Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

webpage redirected while browsing Facebook


  • This topic is locked This topic is locked
24 replies to this topic

#1 zkteh

zkteh

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 19 October 2012 - 08:45 AM

as stated in Topic Title .... :whistle:
Posted Image

This topic responds to
http://www.bleepingcomputer.com/forums/topic470598.html/

Check Attachments For dds.txt & attach.txt

Using Windows 7 64bit

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by DELL at 18:21:17 on 2012-10-19
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.3959.2697 [GMT 8:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\DELL\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\DELL\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.le123.com/hao123.html
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.le123.com/hao123.html
uProxyServer = socks=24.197.103.55:36058
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
TB: &SnapCrab: {F0398615-9DF9-4A98-ADEC-8FEDECC14EB0} - C:\Program Files (x86)\Fenrir Inc\SnapCrab for IE\SnapCrabBand.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
StartupFolder: C:\Users\DELL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\DELL\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\SnapCrab.lnk - C:\Program Files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: &¨Ï¥Î115ɬ³J 3¤U? - <no file>
IE: &¨Ï¥Î115ɬ³J 3¤U?¥þ³¡?±µ - <no file>
IE: &¨Ï¥Î115ɬ³J 3¤U? - <no file>
IE: &¨Ï¥Î115ɬ³J 3¤U?¥þ³¡?±µ - <no file>
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: ¨Ï¥Î¨³¹p¬Ý¬Ý¼½©ñ¾¹¼½©ñ - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: ²K¥[?«e?¨ì¨³¹p¬Ý¬Ý¼½©ñ¾¹?? - <no file>
IE: ²K¥[?«e?¨ì¨³¹p¬Ý¬Ý¼½©ñ¾¹?? - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
LSP: C:\Windows\System32\letvNet.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A30E99B7-A063-4562-A145-5D5FC25D6E06} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A30E99B7-A063-4562-A145-5D5FC25D6E06}\4777869616E6 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Windows\MSDCSC\msdcscx.exe
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2012-9-27 70256]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-31 283200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-10-11 41704]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-3-21 88200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-8-23 92160]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-10-10 160992]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-9-12 1494144]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-31 2754984]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-23 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-6-9 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
R3 NLNdisMP;NLNdisMP;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-6-9 86120]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-1-24 18216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-4 116648]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2008-7-29 1075712]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-4 116648]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\System32\drivers\nlndis.sys [2011-3-21 33416]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-7-22 5132888]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-8-24 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-8-24 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2012-9-22 31232]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-9-22 738152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-23 1255736]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-17 10:01:20 1066368 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2012-10-17 10:00:40 -------- d-----w- C:\Program Files (x86)\NuGet
2012-10-17 09:57:49 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-10-17 09:55:12 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2012-10-17 09:54:59 -------- d-----w- C:\Program Files (x86)\Windows Kits
2012-10-17 09:54:06 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2012-10-17 09:53:19 -------- d-----w- C:\Windows\SysWow64\1033
2012-10-17 09:53:19 -------- d-----w- C:\Windows\System32\1033
2012-10-17 09:53:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-10-17 09:53:09 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-10-17 09:52:44 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-10-17 09:52:42 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-10-17 09:52:14 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2012-10-17 09:43:30 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2012-10-17 09:43:30 -------- d-----w- C:\ProgramData\Package Cache
2012-10-16 12:01:34 31232 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2012-10-16 12:01:32 -------- d-----w- C:\Program Files\SecurityKISS Tunnel
2012-10-15 16:33:22 -------- d-----w- C:\Program Files (x86)\Puzzlegeddon
2012-10-15 12:51:39 -------- d-----w- C:\Users\DELL\AppData\Roaming\IDM
2012-10-15 12:51:36 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2012-10-14 07:58:44 -------- d-----r- C:\Users\DELL\Dropbox
2012-10-14 07:16:10 -------- d-----w- C:\Users\DELL\AppData\Roaming\Dropbox
2012-10-14 03:47:56 -------- d-----w- C:\Users\DELL\AppData\Local\Microsoft Corporation
2012-10-14 03:47:32 -------- d-----w- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
2012-10-12 13:27:01 -------- d-----w- C:\Users\DELL\AppData\Roaming\Doublefine
2012-10-12 10:53:30 -------- d-----w- C:\Users\DELL\AppData\Roaming\Squids
2012-10-11 20:32:37 -------- d-----w- C:\Users\DELL\AppData\Roaming\UDown
2012-10-11 20:32:35 -------- d-----w- C:\Program Files (x86)\115
2012-10-11 20:14:19 -------- d-----w- C:\ProgramData\115
2012-10-11 20:14:12 -------- d-----w- C:\Users\DELL\AppData\Local\115Chrome
2012-10-11 14:16:29 -------- dc----w- C:\Users\DELL\AppData\Local\MigWiz
2012-10-10 16:30:42 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2012-10-10 16:30:40 38632 ----a-w- C:\Windows\System32\drivers\taphss.sys
2012-10-10 09:36:33 160992 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2012-10-06 12:47:07 -------- d-----w- C:\Program Files (x86)\HDDGURU LLF Tool
2012-10-05 15:22:07 -------- d-----w- C:\JRT
2012-10-04 10:54:02 -------- d-----w- C:\Program Files (x86)\ESET
2012-10-03 12:51:15 -------- d-----w- C:\Windows\System32\appmgmt
2012-10-03 11:44:39 -------- d-----w- C:\Users\DELL\AppData\Roaming\Foxit Software
2012-10-03 11:43:25 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-10-03 11:37:41 -------- d-----w- C:\Program Files (x86)\Google Books Downloader
2012-09-30 13:54:12 -------- d-----w- C:\Program Files (x86)\PowerDataRecovery
2012-09-27 09:59:10 -------- d-----w- C:\Users\DELL\AppData\Local\VMware
2012-09-27 09:58:16 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2012-09-27 09:58:16 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2012-09-27 09:58:15 70256 ----a-w- C:\Windows\System32\drivers\vsock.sys
2012-09-27 09:58:11 67224 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2012-09-27 09:58:10 32920 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2012-09-27 09:57:34 357016 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2012-09-27 09:57:25 435864 ----a-w- C:\Windows\SysWow64\vmnat.exe
2012-09-27 09:57:22 30360 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2012-09-27 09:57:19 933528 ----a-w- C:\Windows\System32\vnetlib64.dll
2012-09-27 09:57:09 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2012-09-27 09:56:45 -------- d-----w- C:\Program Files\Common Files\VMware
2012-09-27 09:56:29 -------- d-----w- C:\Program Files (x86)\VMware
2012-09-27 09:56:29 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-09-26 13:46:43 -------- d-----w- C:\Users\DELL\AppData\Local\Facebook
2012-09-26 12:08:06 -------- d--h--w- C:\ProgramData\CanonIJScan
2012-09-26 12:07:00 -------- d-----w- C:\Program Files (x86)\Canon
2012-09-26 12:05:12 92672 ----a-w- C:\Windows\System32\CNQ4807I.DLL
2012-09-26 12:05:12 694272 ----a-w- C:\Windows\System32\CNQ4807L.DLL
2012-09-26 12:05:12 229888 ----a-w- C:\Windows\System32\CNQ4807O.DLL
2012-09-26 12:05:12 1354240 ----a-w- C:\Windows\System32\CNQ4807C.DLL
2012-09-25 12:27:42 -------- d-----w- C:\Users\DELL\AppData\Roaming\Fenrir Inc
2012-09-25 12:27:13 -------- d-----w- C:\Program Files (x86)\Fenrir Inc
2012-09-25 12:17:38 -------- d-----w- C:\Program Files\Speccy
2012-09-25 10:52:55 -------- d-----w- C:\Users\DELL\New folder
2012-09-24 11:39:11 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-09-22 07:01:47 -------- d-----w- C:\Users\DELL\AppData\Roaming\Tunngle
2012-09-22 07:01:47 -------- d-----w- C:\ProgramData\Tunngle
2012-09-22 07:01:44 31232 ----a-w- C:\Windows\System32\drivers\tap0901t.sys
2012-09-22 07:01:43 -------- d-----w- C:\Program Files (x86)\Tunngle
2012-09-20 07:12:35 -------- d-----w- C:\Windows\SysWow64\directx
2012-09-20 07:12:32 -------- d-----w- C:\Program Files (x86)\PCSX2 1.0.0
2012-09-19 11:19:13 -------- d-----w- C:\Users\DELL\AppData\Local\LogMeIn Hamachi
2012-09-19 11:18:55 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M ====================
.
2012-09-07 13:31:45 249856 ------w- C:\Windows\Setup1.exe
2012-09-07 13:31:44 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-09-07 09:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-04 11:34:18 362536 ----a-w- C:\ProgramData\1346758092.bdinstall.bin
2012-08-31 12:29:40 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-08-23 13:20:21 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 13:20:21 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 07:16:52 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
2012-08-15 07:16:52 48792 ----a-w- C:\Windows\System32\vnetinst.dll
2012-08-15 07:16:52 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2012-08-15 07:16:50 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2012-08-15 07:16:50 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2012-08-15 05:33:44 353280 ----a-w- C:\Windows\SysWow64\vmnc.dll
2012-08-10 09:49:38 768200 ----a-w- C:\Windows\SysWow64\letvNet.dll
2012-08-01 09:10:24 37680 ----a-w- C:\Windows\System32\drivers\vmusb.sys
2012-07-26 07:22:10 997336 ----a-w- C:\Windows\System32\vccorlib110d.dll
2012-07-25 12:25:44 59848 ----a-w- C:\Windows\SysWow64\VSD3DRefDebug.dll
2012-07-25 12:25:28 713672 ----a-w- C:\Windows\SysWow64\d3d11_1sdklayers.dll
2012-07-25 12:25:28 609224 ----a-w- C:\Windows\SysWow64\d3d11ref.dll
2012-07-25 12:25:28 590792 ----a-w- C:\Windows\SysWow64\d3d11sdklayers.dll
2012-07-25 12:25:28 461256 ----a-w- C:\Windows\SysWow64\d3d10sdklayers.dll
2012-07-25 12:25:28 383944 ----a-w- C:\Windows\SysWow64\d3dref9.dll
2012-07-25 12:25:28 365512 ----a-w- C:\Windows\SysWow64\d3d10ref.dll
2012-07-25 12:25:28 277448 ----a-w- C:\Windows\SysWow64\d2d1debug1.dll
2012-07-25 12:25:28 232904 ----a-w- C:\Windows\SysWow64\dxcpl.exe
2012-07-25 12:25:28 102344 ----a-w- C:\Windows\SysWow64\dxgidebug.dll
2012-07-25 12:10:44 79304 ----a-w- C:\Windows\System32\VSD3DRefDebug.dll
2012-07-25 12:10:32 887240 ----a-w- C:\Windows\System32\d3d11_1sdklayers.dll
2012-07-25 12:10:32 749000 ----a-w- C:\Windows\System32\d3d11ref.dll
2012-07-25 12:10:32 713160 ----a-w- C:\Windows\System32\d3d11sdklayers.dll
2012-07-25 12:10:32 596936 ----a-w- C:\Windows\System32\d3d10sdklayers.dll
2012-07-25 12:10:32 461256 ----a-w- C:\Windows\System32\d3d10ref.dll
2012-07-25 12:10:32 446408 ----a-w- C:\Windows\System32\d3dref9.dll
2012-07-25 12:10:32 340936 ----a-w- C:\Windows\System32\d2d1debug1.dll
2012-07-25 12:10:32 127432 ----a-w- C:\Windows\System32\dxgidebug.dll
2012-07-25 12:10:30 246216 ----a-w- C:\Windows\System32\dxcpl.exe
2007-04-15 16:00:00 1169224 --sh--w- C:\Windows\MSDCSC\msdcscx.exe
.
============= FINISH: 18:21:26.40 ===============

