TDTCP - ok
21:47:16.0821 2616 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:47:16.0821 2616 tdx - ok
21:47:16.0836 2616 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:47:16.0852 2616 TermDD - ok
21:47:16.0914 2616 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:47:16.0945 2616 TermService - ok
21:47:16.0961 2616 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:47:16.0961 2616 Themes - ok
21:47:16.0992 2616 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:47:16.0992 2616 THREADORDER - ok
21:47:17.0023 2616 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:47:17.0023 2616 TrkWks - ok
21:47:17.0070 2616 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:47:17.0117 2616 TrustedInstaller - ok
21:47:17.0133 2616 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:17.0133 2616 tssecsrv - ok
21:47:17.0179 2616 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:47:17.0195 2616 tunnel - ok
21:47:17.0211 2616 TurboB (c45a3e051c65106a28982caed125f855) C:\Windows\system32\DRIVERS\TurboB.sys
21:47:17.0211 2616 TurboB - ok
21:47:17.0257 2616 TurboBoost (baef86ebeaece76573fa822dea256f6c) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:47:17.0273 2616 TurboBoost - ok
21:47:17.0289 2616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:47:17.0289 2616 uagp35 - ok
21:47:17.0320 2616 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:47:17.0351 2616 udfs - ok
21:47:17.0382 2616 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:47:17.0382 2616 UI0Detect - ok
21:47:17.0413 2616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:47:17.0413 2616 uliagpkx - ok
21:47:17.0445 2616 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:47:17.0445 2616 umbus - ok
21:47:17.0460 2616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:47:17.0460 2616 UmPass - ok
21:47:17.0491 2616 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
21:47:17.0507 2616 UmRdpService - ok
21:47:17.0710 2616 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:47:17.0710 2616 UNS - ok
21:47:17.0850 2616 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:47:17.0850 2616 upnphost - ok
21:47:17.0897 2616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:47:17.0913 2616 USBAAPL64 - ok
21:47:17.0944 2616 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:17.0944 2616 usbccgp - ok
21:47:17.0975 2616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:47:17.0975 2616 usbcir - ok
21:47:18.0006 2616 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
21:47:18.0006 2616 usbehci - ok
21:47:18.0053 2616 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:47:18.0069 2616 usbhub - ok
21:47:18.0100 2616 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:47:18.0100 2616 usbohci - ok
21:47:18.0131 2616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:47:18.0131 2616 usbprint - ok
21:47:18.0162 2616 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:18.0162 2616 USBSTOR - ok
21:47:18.0193 2616 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:47:18.0193 2616 usbuhci - ok
21:47:18.0225 2616 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
21:47:18.0225 2616 usbvideo - ok
21:47:18.0256 2616 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:47:18.0256 2616 UxSms - ok
21:47:18.0287 2616 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:47:18.0287 2616 VaultSvc - ok
21:47:18.0303 2616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:47:18.0303 2616 vdrvroot - ok
21:47:18.0334 2616 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:47:18.0365 2616 vds - ok
21:47:18.0396 2616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:18.0396 2616 vga - ok
21:47:18.0412 2616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:47:18.0412 2616 VgaSave - ok
21:47:18.0443 2616 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:47:18.0459 2616 vhdmp - ok
21:47:18.0474 2616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:47:18.0474 2616 viaide - ok
21:47:18.0552 2616 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
21:47:18.0552 2616 vmbus - ok
21:47:18.0583 2616 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:47:18.0583 2616 VMBusHID - ok
21:47:18.0599 2616 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:47:18.0599 2616 volmgr - ok
21:47:18.0630 2616 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:47:18.0646 2616 volmgrx - ok
21:47:18.0677 2616 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:47:18.0693 2616 volsnap - ok
21:47:18.0724 2616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:47:18.0724 2616 vsmraid - ok
21:47:18.0833 2616 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:47:18.0880 2616 VSS - ok
21:47:19.0067 2616 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
21:47:19.0067 2616 vToolbarUpdater12.1.5 - ok
21:47:19.0207 2616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:47:19.0223 2616 vwifibus - ok
21:47:19.0254 2616 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:47:19.0254 2616 vwififlt - ok
21:47:19.0285 2616 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:47:19.0285 2616 vwifimp - ok
21:47:19.0348 2616 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:47:19.0363 2616 W32Time - ok
21:47:19.0395 2616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:47:19.0395 2616 WacomPen - ok
21:47:19.0441 2616 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:19.0441 2616 WANARP - ok
21:47:19.0457 2616 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:19.0457 2616 Wanarpv6 - ok
21:47:19.0535 2616 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:47:19.0582 2616 WatAdminSvc - ok
21:47:19.0691 2616 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:47:19.0738 2616 wbengine - ok
21:47:19.0863 2616 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:47:19.0878 2616 WbioSrvc - ok
21:47:19.0909 2616 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:47:19.0925 2616 wcncsvc - ok
21:47:19.0956 2616 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:47:19.0956 2616 WcsPlugInService - ok
21:47:20.0019 2616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:47:20.0019 2616 Wd - ok
21:47:20.0065 2616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:47:20.0081 2616 Wdf01000 - ok
21:47:20.0112 2616 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:47:20.0112 2616 WdiServiceHost - ok
21:47:20.0128 2616 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:47:20.0128 2616 WdiSystemHost - ok
21:47:20.0175 2616 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:47:20.0190 2616 WebClient - ok
21:47:20.0221 2616 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:47:20.0253 2616 Wecsvc - ok
21:47:20.0268 2616 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:47:20.0268 2616 wercplsupport - ok
21:47:20.0299 2616 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:47:20.0315 2616 WerSvc - ok
21:47:20.0377 2616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:20.0393 2616 WfpLwf - ok
21:47:20.0424 2616 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:47:20.0424 2616 WimFltr - ok
21:47:20.0440 2616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:47:20.0440 2616 WIMMount - ok
21:47:20.0487 2616 WinDefend - ok
21:47:20.0502 2616 WinHttpAutoProxySvc - ok
21:47:20.0565 2616 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:47:20.0580 2616 Winmgmt - ok
21:47:20.0705 2616 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:47:20.0752 2616 WinRM - ok
21:47:20.0939 2616 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:47:20.0939 2616 WinUsb - ok
21:47:21.0017 2616 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:47:21.0033 2616 Wlansvc - ok
21:47:21.0111 2616 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:47:21.0111 2616 wlcrasvc - ok
21:47:21.0282 2616 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:47:21.0298 2616 wlidsvc - ok
21:47:21.0438 2616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:47:21.0438 2616 WmiAcpi - ok
21:47:21.0501 2616 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:47:21.0516 2616 wmiApSrv - ok
21:47:21.0579 2616 WMPNetworkSvc - ok
21:47:21.0610 2616 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:47:21.0610 2616 WPCSvc - ok
21:47:21.0625 2616 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:47:21.0641 2616 WPDBusEnum - ok
21:47:21.0672 2616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:47:21.0672 2616 ws2ifsl - ok
21:47:21.0703 2616 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:47:21.0703 2616 wscsvc - ok
21:47:21.0719 2616 WSearch - ok
21:47:21.0859 2616 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:47:21.0875 2616 wuauserv - ok
21:47:22.0015 2616 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:47:22.0015 2616 WudfPf - ok
21:47:22.0062 2616 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:22.0062 2616 WUDFRd - ok
21:47:22.0093 2616 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:47:22.0093 2616 wudfsvc - ok
21:47:22.0125 2616 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:47:22.0140 2616 WwanSvc - ok
21:47:22.0171 2616 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:47:22.0359 2616 \Device\Harddisk0\DR0 - ok
21:47:22.0374 2616 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
21:47:22.0374 2616 \Device\Harddisk1\DR1 - ok
21:47:22.0374 2616 Boot (0x1200) (993b6a34d3474f23af7d025138c49c0b) \Device\Harddisk0\DR0\Partition0
21:47:22.0390 2616 \Device\Harddisk0\DR0\Partition0 - ok
21:47:22.0421 2616 Boot (0x1200) (b2fd0cc56b0642a2768fa00ce0dcc811) \Device\Harddisk0\DR0\Partition1
21:47:22.0421 2616 \Device\Harddisk0\DR0\Partition1 - ok
21:47:22.0421 2616 Boot (0x1200) (ed08fbc62a742bdc12ea7831301a33ff) \Device\Harddisk1\DR1\Partition0
21:47:22.0421 2616 \Device\Harddisk1\DR1\Partition0 - ok
21:47:22.0421 2616 ============================================================
21:47:22.0421 2616 Scan finished
21:47:22.0421 2616 ============================================================
21:47:22.0437 1888 Detected object count: 0
21:47:22.0437 1888 Actual detected object count: 0

AswMBR SCAN.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-07 21:49:58
-----------------------------
21:49:58.062 OS Version: Windows x64 6.1.7600
21:49:58.062 Number of processors: 1 586 0x1E05
21:49:58.062 ComputerName: AMIRRZZ-PC UserName: Amirrzz
21:49:58.795 Initialize success
22:06:17.415 AVAST engine defs: 12080700
22:06:27.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:06:27.149 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
22:06:27.165 Disk 0 MBR read successfully
22:06:27.165 Disk 0 MBR scan
22:06:27.165 Disk 0 Windows 7 default MBR code
22:06:27.165 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22000 MB offset 64
22:06:27.180 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 117987 MB offset 45056064
22:06:27.180 Disk 0 Partition - 00 0F Extended LBA 336952 MB offset 286694093
22:06:27.211 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 336951 MB offset 286696141
22:06:27.227 Disk 0 scanning C:\Windows\system32\drivers
22:06:38.388 Service scanning
22:06:59.500 Modules scanning
22:06:59.500 Disk 0 trace - called modules:
22:07:00.046 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
22:07:00.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cda060]