Edited by Noviciate, 19 October 2012 - 03:28 PM.
Added klog from attachment.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 PM

Posted 19 October 2012 - 11:02 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 20 October 2012 - 07:41 AM

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security 5.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome GreenLuma.log..
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

#4 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 20 October 2012 - 07:43 AM

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 20:42:16
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : DELL - DELL-PC
# Boot Mode : Normal
# Running from : C:\Users\DELL\Downloads\Programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3162 octets] - [05/10/2012 21:51:38]
AdwCleaner[S2].txt - [837 octets] - [05/10/2012 23:17:11]
AdwCleaner[S3].txt - [1611 octets] - [20/10/2012 20:42:16]

########## EOF - C:\AdwCleaner[S3].txt - [1671 octets] ##########

#5 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 20 October 2012 - 07:52 AM

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : DELL [Admin rights]
Mode : Remove -- Date : 10/20/2012 20:50:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=24.197.103.55:36058) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
-> E:\Users\Default User\NTUSER.DAT
-> E:\Users\USER\NTUSER.DAT
-> E:\Documents and Settings\Default\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 546ff3efdc9da547d115143bb07d2dc3
[BSP] aad91254bd5a527aa06aaca9adb320c9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 102300 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 209719233 | Size: 292537 Mo
3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 808835072 | Size: 81998 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 PM

Posted 20 October 2012 - 12:59 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 21 October 2012 - 09:30 AM

ComboFix 12-10-21.01 - DELL 0/2012 Sun 22:19:06.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.950.886.1033.18.3959.2551 [GMT 8:00]
執行位置: c:\users\DELL\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\114la.ico
c:\programdata\115
c:\programdata\115\UDown\Data\HisData.db
c:\programdata\115\UDown\resume.ini
c:\programdata\115\UDown\Syscfg.ini
c:\programdata\115\UDown\transfer.ini
c:\programdata\115\UDown\uar.bin
c:\programdata\1346758092.bdinstall.bin
c:\users\Default\AppData\Local\Temp
c:\users\Default\AppData\Local\Temp\Temppc.bak
c:\users\Default\AppData\Local\Temp\Temppc.bin
c:\users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\bidconfig_v1.2.dat
c:\users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\collecttask_v1.2.dat
c:\users\DELL\AppData\Roaming\chrtmp
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\SysWow64\d2d1debug1.dll
D:\install.exe
G:\ghos
g:\ghos\giex
g:\msocache\ms0.dll
.
.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( 2012-09-21 至 2012-10-21 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-10-20 12:37 . 2012-10-20 12:37 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-10-20 12:16 . 2012-10-20 12:16 -------- d-----w- c:\program files (x86)\uTorrent
2012-10-20 12:16 . 2012-10-20 13:49 -------- d-----w- c:\users\DELL\AppData\Roaming\uTorrent
2012-10-20 03:44 . 2012-10-20 03:44 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-20 03:44 . 2012-10-20 03:44 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-20 03:44 . 2012-10-20 03:44 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-20 03:44 . 2012-10-20 03:44 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-20 03:44 . 2012-10-20 03:44 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-20 03:44 . 2012-10-20 03:44 188904 ----a-w- c:\windows\system32\java.exe
2012-10-20 03:43 . 2012-10-20 03:43 -------- d-----w- c:\program files\Java
2012-10-17 10:00 . 2012-10-17 10:00 -------- d-----w- c:\program files (x86)\NuGet
2012-10-17 09:57 . 2012-10-17 09:58 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-10-17 09:56 . 2012-10-17 09:56 -------- d-----w- c:\windows\symbols
2012-10-17 09:55 . 2012-10-17 09:55 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2012-10-17 09:54 . 2012-10-17 09:54 -------- d-----w- c:\program files (x86)\Windows Kits
2012-10-17 09:54 . 2012-10-17 09:54 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2012-10-17 09:53 . 2012-10-17 09:53 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-10-17 09:53 . 2012-10-17 09:53 -------- d-----w- c:\windows\SysWow64\1033
2012-10-17 09:53 . 2012-10-17 09:53 -------- d-----w- c:\windows\system32\1033
2012-10-17 09:53 . 2012-10-17 10:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-10-17 09:53 . 2012-10-17 10:00 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-17 09:52 . 2012-10-17 09:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-17 09:52 . 2012-10-17 09:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-17 09:52 . 2012-10-17 09:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2012-10-17 09:43 . 2012-10-17 09:45 -------- d-----w- c:\programdata\Package Cache
2012-10-17 09:43 . 2012-10-17 09:43 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2012-10-16 12:01 . 2011-07-01 03:46 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-10-16 12:01 . 2012-10-17 08:26 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-10-15 16:33 . 2012-10-15 16:33 -------- d-----w- c:\program files (x86)\Puzzlegeddon
2012-10-15 12:51 . 2012-10-18 11:16 -------- d-----w- c:\users\DELL\AppData\Roaming\IDM
2012-10-15 12:51 . 2012-10-15 15:45 -------- d-----w- c:\program files (x86)\Internet Download Manager
2012-10-14 07:58 . 2012-10-21 14:14 -------- d-----r- c:\users\DELL\Dropbox
2012-10-14 07:16 . 2012-10-21 14:25 -------- d-----w- c:\users\DELL\AppData\Roaming\Dropbox
2012-10-14 03:47 . 2012-10-14 03:47 -------- d-----w- c:\users\DELL\AppData\Local\Microsoft Corporation
2012-10-14 03:47 . 2012-10-14 03:47 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2012-10-12 13:27 . 2012-10-12 13:27 -------- d-----w- c:\users\DELL\AppData\Roaming\Doublefine
2012-10-12 10:53 . 2012-10-12 10:53 -------- d-----w- c:\users\DELL\AppData\Roaming\Squids
2012-10-11 20:32 . 2012-10-11 20:32 -------- d-----w- c:\users\DELL\AppData\Roaming\UDown
2012-10-11 20:32 . 2012-10-11 20:32 -------- d-----w- c:\program files (x86)\115
2012-10-11 20:14 . 2012-10-11 20:14 -------- d-----w- c:\users\DELL\AppData\Local\115Chrome
2012-10-11 14:16 . 2012-10-11 14:41 -------- dc----w- c:\users\DELL\AppData\Local\MigWiz
2012-10-10 16:30 . 2012-10-10 16:30 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-10-10 16:30 . 2012-10-10 16:30 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-10-10 09:36 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-10-06 12:47 . 2012-10-06 12:47 -------- d-----w- c:\program files (x86)\HDDGURU LLF Tool
2012-10-05 15:22 . 2012-10-05 15:28 -------- d-----w- C:\JRT
2012-10-04 10:54 . 2012-10-04 10:54 -------- d-----w- c:\program files (x86)\ESET
2012-10-04 08:06 . 2012-10-04 08:09 -------- d-----w- c:\program files (x86)\Google
2012-10-03 12:51 . 2012-10-03 12:51 -------- d-----w- c:\windows\system32\appmgmt
2012-10-03 11:44 . 2012-10-20 10:35 -------- d-----w- c:\users\DELL\AppData\Roaming\Foxit Software
2012-10-03 11:43 . 2012-10-03 11:43 -------- d-----w- c:\program files (x86)\Foxit Software
2012-10-03 11:37 . 2012-10-03 11:42 -------- d-----w- c:\program files (x86)\Google Books Downloader
2012-09-30 13:54 . 2012-09-30 13:56 -------- d-----w- c:\program files (x86)\PowerDataRecovery
2012-09-27 09:59 . 2012-10-21 03:35 -------- d-----w- c:\users\DELL\AppData\Local\VMware
2012-09-27 09:58 . 2012-10-21 03:35 -------- d-----w- c:\users\DELL\AppData\Roaming\VMware
2012-09-27 09:58 . 2012-07-06 04:30 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-09-27 09:58 . 2012-07-06 04:29 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-09-27 09:58 . 2012-07-06 04:29 70256 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-09-27 09:58 . 2012-08-15 07:18 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-09-27 09:58 . 2012-08-15 07:16 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-09-27 09:57 . 2012-08-15 07:18 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-09-27 09:57 . 2012-08-15 07:17 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-09-27 09:57 . 2012-08-15 07:18 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-09-27 09:57 . 2012-08-15 07:18 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-09-27 09:57 . 2012-08-01 09:10 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-09-27 09:56 . 2012-09-27 09:56 -------- d-----w- c:\program files\Common Files\VMware
2012-09-27 09:56 . 2012-10-21 14:25 -------- d-----w- c:\programdata\VMware
2012-09-27 09:56 . 2012-09-27 09:56 -------- d-----w- c:\program files (x86)\VMware
2012-09-27 09:56 . 2012-09-27 09:56 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-09-26 13:46 . 2012-09-26 13:53 -------- d-----w- c:\users\DELL\AppData\Local\Facebook
2012-09-26 12:08 . 2012-09-26 12:08 -------- d--h--w- c:\programdata\CanonIJScan
2012-09-26 12:07 . 2012-09-26 12:08 -------- d-----w- c:\users\DELL\AppData\Roaming\Canon
2012-09-26 12:07 . 2012-09-26 12:07 -------- d-----w- c:\program files (x86)\Canon
2012-09-26 12:05 . 2012-09-26 12:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-09-26 12:05 . 2012-09-26 12:05 -------- d--h--w- c:\program files\CanonBJ
2012-09-26 12:05 . 2009-06-09 07:26 694272 ----a-w- c:\windows\system32\CNQ4807L.DLL
2012-09-26 12:05 . 2009-04-02 10:12 1354240 ----a-w- c:\windows\system32\CNQ4807C.DLL
2012-09-26 12:05 . 2009-04-02 10:12 92672 ----a-w- c:\windows\system32\CNQ4807I.DLL
2012-09-26 12:05 . 2007-03-15 06:13 229888 ----a-w- c:\windows\system32\CNQ4807O.DLL
2012-09-25 12:27 . 2012-09-25 12:27 -------- d-----w- c:\users\DELL\AppData\Roaming\Fenrir Inc
2012-09-25 12:27 . 2012-09-25 12:27 -------- d-----w- c:\program files (x86)\Fenrir Inc
2012-09-25 12:17 . 2012-09-25 12:17 -------- d-----w- c:\program files\Speccy
2012-09-25 10:52 . 2012-09-25 10:52 -------- d-----w- c:\users\DELL\New folder
2012-09-24 11:39 . 2012-09-24 11:39 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-09-22 07:01 . 2012-09-22 07:35 -------- d-----w- c:\users\DELL\AppData\Roaming\Tunngle
2012-09-22 07:01 . 2012-09-22 07:19 -------- d-----w- c:\programdata\Tunngle
2012-09-22 07:01 . 2009-09-16 00:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-09-22 07:01 . 2012-09-22 07:02 -------- d-----w- c:\program files (x86)\Tunngle
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 10:01 . 2012-10-17 10:01 1066368 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2012-09-18 06:49 . 2012-09-12 06:13 461464 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-09-07 13:31 . 2012-09-07 13:31 249856 ------w- c:\windows\Setup1.exe
2012-09-07 13:31 . 2012-09-07 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-09-07 09:04 . 2012-09-04 11:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 13:20 . 2012-08-23 13:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 13:20 . 2012-08-23 13:20 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 04:39 . 2012-08-23 04:39 119808 ----a-r- c:\users\DELL\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-08-15 07:16 . 2012-08-15 07:16 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-08-15 07:16 . 2012-08-15 07:16 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-08-15 07:16 . 2012-08-15 07:16 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 07:16 . 2012-08-15 07:16 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-08-15 07:16 . 2012-08-15 07:16 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 05:33 . 2012-08-15 05:33 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-08-10 09:49 . 2012-08-10 09:49 768200 ----a-w- c:\windows\SysWow64\letvNet.dll