22:07:00.046 3 CLASSPNP.SYS[fffff88001ab843f] -> nt!IofCallDriver -> [0xfffffa8004722520]
22:07:00.061 5 ACPI.sys[fffff88000fab781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004750050]
22:07:00.966 AVAST engine scan C:\Windows
22:07:03.883 AVAST engine scan C:\Windows\system32
22:09:27.821 AVAST engine scan C:\Windows\system32\drivers
22:09:40.500 AVAST engine scan C:\Users\Amirrzz
22:13:03.587 AVAST engine scan C:\ProgramData
22:13:59.531 Scan finished successfully
22:14:16.071 Disk 0 MBR has been saved successfully to "C:\Users\Amirrzz\Desktop\MBR.dat"
22:14:16.074 The log file has been saved successfully to "C:\Users\Amirrzz\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 07 August 2012 - 04:18 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Ask.com
c:\progra~2\IMESHA~1
c:\program files (x86)\ConduitEngine
c:\progra~2\SEARCH~1
c:\program files (x86)\WinZip Registry Optimizer
c:\program files (x86)\uTorrentBar

File::
c:\windows\system32\dds_log_ad13.cmd

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 08 August 2012 - 01:13 AM

This is the latest scan !


ComboFix 12-08-07.05 - Amirrzz 08/08/2012 16:03:57.2.1 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.61.1033.18.4021.2648 [GMT 10:00]
Running from: E:\ComboFix.exe
Command switches used :: c:\users\Amirrzz\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dds_log_ad13.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\IMESHA~1
c:\progra~2\IMESHA~1\iMesh\aac_parser.ax
c:\progra~2\IMESHA~1\iMesh\ac3filter.ax
c:\progra~2\IMESHA~1\iMesh\ammp3.dll
c:\progra~2\IMESHA~1\iMesh\avcodec-51.dll
c:\progra~2\IMESHA~1\iMesh\avformat-51.dll
c:\progra~2\IMESHA~1\iMesh\avutil-49.dll
c:\progra~2\IMESHA~1\iMesh\BerkeleyLoader.dll
c:\progra~2\IMESHA~1\iMesh\CDRip.dll
c:\progra~2\IMESHA~1\iMesh\Copy_Folder.bat
c:\progra~2\IMESHA~1\iMesh\DiscoveryHelper.dll
c:\progra~2\IMESHA~1\iMesh\FixAudioDriverSignature.reg
c:\progra~2\IMESHA~1\iMesh\GIFAnimator.dll
c:\progra~2\IMESHA~1\iMesh\HTML\error.html
c:\progra~2\IMESHA~1\iMesh\HTML\Images\bg-top.jpg
c:\progra~2\IMESHA~1\iMesh\HTML\Images\closeRecommend.gif
c:\progra~2\IMESHA~1\iMesh\HTML\loading.html
c:\progra~2\IMESHA~1\iMesh\HTML\noInternet.html
c:\progra~2\IMESHA~1\iMesh\HTML\offline.html
c:\progra~2\IMESHA~1\iMesh\HTML\Recommendation_Offline.html
c:\progra~2\IMESHA~1\iMesh\ImageUploader5.ocx
c:\progra~2\IMESHA~1\iMesh\iMesh.exe
c:\progra~2\IMESHA~1\iMesh\iMesh.ico
c:\progra~2\IMESHA~1\iMesh\IMTrProgress.dll
c:\progra~2\IMESHA~1\iMesh\IMWebControl.dll
c:\progra~2\IMESHA~1\iMesh\InstallHelper.dll
c:\progra~2\IMESHA~1\iMesh\lame_enc.dll
c:\progra~2\IMESHA~1\iMesh\libungif4.dll
c:\progra~2\IMESHA~1\iMesh\lic_helper.dll
c:\progra~2\IMESHA~1\iMesh\license.txt
c:\progra~2\IMESHA~1\iMesh\MP4Splitter.ax
c:\progra~2\IMESHA~1\iMesh\MpaDecFilter.ax
c:\progra~2\IMESHA~1\iMesh\Nickel.ocx
c:\progra~2\IMESHA~1\iMesh\ResourcesLoc.dll
c:\progra~2\IMESHA~1\iMesh\sciter-x.dll
c:\progra~2\IMESHA~1\iMesh\SHW32.DLL
c:\progra~2\IMESHA~1\iMesh\Skins\Default.skn
c:\progra~2\IMESHA~1\iMesh\Skins\Default.xml
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\albums.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\albums.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\images\defpreview.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\images\playbtn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\albumsview\images\playing.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\artists.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\artists.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\header.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\header.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\defpreview.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play_disabled.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play_down.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\artistsview\images\play_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\cdripview\cdrip_view.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\cdripview\cdrip_view.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\cdripview\cdrip_view.tis
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\active.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\azure.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\black.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\blue.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\bs.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\byzantium.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close-hovered.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close-normal.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close-pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\close.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\dark-blue.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\green.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\grey.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\hover.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\inactive.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\magenta.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\olive.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\orange.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\pink.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\pro.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\images\red.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\pro-view.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\scheme.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\scheme.tis