2012-08-01 09:10 . 2012-08-01 09:10 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-07-26 11:08 . 2012-07-26 11:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 11:08 . 2012-07-26 11:08 837072 ----a-w- c:\windows\SysWow64\vcamp110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 82888 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-07-26 11:08 . 2012-07-26 11:08 82888 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-07-26 11:08 . 2012-07-26 11:08 8234952 ----a-w- c:\windows\SysWow64\mfc110ud.dll
2012-07-26 11:08 . 2012-07-26 11:08 821200 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 8164296 ----a-w- c:\windows\SysWow64\mfc110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-07-26 11:08 . 2012-07-26 11:08 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-07-26 11:08 . 2012-07-26 11:08 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-07-26 11:08 . 2012-07-26 11:08 729560 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-07-26 11:08 . 2012-07-26 11:08 70608 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-07-26 11:08 . 2012-07-26 11:08 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-07-26 11:08 . 2012-07-26 11:08 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-07-26 11:08 . 2012-07-26 11:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-07-26 11:08 . 2012-07-26 11:08 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-07-26 11:08 . 2012-07-26 11:08 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-07-26 11:08 . 2012-07-26 11:08 4446152 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-07-26 11:08 . 2012-07-26 11:08 4411848 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-07-26 11:08 . 2012-07-26 11:08 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 11:08 . 2012-07-26 11:08 1678792 ----a-w- c:\windows\SysWow64\msvcr110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 11:08 . 2012-07-26 11:08 144848 ----a-w- c:\windows\SysWow64\vcomp110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 111560 ----a-w- c:\windows\SysWow64\mfcm110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 110544 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
2012-07-26 07:22 . 2012-07-26 07:22 997336 ----a-w- c:\windows\system32\vccorlib110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 90056 ----a-w- c:\windows\system32\mfcm110u.dll
2012-07-26 07:22 . 2012-07-26 07:22 90056 ----a-w- c:\windows\system32\mfcm110.dll
2012-07-26 07:22 . 2012-07-26 07:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 07:22 . 2012-07-26 07:22 74704 ----a-w- c:\windows\system32\mfc110fra.dll
2012-07-26 07:22 . 2012-07-26 07:22 74704 ----a-w- c:\windows\system32\mfc110deu.dll
2012-07-26 07:22 . 2012-07-26 07:22 73680 ----a-w- c:\windows\system32\mfc110esn.dll
2012-07-26 07:22 . 2012-07-26 07:22 72656 ----a-w- c:\windows\system32\mfc110ita.dll
2012-07-26 07:22 . 2012-07-26 07:22 70608 ----a-w- c:\windows\system32\mfc110rus.dll
2012-07-26 07:22 . 2012-07-26 07:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 64976 ----a-w- c:\windows\system32\mfc110enu.dll
2012-07-26 07:22 . 2012-07-26 07:22 5606856 ----a-w- c:\windows\system32\mfc110u.dll
2012-07-26 07:22 . 2012-07-26 07:22 5579208 ----a-w- c:\windows\system32\mfc110.dll
2012-07-26 07:22 . 2012-07-26 07:22 53712 ----a-w- c:\windows\system32\mfc110jpn.dll
2012-07-26 07:22 . 2012-07-26 07:22 53200 ----a-w- c:\windows\system32\mfc110kor.dll
2012-07-26 07:22 . 2012-07-26 07:22 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-07-26 07:22 . 2012-07-26 07:22 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-07-26 07:22 . 2012-07-26 07:22 385480 ----a-w- c:\windows\system32\vcamp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 07:22 . 2012-07-26 07:22 1957328 ----a-w- c:\windows\system32\msvcr110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 07:22 . 2012-07-26 07:22 153040 ----a-w- c:\windows\system32\vcomp110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 120776 ----a-w- c:\windows\system32\mfcm110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 119760 ----a-w- c:\windows\system32\mfcm110ud.dll
2012-07-26 07:22 . 2012-07-26 07:22 1106384 ----a-w- c:\windows\system32\msvcp110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 10915784 ----a-w- c:\windows\system32\mfc110ud.dll
2012-07-26 07:22 . 2012-07-26 07:22 10843080 ----a-w- c:\windows\system32\mfc110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 1077688 ----a-w- c:\windows\system32\vcamp110d.dll
2012-07-25 12:25 . 2012-07-25 12:25 59848 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2012-07-25 12:25 . 2012-07-25 12:25 713672 ----a-w- c:\windows\SysWow64\d3d11_1sdklayers.dll
2012-07-25 12:25 . 2012-07-25 12:25 609224 ----a-w- c:\windows\SysWow64\d3d11ref.dll
2012-07-25 12:25 . 2012-07-25 12:25 590792 ----a-w- c:\windows\SysWow64\d3d11sdklayers.dll
2012-07-25 12:25 . 2012-07-25 12:25 461256 ----a-w- c:\windows\SysWow64\d3d10sdklayers.dll
2012-07-25 12:25 . 2012-07-25 12:25 383944 ----a-w- c:\windows\SysWow64\d3dref9.dll
2012-07-25 12:25 . 2012-07-25 12:25 365512 ----a-w- c:\windows\SysWow64\d3d10ref.dll
2012-07-25 12:25 . 2012-07-25 12:25 232904 ----a-w- c:\windows\SysWow64\dxcpl.exe
2012-07-25 12:25 . 2012-07-25 12:25 102344 ----a-w- c:\windows\SysWow64\dxgidebug.dll
2012-07-25 12:10 . 2012-07-25 12:10 79304 ----a-w- c:\windows\system32\VSD3DRefDebug.dll
2012-07-25 12:10 . 2012-07-25 12:10 887240 ----a-w- c:\windows\system32\d3d11_1sdklayers.dll
2012-07-25 12:10 . 2012-07-25 12:10 749000 ----a-w- c:\windows\system32\d3d11ref.dll
2012-07-25 12:10 . 2012-07-25 12:10 713160 ----a-w- c:\windows\system32\d3d11sdklayers.dll
2012-07-25 12:10 . 2012-07-25 12:10 596936 ----a-w- c:\windows\system32\d3d10sdklayers.dll
2012-07-25 12:10 . 2012-07-25 12:10 461256 ----a-w- c:\windows\system32\d3d10ref.dll
2012-07-25 12:10 . 2012-07-25 12:10 446408 ----a-w- c:\windows\system32\d3dref9.dll
2012-07-25 12:10 . 2012-07-25 12:10 340936 ----a-w- c:\windows\system32\d2d1debug1.dll
2012-07-25 12:10 . 2012-07-25 12:10 127432 ----a-w- c:\windows\system32\dxgidebug.dll
2012-07-25 12:10 . 2012-07-25 12:10 246216 ----a-w- c:\windows\system32\dxcpl.exe
2007-04-15 16:00 1169224 --sh--w- c:\windows\MSDCSC\msdcscx.exe
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}]
2012-08-01 10:08 174000 ----a-w- c:\program files (x86)\QvodPlayer\QvodExtend.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-12 08:00 208608 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-12 08:00 208608 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-12 08:00 208608 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-09-18 07:29 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-09-18 07:29 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-09-18 07:29 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-05-30 02:56 247760 ----a-w- c:\program files (x86)\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(976).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-11 3536320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QvodTerminal"="c:\program files (x86)\QvodPlayer\QvodTerminal.exe" [2012-08-27 1148848]
.
c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
SnapCrab.lnk - c:\program files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe [2012-9-25 1439104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 116648]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-28 1075712]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 116648]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-07-21 5132888]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-22 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-10-10 41704]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-27 86120]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
‘計劃任務’ 文件夾 裡的內容
.
2012-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
- c:\users\DELL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-26 13:46]
.
2012-10-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
- c:\users\DELL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-26 13:46]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:06]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:06]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 17:36]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 17:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-12 08:00 232672 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-12 08:00 232672 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-12 08:00 232672 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-09-18 07:38 2860192 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-09-18 07:38 2860192 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-09-18 07:38 2860192 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.le123.com/hao123.html
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = socks=24.197.103.55:36058
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &使用115优蛋 3下?
IE: &使用115优蛋 3下?全部?接
IE: &使用115优蛋 3下? - c:\program files (x86)\115\UDown\getUrl.htm
IE: &使用115优蛋 3下?全部?接 - c:\program files (x86)\115\UDown\getAllUrl.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 添加?前?到迅雷看看播放器??
IE: 添加?前?到迅雷看看播放器?? - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm
TCP: Interfaces\{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34}: NameServer = 8.8.8.8,8.8.4.4
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\Microsoft Office 15\root\office15\msosb.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-970553753-799633038-556229140-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3d,2d,52,f6,9f,04,36,a6,01,18,22,7d,4a,ee,44,ed,62,c8,d1,5a,3f,
da,af,d3,a3,c3,b8,72,99,6f,f8,2b,60,7b,7b,4a,09,7e,73,b6,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-970553753-799633038-556229140-1000_Classes\Wow6432Node\CLSID\{e8e0cd87-4ddd-4c80-9a25-d31f81d3c099}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000115
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,0f,4b,9c,61,fa,48,63,bb,a6,fc,50,1e,cf,89,53,70,f9,78,0a,9e,84,ee,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
.
**************************************************************************
.
完成時間: 2012-10-21 22:28:58 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2012-10-21 14:28
.
Pre-Run: 39,988,449,280 bytes free
Post-Run: 40,143,757,312 bytes free
.
- - End Of File - - 09E63DA6D7E8EB5BB80C2DE2424A03E6

#8 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 21 October 2012 - 09:32 AM

let me know of any problems you may have had
just the annoying ads ... ( that u know )

How is the computer doing now?
after running ComboFix . the issue still exists ..

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 PM

Posted 21 October 2012 - 01:26 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 22 October 2012 - 04:05 AM

16:56:12.0230 6092 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
16:56:12.0785 6092 ============================================================
16:56:12.0785 6092 Current date / time: 2012/10/22 16:56:12.0785
16:56:12.0785 6092 SystemInfo:
16:56:12.0785 6092
16:56:12.0785 6092 OS Version: 6.1.7601 ServicePack: 1.0
16:56:12.0785 6092 Product type: Workstation
16:56:12.0785 6092 ComputerName: DELL-PC
16:56:12.0786 6092 UserName: DELL
16:56:12.0786 6092 Windows directory: C:\Windows
16:56:12.0786 6092 System windows directory: C:\Windows
16:56:12.0786 6092 Running under WOW64
16:56:12.0786 6092 Processor architecture: Intel x64
16:56:12.0786 6092 Number of processors: 4
16:56:12.0786 6092 Page size: 0x1000
16:56:12.0786 6092 Boot type: Normal boot
16:56:12.0786 6092 ============================================================
16:56:13.0606 6092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:56:13.0612 6092 Drive \Device\Harddisk1\DR1 - Size: 0x3AFC00000 (14.75 Gb), SectorSize: 0x200, Cylinders: 0x784, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:56:13.0615 6092 ============================================================
16:56:13.0615 6092 \Device\Harddisk0\DR0:
16:56:13.0615 6092 MBR partitions:
16:56:13.0615 6092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:56:13.0615 6092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC7CE000
16:56:13.0630 6092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC801000, BlocksNum 0x23B5C800
16:56:13.0630 6092 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3035D800, BlocksNum 0xA027441
16:56:13.0630 6092 \Device\Harddisk1\DR1:
16:56:13.0631 6092 MBR partitions:
16:56:13.0631 6092 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D7DFC1
16:56:13.0631 6092 ============================================================
16:56:13.0669 6092 C: <-> \Device\Harddisk0\DR0\Partition2
16:56:13.0681 6092 G: <-> \Device\Harddisk0\DR0\Partition1
16:56:13.0712 6092 E: <-> \Device\Harddisk0\DR0\Partition4
16:56:13.0726 6092 D: <-> \Device\Harddisk0\DR0\Partition3
16:56:13.0727 6092 ============================================================
16:56:13.0727 6092 Initialize success
16:56:13.0727 6092 ============================================================
16:56:18.0270 1192 ============================================================
16:56:18.0270 1192 Scan started
16:56:18.0270 1192 Mode: Manual;
16:56:18.0270 1192 ============================================================
16:56:19.0610 1192 ================ Scan system memory ========================
16:56:19.0610 1192 System memory - ok
16:56:19.0611 1192 ================ Scan services =============================
16:56:19.0800 1192 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:56:19.0804 1192 1394ohci - ok
16:56:19.0821 1192 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:56:19.0826 1192 ACPI - ok
16:56:19.0841 1192 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:56:19.0848 1192 AcpiPmi - ok
16:56:19.0867 1192 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:56:19.0873 1192 adp94xx - ok
16:56:19.0879 1192 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:56:19.0883 1192 adpahci - ok
16:56:19.0904 1192 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:56:19.0907 1192 adpu320 - ok
16:56:19.0925 1192 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:56:19.0927 1192 AeLookupSvc - ok
16:56:19.0969 1192 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:56:19.0971 1192 AERTFilters - ok
16:56:20.0010 1192 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:56:20.0014 1192 AFD - ok
16:56:20.0036 1192 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:56:20.0040 1192 agp440 - ok
16:56:20.0051 1192 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:56:20.0053 1192 ALG - ok
16:56:20.0069 1192 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:56:20.0071 1192 aliide - ok
16:56:20.0082 1192 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:56:20.0084 1192 amdide - ok
16:56:20.0087 1192 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:56:20.0096 1192 AmdK8 - ok
16:56:20.0100 1192 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:56:20.0102 1192 AmdPPM - ok
16:56:20.0112 1192 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:56:20.0114 1192 amdsata - ok
16:56:20.0123 1192 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:56:20.0125 1192 amdsbs - ok
16:56:20.0138 1192 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:56:20.0141 1192 amdxata - ok
16:56:20.0170 1192 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:56:20.0177 1192 AppID - ok
16:56:20.0188 1192 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:56:20.0189 1192 AppIDSvc - ok
16:56:20.0204 1192 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:56:20.0206 1192 Appinfo - ok
16:56:20.0229 1192 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:56:20.0232 1192 AppMgmt - ok
16:56:20.0245 1192 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:56:20.0247 1192 arc - ok
16:56:20.0255 1192 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:56:20.0259 1192 arcsas - ok
16:56:20.0325 1192 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:56:20.0327 1192 aspnet_state - ok
16:56:20.0356 1192 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:56:20.0358 1192 AsyncMac - ok
16:56:20.0369 1192 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:56:20.0370 1192 atapi - ok
16:56:20.0425 1192 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:56:20.0449 1192 athr - ok
16:56:20.0493 1192 [ 788914C42AD8318F1DD7A565EAFFB049 ] athrusb C:\Windows\system32\DRIVERS\athrxusb.sys
16:56:20.0510 1192 athrusb - ok
16:56:20.0545 1192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:56:20.0552 1192 AudioEndpointBuilder - ok
16:56:20.0561 1192 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:56:20.0564 1192 AudioSrv - ok
16:56:20.0595 1192 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:56:20.0598 1192 AxInstSV - ok
16:56:20.0631 1192 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:56:20.0637 1192 b06bdrv - ok
16:56:20.0663 1192 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:56:20.0667 1192 b57nd60a - ok
16:56:20.0680 1192 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:56:20.0682 1192 BDESVC - ok
16:56:20.0696 1192 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:56:20.0698 1192 Beep - ok
16:56:20.0740 1192 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:56:20.0746 1192 BFE - ok
16:56:20.0812 1192 BITCOMET_HELPER_SERVICE - ok
16:56:20.0841 1192 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:56:20.0856 1192 BITS - ok
16:56:20.0884 1192 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:56:20.0886 1192 blbdrive - ok
16:56:20.0927 1192 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:56:20.0929 1192 bowser - ok
16:56:20.0947 1192 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:56:20.0949 1192 BrFiltLo - ok
16:56:20.0953 1192 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:56:20.0963 1192 BrFiltUp - ok
16:56:20.0999 1192 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:56:21.0001 1192 BridgeMP - ok
16:56:21.0025 1192 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:56:21.0028 1192 Browser - ok
16:56:21.0035 1192 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:56:21.0039 1192 Brserid - ok
16:56:21.0042 1192 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:56:21.0044 1192 BrSerWdm - ok
16:56:21.0047 1192 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:56:21.0048 1192 BrUsbMdm - ok
16:56:21.0052 1192 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:56:21.0054 1192 BrUsbSer - ok
16:56:21.0064 1192 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:56:21.0066 1192 BTHMODEM - ok
16:56:21.0084 1192 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:56:21.0088 1192 bthserv - ok
16:56:21.0106 1192 catchme - ok
16:56:21.0128 1192 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:56:21.0130 1192 cdfs - ok
16:56:21.0161 1192 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:56:21.0163 1192 cdrom - ok
16:56:21.0179 1192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:56:21.0182 1192 CertPropSvc - ok
16:56:21.0191 1192 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:56:21.0193 1192 circlass - ok
16:56:21.0210 1192 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:56:21.0214 1192 CLFS - ok
16:56:21.0255 1192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:56:21.0259 1192 clr_optimization_v2.0.50727_32 - ok
16:56:21.0276 1192 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:56:21.0278 1192 clr_optimization_v2.0.50727_64 - ok
16:56:21.0355 1192 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:56:21.0357 1192 clr_optimization_v4.0.30319_32 - ok
16:56:21.0381 1192 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:56:21.0383 1192 clr_optimization_v4.0.30319_64 - ok
16:56:21.0409 1192 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:56:21.0411 1192 CmBatt - ok
16:56:21.0429 1192 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:56:21.0431 1192 cmdide - ok
16:56:21.0456 1192 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:56:21.0461 1192 CNG - ok
16:56:21.0470 1192 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:56:21.0473 1192 Compbatt - ok
16:56:21.0504 1192 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:56:21.0512 1192 CompositeBus - ok
16:56:21.0524 1192 COMSysApp - ok