c:\progra~2\IMESHA~1\iMesh\Skins\html\colorsbubble\view.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\common.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\common.tis
c:\progra~2\IMESHA~1\iMesh\Skins\html\guitest.html
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\defalbum.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\defbutton.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\ls_btn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\ls_btn_hover.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\ls_btn_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_bottom.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_bottom_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_bottom_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_fill.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_center_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_slider_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_top.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_top_over.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\sbv_top_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\th_btn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\th_btn_hover.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\th_btn_pressed.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\tip.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\tipb.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\images\white.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\defpreview.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\list_btn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\playbtn.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\images\playing.png
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\videos.css
c:\progra~2\IMESHA~1\iMesh\Skins\html\videosview\videos.html
c:\progra~2\IMESHA~1\iMesh\Skins\Images\DefArtwork.jpg
c:\progra~2\IMESHA~1\iMesh\Skins\Images\DefFemale.gif
c:\progra~2\IMESHA~1\iMesh\Skins\Images\DefMale.gif
c:\progra~2\IMESHA~1\iMesh\Skins\Images\FriendshipNotif.jpg
c:\progra~2\IMESHA~1\iMesh\Skins\Images\SendPlaylist.jpg
c:\progra~2\IMESHA~1\iMesh\Skins\Images\TAFLogo.PNG
c:\progra~2\IMESHA~1\iMesh\Skins\Images\ToGoLogo.PNG
c:\progra~2\IMESHA~1\iMesh\Skins\RemoteSkin.wmz
c:\progra~2\IMESHA~1\iMesh\Skins\Settings.xml
c:\progra~2\IMESHA~1\iMesh\UninstallUsers.exe
c:\progra~2\IMESHA~1\iMesh\UpdateInst.exe
c:\progra~2\IMESHA~1\iMesh\WMAProfiles.prx
c:\progra~2\IMESHA~1\iMesh\WMHelper.dll
c:\progra~2\IMESHA~1\iMesh\WMHelper.log
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\as_guid.dat
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\rsspreview.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\rsswin.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\rsswin.xsl
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\template.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\about_logo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\ca.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\divider.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\ebay_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\email.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\email_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\games.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\images.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo_about_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo_over_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo_over_t_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\logo_t_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\mail.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\modify.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\music.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\news.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rss.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\search.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\settings.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\translate.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\TRUSTe_about.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\weather.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\web.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\components\windowmediator.js
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\dtUser.exe
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshbandmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\manifest.xml
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\uninstall.exe
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\uninstallTB.exe
c:\progra~2\SEARCH~1
c:\progra~2\SEARCH~1\SearchCore for Browsers\BrowserConnection.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\datamngr.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\datamngrUI.exe
c:\progra~2\SEARCH~1\SearchCore for Browsers\DnsBHO.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\IEBHO.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\x64\BrowserConnection.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\x64\datamngr.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\x64\datamngrUI.exe
c:\progra~2\SEARCH~1\SearchCore for Browsers\x64\DnsBHO.dll
c:\progra~2\SEARCH~1\SearchCore for Browsers\x64\IEBHO.dll
c:\progra~2\SEARCH~1\sysid.ini
c:\progra~2\SEARCH~1\uninstall.exe
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cb_a1c9.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_842a.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngin.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\ldrConduitEngin.dll
c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\program files (x86)\WinZip Registry Optimizer
c:\program files (x86)\WinZip Registry Optimizer\Chinese_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\CleanSchedule.exe
c:\program files (x86)\WinZip Registry Optimizer\Danish_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\Dutch_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\eng_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\Finnish_rcp_fi.ini
c:\program files (x86)\WinZip Registry Optimizer\French_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\German_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\greek_rcp_el.ini
c:\program files (x86)\WinZip Registry Optimizer\isxdl.dll
c:\program files (x86)\WinZip Registry Optimizer\Italian_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\Japanese_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\korean_rcp_ko.ini
c:\program files (x86)\WinZip Registry Optimizer\Norwegian_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\polish_rcp_pl.ini
c:\program files (x86)\WinZip Registry Optimizer\portugese_rcp_pt.ini
c:\program files (x86)\WinZip Registry Optimizer\Portuguese_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\russian_rcp_ru.ini
c:\program files (x86)\WinZip Registry Optimizer\Spanish_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\Swedish_rcp.ini
c:\program files (x86)\WinZip Registry Optimizer\TraditionalCn_rcp_zh-tw.ini
c:\program files (x86)\WinZip Registry Optimizer\turkish_rcp_tr.ini
c:\program files (x86)\WinZip Registry Optimizer\unins000.dat
c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
c:\program files (x86)\WinZip Registry Optimizer\Winzipro.dll
c:\program files (x86)\WinZip Registry Optimizer\Winzipro.exe
c:\program files (x86)\WinZip Registry Optimizer\xmllite.dll
c:\windows\system32\dds_log_ad13.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 06:09 . 2012-08-08 06:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 08:40 . 2012-08-07 08:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-07 07:54 . 2012-08-07 07:54 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-08-06 01:10 . 2012-08-06 01:10 -------- d-----w- C:\FRST
2012-08-04 15:06 . 2012-08-04 15:06 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-04 06:30 . 2012-08-04 06:30 -------- d-----w- c:\users\Amirrzz\AppData\Local\Chromium
2012-08-03 15:51 . 2012-08-03 15:51 -------- d-----w- c:\program files (x86)\SEGA
2012-08-03 15:42 . 2012-08-03 15:42 -------- d-----w- c:\users\Amirrzz\AppData\Roaming\Nico Mak Computing
2012-08-03 15:42 . 2011-11-10 00:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\Amirrzz\AppData\Roaming\GRETECH
2012-08-03 06:43 . 2012-08-03 06:43 -------- d-----w- c:\users\Amirrzz\AppData\Local\AVG Secure Search
2012-08-03 06:42 . 2012-08-07 12:31 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-03 06:42 . 2012-08-03 06:42 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-03 06:42 . 2012-08-03 06:42 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-03 06:42 . 2012-08-03 06:42 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-03 06:39 . 2012-08-03 06:39 -------- d--h--w- c:\programdata\Common Files
2012-08-03 06:39 . 2012-08-03 06:39 -------- d-----w- c:\program files (x86)\GRETECH
2012-08-03 06:07 . 2012-08-03 06:07 -------- d-----w- c:\users\Amirrzz\AppData\Local\BitTorrent
2012-08-03 06:01 . 2012-08-03 06:01 -------- d-----w- c:\programdata\11CA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 12:52 . 2011-10-01 13:15 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-08-04 15:16 . 2011-12-28 17:52 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-08-04 06:30 . 2011-10-11 06:44 21520 ----a-w- c:\windows\DCEBoot64.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_09.12.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-07 12:47 . 2012-08-07 12:47 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 66048 c:\windows\SysWOW64\icardie.dll
+ 2011-03-05 04:14 . 2012-08-07 12:53 50014 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 12:54 47700 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-25 07:47 . 2012-08-07 12:54 10752 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1106556593-3076073632-2117200128-1000_UserData.bin
+ 2012-08-07 12:47 . 2012-08-07 12:47 91648 c:\windows\system64\SetIEInstalledDate.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 89088 c:\windows\system64\RegisterIEPKEYs.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 65024 c:\windows\system64\pngfilt.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 48640 c:\windows\system64\mshtmler.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 96768 c:\windows\system64\mshtmled.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 12288 c:\windows\system64\mshta.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 10752 c:\windows\system64\msfeedssync.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 55296 c:\windows\system64\msfeedsbs.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 86528 c:\windows\system64\migration\WininetPlugin.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 30720 c:\windows\system64\licmgr10.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 85504 c:\windows\system64\jsproxy.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 49664 c:\windows\system64\imgutil.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 85504 c:\windows\system64\iesetup.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 39936 c:\windows\system64\iernonce.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 89088 c:\windows\system64\ie4uinit.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 82432 c:\windows\system64\icardie.dll