16:56:21.0543 1192 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:56:21.0545 1192 crcdisk - ok
16:56:21.0575 1192 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:56:21.0578 1192 CryptSvc - ok
16:56:21.0608 1192 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:56:21.0616 1192 CSC - ok
16:56:21.0635 1192 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:56:21.0642 1192 CscService - ok
16:56:21.0669 1192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:56:21.0676 1192 DcomLaunch - ok
16:56:21.0699 1192 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:56:21.0704 1192 defragsvc - ok
16:56:21.0729 1192 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:56:21.0731 1192 DfsC - ok
16:56:21.0763 1192 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:56:21.0767 1192 Dhcp - ok
16:56:21.0777 1192 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:56:21.0778 1192 discache - ok
16:56:21.0802 1192 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:56:21.0809 1192 Disk - ok
16:56:21.0844 1192 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:56:21.0846 1192 dmvsc - ok
16:56:21.0889 1192 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:56:21.0895 1192 Dnscache - ok
16:56:21.0938 1192 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:56:21.0942 1192 dot3svc - ok
16:56:21.0953 1192 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:56:21.0956 1192 DPS - ok
16:56:21.0989 1192 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:56:21.0990 1192 drmkaud - ok
16:56:22.0021 1192 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:56:22.0031 1192 DXGKrnl - ok
16:56:22.0074 1192 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
16:56:22.0077 1192 eamonm - ok
16:56:22.0108 1192 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:56:22.0111 1192 EapHost - ok
16:56:22.0159 1192 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:56:22.0211 1192 ebdrv - ok
16:56:22.0243 1192 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:56:22.0244 1192 EFS - ok
16:56:22.0305 1192 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
16:56:22.0307 1192 ehdrv - ok
16:56:22.0341 1192 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:56:22.0349 1192 ehRecvr - ok
16:56:22.0356 1192 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:56:22.0359 1192 ehSched - ok
16:56:22.0422 1192 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
16:56:22.0429 1192 ekrn - ok
16:56:22.0451 1192 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:56:22.0456 1192 elxstor - ok
16:56:22.0494 1192 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
16:56:22.0497 1192 epfw - ok
16:56:22.0520 1192 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
16:56:22.0522 1192 EpfwLWF - ok
16:56:22.0546 1192 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
16:56:22.0548 1192 epfwwfp - ok
16:56:22.0556 1192 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:56:22.0558 1192 ErrDev - ok
16:56:22.0579 1192 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:56:22.0583 1192 EventSystem - ok
16:56:22.0600 1192 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:56:22.0603 1192 exfat - ok
16:56:22.0620 1192 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:56:22.0623 1192 fastfat - ok
16:56:22.0654 1192 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:56:22.0661 1192 Fax - ok
16:56:22.0675 1192 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:56:22.0676 1192 fdc - ok
16:56:22.0687 1192 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:56:22.0688 1192 fdPHost - ok
16:56:22.0698 1192 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:56:22.0700 1192 FDResPub - ok
16:56:22.0734 1192 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:56:22.0736 1192 FileInfo - ok
16:56:22.0740 1192 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:56:22.0742 1192 Filetrace - ok
16:56:22.0746 1192 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:56:22.0747 1192 flpydisk - ok
16:56:22.0762 1192 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:56:22.0766 1192 FltMgr - ok
16:56:22.0799 1192 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:56:22.0816 1192 FontCache - ok
16:56:22.0845 1192 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:56:22.0847 1192 FontCache3.0.0.0 - ok
16:56:22.0864 1192 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:56:22.0867 1192 FsDepends - ok
16:56:22.0883 1192 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:56:22.0884 1192 Fs_Rec - ok
16:56:22.0910 1192 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:56:22.0913 1192 fvevol - ok
16:56:22.0924 1192 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:56:22.0926 1192 gagp30kx - ok
16:56:22.0956 1192 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:56:22.0966 1192 gpsvc - ok
16:56:23.0047 1192 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:23.0050 1192 gupdate - ok
16:56:23.0056 1192 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:56:23.0057 1192 gupdatem - ok
16:56:23.0083 1192 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:56:23.0085 1192 hamachi - ok
16:56:23.0146 1192 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
16:56:23.0164 1192 Hamachi2Svc - ok
16:56:23.0179 1192 [ 49FF998B490B4AEF6C71A669FD10F09B ] hcmon C:\Windows\system32\drivers\hcmon.sys
16:56:23.0181 1192 hcmon - ok
16:56:23.0201 1192 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:56:23.0203 1192 hcw85cir - ok
16:56:23.0239 1192 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:56:23.0243 1192 HdAudAddService - ok
16:56:23.0265 1192 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:56:23.0267 1192 HDAudBus - ok
16:56:23.0302 1192 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:56:23.0304 1192 HECIx64 - ok
16:56:23.0311 1192 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:56:23.0313 1192 HidBatt - ok
16:56:23.0318 1192 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:56:23.0321 1192 HidBth - ok
16:56:23.0347 1192 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:56:23.0350 1192 HidIr - ok
16:56:23.0371 1192 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:56:23.0373 1192 hidserv - ok
16:56:23.0397 1192 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:56:23.0399 1192 HidUsb - ok
16:56:23.0414 1192 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:56:23.0417 1192 hkmsvc - ok
16:56:23.0432 1192 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:56:23.0436 1192 HomeGroupListener - ok
16:56:23.0460 1192 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:56:23.0464 1192 HomeGroupProvider - ok
16:56:23.0477 1192 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:56:23.0480 1192 HpSAMD - ok
16:56:23.0511 1192 [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
16:56:23.0519 1192 HssDRV6 - ok
16:56:23.0558 1192 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:56:23.0567 1192 HTTP - ok
16:56:23.0577 1192 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:56:23.0578 1192 hwpolicy - ok
16:56:23.0599 1192 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:56:23.0602 1192 i8042prt - ok
16:56:23.0623 1192 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:56:23.0629 1192 iaStorV - ok
16:56:23.0692 1192 [ 6F37465EAF6E043A20B432228FED2BF5 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
16:56:23.0696 1192 IDMWFP - ok
16:56:23.0749 1192 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:56:23.0762 1192 idsvc - ok
16:56:23.0789 1192 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:56:23.0864 1192 iirsp - ok
16:56:23.0902 1192 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:56:23.0911 1192 IKEEXT - ok
16:56:23.0954 1192 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:56:23.0989 1192 IntcAzAudAddService - ok
16:56:23.0997 1192 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:56:23.0999 1192 intelide - ok
16:56:24.0026 1192 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:56:24.0026 1192 intelppm - ok
16:56:24.0037 1192 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:56:24.0040 1192 IPBusEnum - ok
16:56:24.0065 1192 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:56:24.0067 1192 IpFilterDriver - ok
16:56:24.0083 1192 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:56:24.0090 1192 iphlpsvc - ok
16:56:24.0095 1192 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:56:24.0097 1192 IPMIDRV - ok
16:56:24.0110 1192 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:56:24.0113 1192 IPNAT - ok
16:56:24.0123 1192 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:56:24.0125 1192 IRENUM - ok
16:56:24.0140 1192 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:56:24.0142 1192 isapnp - ok
16:56:24.0155 1192 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:56:24.0160 1192 iScsiPrt - ok
16:56:24.0197 1192 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
16:56:24.0202 1192 k57nd60a - ok
16:56:24.0215 1192 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:56:24.0217 1192 kbdclass - ok
16:56:24.0228 1192 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:56:24.0230 1192 kbdhid - ok
16:56:24.0241 1192 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:56:24.0242 1192 KeyIso - ok
16:56:24.0265 1192 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:56:24.0267 1192 KSecDD - ok
16:56:24.0284 1192 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:56:24.0288 1192 KSecPkg - ok
16:56:24.0303 1192 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:56:24.0305 1192 ksthunk - ok
16:56:24.0332 1192 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:56:24.0339 1192 KtmRm - ok
16:56:24.0363 1192 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:56:24.0367 1192 LanmanServer - ok
16:56:24.0376 1192 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:56:24.0380 1192 LanmanWorkstation - ok