- 2011-07-25 23:27 . 2012-08-07 08:55 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-25 23:27 . 2012-08-07 12:55 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-25 23:27 . 2012-08-07 12:55 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-25 23:27 . 2012-08-07 08:55 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 12:55 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 08:55 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-01 13:15 . 2012-08-07 08:43 45056 c:\windows\system64\acovcnt.exe
+ 2011-10-01 13:15 . 2012-08-07 12:52 45056 c:\windows\system64\acovcnt.exe
+ 2011-03-05 04:14 . 2012-08-07 12:53 50014 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 12:54 47700 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-25 07:47 . 2012-08-07 12:54 10752 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1106556593-3076073632-2117200128-1000_UserData.bin
+ 2012-08-07 12:47 . 2012-08-07 12:47 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 65024 c:\windows\system32\pngfilt.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 48640 c:\windows\system32\mshtmler.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 12288 c:\windows\system32\mshta.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 10752 c:\windows\system32\msfeedssync.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 30720 c:\windows\system32\licmgr10.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 49664 c:\windows\system32\imgutil.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 85504 c:\windows\system32\iesetup.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 39936 c:\windows\system32\iernonce.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 89088 c:\windows\system32\ie4uinit.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 82432 c:\windows\system32\icardie.dll
+ 2011-07-25 23:27 . 2012-08-07 12:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-25 23:27 . 2012-08-07 08:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-25 23:27 . 2012-08-07 08:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-25 23:27 . 2012-08-07 12:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 12:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 08:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-25 07:56 . 2012-08-07 11:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-25 07:56 . 2012-08-07 08:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-08-07 12:54 83480 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-07-25 07:56 . 2012-08-07 08:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-25 07:56 . 2012-08-07 11:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-25 07:56 . 2012-08-07 08:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-25 07:56 . 2012-08-07 11:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-25 07:49 . 2012-08-07 08:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-25 07:49 . 2012-08-07 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-25 07:49 . 2012-08-07 12:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-25 07:49 . 2012-08-07 08:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-07 12:51 . 2012-08-07 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-07 08:42 . 2012-08-07 08:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-07 08:42 . 2012-08-07 08:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 12:51 . 2012-08-07 12:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 123392 c:\windows\SysWOW64\occache.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 716800 c:\windows\SysWOW64\jscript.dll
- 2012-01-11 12:23 . 2011-10-14 04:42 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2011-12-14 10:52 . 2011-11-11 05:50 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2009-07-14 04:54 . 2012-08-07 12:51 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-07 08:43 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 160256 c:\windows\system64\wextract.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 249344 c:\windows\system64\webcheck.dll
+ 2011-07-25 07:46 . 2012-08-08 05:59 324626 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-08-07 12:47 . 2012-08-07 12:47 603648 c:\windows\system64\vbscript.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 237056 c:\windows\system64\url.dll
+ 2009-07-14 02:36 . 2012-08-08 06:03 640228 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-08-07 08:40 640228 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-08 06:03 114720 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-08-07 08:40 114720 c:\windows\system64\perfc009.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 149504 c:\windows\system64\occache.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 197120 c:\windows\system64\msrating.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 222208 c:\windows\system64\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system64\msls31.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 697344 c:\windows\system64\msfeeds.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 818688 c:\windows\system64\jscript.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 103936 c:\windows\system64\inseng.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 165888 c:\windows\system64\iexpress.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 173056 c:\windows\system64\ieUnatt.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 248320 c:\windows\system64\ieui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 111616 c:\windows\system64\iesysprep.