16:56:24.0408 1192 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:56:24.0410 1192 lltdio - ok
16:56:24.0431 1192 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:56:24.0437 1192 lltdsvc - ok
16:56:24.0464 1192 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:56:24.0466 1192 lmhosts - ok
16:56:24.0527 1192 [ 0B4F38AA22D5634C48EDB18FE257F005 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:56:24.0530 1192 LMS - ok
16:56:24.0563 1192 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:56:24.0566 1192 LSI_FC - ok
16:56:24.0589 1192 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:56:24.0592 1192 LSI_SAS - ok
16:56:24.0599 1192 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:56:24.0601 1192 LSI_SAS2 - ok
16:56:24.0608 1192 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:56:24.0611 1192 LSI_SCSI - ok
16:56:24.0624 1192 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:56:24.0627 1192 luafv - ok
16:56:24.0663 1192 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:56:24.0666 1192 Mcx2Svc - ok
16:56:24.0683 1192 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:56:24.0704 1192 megasas - ok
16:56:24.0719 1192 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:56:24.0724 1192 MegaSR - ok
16:56:24.0741 1192 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:56:24.0744 1192 MMCSS - ok
16:56:24.0758 1192 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:56:24.0760 1192 Modem - ok
16:56:24.0788 1192 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:56:24.0789 1192 monitor - ok
16:56:24.0801 1192 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:56:24.0804 1192 mouclass - ok
16:56:24.0830 1192 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:56:24.0832 1192 mouhid - ok
16:56:24.0858 1192 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:56:24.0861 1192 mountmgr - ok
16:56:24.0872 1192 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:56:24.0875 1192 mpio - ok
16:56:24.0891 1192 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:56:24.0894 1192 mpsdrv - ok
16:56:24.0929 1192 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:56:24.0941 1192 MpsSvc - ok
16:56:24.0958 1192 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:56:24.0961 1192 MRxDAV - ok
16:56:24.0982 1192 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:56:24.0984 1192 mrxsmb - ok
16:56:24.0999 1192 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:56:25.0004 1192 mrxsmb10 - ok
16:56:25.0019 1192 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:56:25.0021 1192 mrxsmb20 - ok
16:56:25.0030 1192 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:56:25.0032 1192 msahci - ok
16:56:25.0048 1192 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:56:25.0051 1192 msdsm - ok
16:56:25.0067 1192 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:56:25.0071 1192 MSDTC - ok
16:56:25.0098 1192 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:56:25.0100 1192 Msfs - ok
16:56:25.0116 1192 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:56:25.0117 1192 mshidkmdf - ok
16:56:25.0130 1192 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:56:25.0131 1192 msisadrv - ok
16:56:25.0176 1192 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:56:25.0180 1192 MSiSCSI - ok
16:56:25.0184 1192 msiserver - ok
16:56:25.0209 1192 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:56:25.0211 1192 MSKSSRV - ok
16:56:25.0221 1192 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:56:25.0224 1192 MSPCLOCK - ok
16:56:25.0236 1192 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:56:25.0238 1192 MSPQM - ok
16:56:25.0251 1192 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:56:25.0257 1192 MsRPC - ok
16:56:25.0267 1192 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:56:25.0268 1192 mssmbios - ok
16:56:25.0278 1192 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:56:25.0279 1192 MSTEE - ok
16:56:25.0293 1192 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:56:25.0295 1192 MTConfig - ok
16:56:25.0305 1192 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:56:25.0307 1192 Mup - ok
16:56:25.0337 1192 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:56:25.0343 1192 napagent - ok
16:56:25.0370 1192 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:56:25.0374 1192 NativeWifiP - ok
16:56:25.0411 1192 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:56:25.0429 1192 NDIS - ok
16:56:25.0457 1192 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:56:25.0459 1192 NdisCap - ok
16:56:25.0470 1192 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:56:25.0472 1192 NdisTapi - ok
16:56:25.0485 1192 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:56:25.0488 1192 Ndisuio - ok
16:56:25.0494 1192 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:56:25.0497 1192 NdisWan - ok
16:56:25.0515 1192 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:56:25.0518 1192 NDProxy - ok
16:56:25.0533 1192 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:56:25.0535 1192 NetBIOS - ok
16:56:25.0541 1192 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:56:25.0544 1192 NetBT - ok
16:56:25.0556 1192 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:56:25.0557 1192 Netlogon - ok
16:56:25.0596 1192 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:56:25.0602 1192 Netman - ok
16:56:25.0634 1192 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:25.0638 1192 NetMsmqActivator - ok
16:56:25.0643 1192 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:25.0645 1192 NetPipeActivator - ok
16:56:25.0663 1192 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:56:25.0669 1192 netprofm - ok
16:56:25.0676 1192 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:25.0677 1192 NetTcpActivator - ok
16:56:25.0682 1192 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:56:25.0683 1192 NetTcpPortSharing - ok
16:56:25.0698 1192 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:56:25.0700 1192 nfrd960 - ok
16:56:25.0734 1192 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:56:25.0739 1192 NlaSvc - ok
16:56:25.0778 1192 [ AD42FB061166AF0643806800304BD76F ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
16:56:25.0780 1192 NLNdisMP - ok
16:56:25.0889 1192 [ AD42FB061166AF0643806800304BD76F ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
16:56:25.0890 1192 NLNdisPT - ok
16:56:25.0998 1192 [ 6988373E38223438B09F0C27D7E67393 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
16:56:26.0032 1192 nlsvc - ok
16:56:26.0058 1192 [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
16:56:26.0060 1192 nltdi - ok
16:56:26.0068 1192 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:56:26.0070 1192 Npfs - ok
16:56:26.0090 1192 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:56:26.0093 1192 nsi - ok
16:56:26.0114 1192 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:56:26.0115 1192 nsiproxy - ok
16:56:26.0155 1192 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:56:26.0189 1192 Ntfs - ok
16:56:26.0198 1192 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:56:26.0199 1192 Null - ok
16:56:26.0227 1192 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
16:56:26.0229 1192 NVHDA - ok
16:56:26.0407 1192 [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:56:26.0565 1192 nvlddmkm - ok
16:56:26.0584 1192 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:56:26.0586 1192 nvraid - ok
16:56:26.0592 1192 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:56:26.0595 1192 nvstor - ok
16:56:26.0621 1192 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:56:26.0624 1192 nv_agp - ok
16:56:26.0738 1192 [ 71C97F97A909A990C7F60C77908BAFF9 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
16:56:26.0750 1192 OfficeSvc - ok
16:56:26.0766 1192 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:56:26.0769 1192 ohci1394 - ok
16:56:26.0824 1192 [ FF93D67903FDEABCD4470CD82F44ACFA ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:56:26.0826 1192 ose - ok
16:56:26.0943 1192 [ 31DC8D825D2C4EB0FF7ED021BB92C541 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:56:27.0019 1192 osppsvc - ok
16:56:27.0044 1192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:56:27.0048 1192 p2pimsvc - ok
16:56:27.0064 1192 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:56:27.0070 1192 p2psvc - ok
16:56:27.0086 1192 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:56:27.0088 1192 Parport - ok
16:56:27.0102 1192 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:56:27.0104 1192 partmgr - ok
16:56:27.0118 1192 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:56:27.0122 1192 PcaSvc - ok
16:56:27.0135 1192 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:56:27.0138 1192 pci - ok
16:56:27.0147 1192 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:56:27.0149 1192 pciide - ok
16:56:27.0161 1192 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:56:27.0165 1192 pcmcia - ok
16:56:27.0175 1192 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:56:27.0178 1192 pcw - ok
16:56:27.0188 1192 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:56:27.0195 1192 PEAUTH - ok
16:56:27.0229 1192 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:56:27.0254 1192 PeerDistSvc - ok
16:56:27.0313 1192 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:56:27.0316 1192 PerfHost - ok
16:56:27.0360 1192 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:56:27.0386 1192 pla - ok
16:56:27.0424 1192 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:56:27.0431 1192 PlugPlay - ok
16:56:27.0446 1192 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:56:27.0450 1192 PNRPAutoReg - ok
16:56:27.0469 1192 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:56:27.0473 1192 PNRPsvc - ok
16:56:27.0505 1192 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:56:27.0513 1192 PolicyAgent - ok