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 145920 c:\windows\system64\iepeers.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 403248 c:\windows\system64\iedkcs32.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 534528 c:\windows\system64\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system64\ieakui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 163840 c:\windows\system64\ieakui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 267776 c:\windows\system64\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system64\ieaksie.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 160256 c:\windows\system64\ieakeng.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 135168 c:\windows\system64\IEAdvpack.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 282112 c:\windows\system64\dxtrans.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 452608 c:\windows\system64\dxtmsft.dll
+ 2009-07-14 05:12 . 2012-08-07 12:29 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-08-07 08:55 262144 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 114176 c:\windows\system64\admparse.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 160256 c:\windows\system32\wextract.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 249344 c:\windows\system32\webcheck.dll
+ 2011-07-25 07:46 . 2012-08-08 05:59 324626 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-08-07 12:47 . 2012-08-07 12:47 603648 c:\windows\system32\vbscript.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-08-08 06:03 640228 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-07 08:40 640228 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-07 08:40 114720 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-08 06:03 114720 c:\windows\system32\perfc009.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 149504 c:\windows\system32\occache.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 197120 c:\windows\system32\msrating.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 697344 c:\windows\system32\msfeeds.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 818688 c:\windows\system32\jscript.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 103936 c:\windows\system32\inseng.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 165888 c:\windows\system32\iexpress.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-07 12:47 . 2012-08-07 12:47 248320 c:\windows\system32\ieui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 111616 c:\windows\system32\iesysprep.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 145920 c:\windows\system32\iepeers.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 403248 c:\windows\system32\iedkcs32.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 267776 c:\windows\system32\ieaksie.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 160256 c:\windows\system32\ieakeng.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 282112 c:\windows\system32\dxtrans.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 452608 c:\windows\system32\dxtmsft.dll
+ 2009-07-14 05:12 . 2012-08-07 12:29 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-08-07 08:55 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 114176 c:\windows\system32\admparse.dll
- 2011-03-05 04:26 . 2012-08-07 08:34 741928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-05 04:26 . 2012-08-07 12:50 741928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-07 12:50 394860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-07 08:41 394860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 1800192 c:\windows\SysWOW64\jscript9.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 3695416 c:\windows\SysWOW64\ieapfltr.dat
- 2009-07-14 04:54 . 2012-08-07 08:43 2588672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 12:51 2588672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 12:51 1376256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 08:43 1376256 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 1392128 c:\windows\system64\wininet.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 1346048 c:\windows\system64\urlmon.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 2311680 c:\windows\system64\jscript9.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 2144768 c:\windows\system64\iertutil.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 3695416 c:\windows\system64\ieapfltr.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 1392128 c:\windows\system32\wininet.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 2311680 c:\windows\system32\jscript9.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2012-08-07 12:53 3858668 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-12 03:46 3858668 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-07-25 11:33 . 2012-08-07 09:30 3866236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1106556593-3076073632-2117200128-1000-8192.dat
- 2011-07-25 11:33 . 2012-08-07 08:41 3866236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1106556593-3076073632-2117200128-1000-8192.dat
+ 2012-08-07 12:47 . 2012-08-07 12:47 12314624 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-08-07 08:53 10485760 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-07 13:02 10485760 c:\windows\system64\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-07 12:47 . 2012-08-07 12:47 17807360 c:\windows\system64\mshtml.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 10924032 c:\windows\system64\ieframe.dll
- 2009-07-14 02:34 . 2012-08-07 08:53 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-07 13:02 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-07 12:47 . 2012-08-07 12:47 17807360 c:\windows\system32\mshtml.dll
+ 2012-08-07 12:47 . 2012-08-07 12:47 10924032 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-03 06:42 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
c:\program files (x86)\uTorrentBar\prxtbuTor.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-03 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-03 1022352]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-05 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Starter"="c:\program files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe" [2011-04-26 75120]
"TaskTray"="c:\program files (x86)\Driver-Soft\DriverGenius\TaskTray.exe" [2011-05-22 292208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BSDAppUpdater"="c:\program files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe" [2011-10-15 1660232]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-5 548528]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-3-5 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-14 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 EraserUtilDrvI13;EraserUtilDrvI13;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [2011-12-29 138360]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-09 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-03 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-30 254528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-11 203264]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-03 830048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-11 7765504]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-11 279040]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aliadwdm
DSI_SiUSBXp_3_1
VIAPFD
pdscheduler
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={9C499C28-07EA-4AC1-BD99-2E0B8953E4F8}&mid=29013d00d34c47d084df9f14262c2a7b-2755f556917fddf5f986d1ec45c36e96de7336e0&lang=en&ds=gm011&pr=sa&d=2012-08-03 16:42&v=12.1.0.21&sap=hp
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~2\SEARCH~1\SEARCH~1\x64\BROWSE~1.DLL
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-iMesh 1 MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\uninstallTB.exe
AddRemove-SearchCore for Browsers - c:\program files (x86)\SearchCore for Browsers\uninstall.exe
AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliadwdm]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DSI_SiUSBXp_3_1]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdscheduler]
"ServiceDll"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VIAPFD]
"ServiceDll"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5a,e9,28,d5,1f,7c,44,bc,f3,fe,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,5a,e9,28,d5,1f,7c,44,bc,f3,fe,\
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-1106556593-3076073632-2117200128-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-1106556593-3076073632-2117200128-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 16:12:20
ComboFix-quarantined-files.txt 2012-08-08 06:12
ComboFix2.txt 2012-08-07 09:26
.
Pre-Run: 55,011,344,384 bytes free
Post-Run: 55,169,175,552 bytes free
.
- - End Of File - - 79189B57F73B68BDBED9FD3678023DF1

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 08 August 2012 - 09:08 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Amirs

Amirs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 08 August 2012 - 06:35 PM

Greetings,

heres what u asked me to do....


Update for Microsoft Office 2007 (KB2508958)
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Shockwave Player
Apple Application Support
Apple Software Update
Ask Toolbar
Astroburn Lite
Astroburn Toolbar
ASUS AI Recovery
ASUS Data Security Manager
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
ATK Package
µTorrent
AVG Security Toolbar
Batman: Arkham Asylum
Bookworm Deluxe
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Complemento Messenger
Complément Messenger
Conduit Engine
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
ControlDeck
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Cooking Dash
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
D3DX10
DAEMON Tools Lite
DAEMON Tools Toolbar
Debut Video Capture Software
Driver Genius Professional Edition
EpicBot
FlipToast
Football Manager 2012
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
GOM Player
Google Toolbar for Internet Explorer
Governor of Poker
Hotel Dash Suite Success
HyperCam 2
Hyperionics DB Toolbar
iMesh
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 27
Jewel Quest 3
JMicron Ethernet Adapter NDIS Driver
JMicron Flash Media Controller Driver
Junk Mail filter update
K_Series_ScreenSaver_EN
Luxor 3
Mahjongg dimensions
MediaBar
MediaWidget 6.0
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
NB Probe
Net4Switch
Nuance PDF Reader
NVIDIA PhysX
Orbit Downloader
Pcsx2 0.9.6
Plants vs Zombies
Project64 1.6
QuickTime
SearchCore for Browsers
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.10
SopCast 3.4.0
syncables desktop SE
TuneUp Companion 2.2.5
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VideoPad Video Editor
VLC media player 1.1.10
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
WinZip Registry Optimizer
Wireless Console 3
World of Goo
YouTube Downloader 3.4

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:45 PM

Posted 08 August 2012 - 07:04 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Ask Toolbar
µTorrent
AVG Security Toolbar
Conduit Engine
DAEMON Tools Toolbar
iMesh
Java™ 6 Update 27
MediaBar
uTorrentBar Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users