16:56:27.0557 1192 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:56:27.0562 1192 Power - ok
16:56:27.0604 1192 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:56:27.0607 1192 PptpMiniport - ok
16:56:27.0617 1192 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:56:27.0620 1192 Processor - ok
16:56:27.0644 1192 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:56:27.0649 1192 ProfSvc - ok
16:56:27.0662 1192 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:56:27.0663 1192 ProtectedStorage - ok
16:56:27.0675 1192 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:56:27.0677 1192 Psched - ok
16:56:27.0710 1192 [ D8589A43B352E7F2317194C98447149F ] pwdrvio C:\Windows\system32\pwdrvio.sys
16:56:27.0714 1192 pwdrvio - ok
16:56:27.0752 1192 [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio C:\Windows\system32\pwdspio.sys
16:56:27.0756 1192 pwdspio - ok
16:56:27.0792 1192 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:56:27.0818 1192 ql2300 - ok
16:56:27.0840 1192 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:56:27.0843 1192 ql40xx - ok
16:56:27.0869 1192 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:56:27.0875 1192 QWAVE - ok
16:56:27.0883 1192 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:56:27.0885 1192 QWAVEdrv - ok
16:56:27.0890 1192 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:56:27.0891 1192 RasAcd - ok
16:56:27.0921 1192 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:56:27.0923 1192 RasAgileVpn - ok
16:56:27.0955 1192 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:56:27.0958 1192 RasAuto - ok
16:56:27.0966 1192 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:56:27.0969 1192 Rasl2tp - ok
16:56:27.0986 1192 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:56:27.0993 1192 RasMan - ok
16:56:28.0003 1192 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:56:28.0005 1192 RasPppoe - ok
16:56:28.0014 1192 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:56:28.0016 1192 RasSstp - ok
16:56:28.0032 1192 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:56:28.0035 1192 rdbss - ok
16:56:28.0043 1192 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:56:28.0045 1192 rdpbus - ok
16:56:28.0053 1192 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:56:28.0054 1192 RDPCDD - ok
16:56:28.0074 1192 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:56:28.0077 1192 RDPDR - ok
16:56:28.0086 1192 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:56:28.0087 1192 RDPENCDD - ok
16:56:28.0098 1192 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:56:28.0099 1192 RDPREFMP - ok
16:56:28.0127 1192 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:56:28.0129 1192 RdpVideoMiniport - ok
16:56:28.0150 1192 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:56:28.0154 1192 RDPWD - ok
16:56:28.0201 1192 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:56:28.0206 1192 rdyboost - ok
16:56:28.0231 1192 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:56:28.0235 1192 RemoteAccess - ok
16:56:28.0256 1192 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:56:28.0261 1192 RemoteRegistry - ok
16:56:28.0276 1192 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:56:28.0280 1192 RpcEptMapper - ok
16:56:28.0294 1192 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:56:28.0297 1192 RpcLocator - ok
16:56:28.0322 1192 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:56:28.0328 1192 RpcSs - ok
16:56:28.0345 1192 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:56:28.0347 1192 rspndr - ok
16:56:28.0370 1192 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:56:28.0372 1192 s3cap - ok
16:56:28.0386 1192 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:56:28.0388 1192 SamSs - ok
16:56:28.0398 1192 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:56:28.0401 1192 sbp2port - ok
16:56:28.0417 1192 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:56:28.0422 1192 SCardSvr - ok
16:56:28.0435 1192 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:56:28.0437 1192 scfilter - ok
16:56:28.0463 1192 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:56:28.0480 1192 Schedule - ok
16:56:28.0505 1192 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:56:28.0506 1192 SCPolicySvc - ok
16:56:28.0514 1192 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:56:28.0519 1192 SDRSVC - ok
16:56:28.0556 1192 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:56:28.0558 1192 secdrv - ok
16:56:28.0572 1192 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:56:28.0575 1192 seclogon - ok
16:56:28.0604 1192 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:56:28.0607 1192 SENS - ok
16:56:28.0614 1192 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:56:28.0617 1192 SensrSvc - ok
16:56:28.0630 1192 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:56:28.0633 1192 Serenum - ok
16:56:28.0656 1192 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:56:28.0659 1192 Serial - ok
16:56:28.0699 1192 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:56:28.0701 1192 sermouse - ok
16:56:28.0728 1192 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:56:28.0733 1192 SessionEnv - ok
16:56:28.0738 1192 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:56:28.0740 1192 sffdisk - ok
16:56:28.0745 1192 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:56:28.0748 1192 sffp_mmc - ok
16:56:28.0755 1192 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:56:28.0756 1192 sffp_sd - ok
16:56:28.0762 1192 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:56:28.0764 1192 sfloppy - ok
16:56:28.0805 1192 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:56:28.0811 1192 SharedAccess - ok
16:56:28.0825 1192 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:56:28.0830 1192 ShellHWDetection - ok
16:56:28.0837 1192 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:56:28.0839 1192 SiSRaid2 - ok
16:56:28.0848 1192 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:56:28.0851 1192 SiSRaid4 - ok
16:56:28.0877 1192 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:56:28.0880 1192 Smb - ok
16:56:28.0927 1192 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:56:28.0930 1192 SNMPTRAP - ok
16:56:28.0942 1192 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:56:28.0944 1192 spldr - ok
16:56:28.0962 1192 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:56:28.0967 1192 Spooler - ok
16:56:29.0023 1192 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:56:29.0076 1192 sppsvc - ok
16:56:29.0093 1192 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:56:29.0097 1192 sppuinotify - ok
16:56:29.0142 1192 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:56:29.0145 1192 SQLWriter - ok
16:56:29.0161 1192 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:56:29.0167 1192 srv - ok
16:56:29.0179 1192 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:56:29.0185 1192 srv2 - ok
16:56:29.0206 1192 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:56:29.0209 1192 srvnet - ok
16:56:29.0242 1192 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:56:29.0246 1192 SSDPSRV - ok
16:56:29.0256 1192 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:56:29.0260 1192 SstpSvc - ok
16:56:29.0278 1192 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:56:29.0280 1192 stexstor - ok
16:56:29.0389 1192 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:56:29.0430 1192 stisvc - ok
16:56:29.0457 1192 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:56:29.0464 1192 storflt - ok
16:56:29.0493 1192 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:56:29.0501 1192 storvsc - ok
16:56:29.0560 1192 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:56:29.0568 1192 swenum - ok
16:56:29.0665 1192 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:56:29.0704 1192 swprv - ok
16:56:29.0729 1192 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
16:56:29.0737 1192 Synth3dVsc - ok
16:56:29.0845 1192 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:56:29.0884 1192 SysMain - ok
16:56:29.0928 1192 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:56:29.0936 1192 TabletInputService - ok
16:56:29.0983 1192 [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
16:56:29.0985 1192 tap0901 - ok
16:56:30.0101 1192 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
16:56:30.0110 1192 tap0901t - ok
16:56:30.0147 1192 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
16:56:30.0153 1192 taphss - ok
16:56:30.0221 1192 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:56:30.0229 1192 TapiSrv - ok
16:56:30.0246 1192 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:56:30.0249 1192 TBS - ok
16:56:30.0382 1192 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:56:30.0426 1192 Tcpip - ok
16:56:30.0501 1192 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:56:30.0513 1192 TCPIP6 - ok
16:56:30.0557 1192 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:56:30.0568 1192 tcpipreg - ok
16:56:30.0583 1192 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:56:30.0585 1192 TDPIPE - ok
16:56:30.0608 1192 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:56:30.0623 1192 TDTCP - ok
16:56:30.0637 1192 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:56:30.0644 1192 tdx - ok
16:56:30.0931 1192 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:56:30.0946 1192 TeamViewer7 - ok
16:56:30.0984 1192 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:56:30.0995 1192 TermDD - ok
16:56:31.0163 1192 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
16:56:31.0181 1192 terminpt - ok
16:56:31.0220 1192 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:56:31.0233 1192 TermService - ok
16:56:31.0249 1192 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:56:31.0259 1192 Themes - ok
16:56:31.0292 1192 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:56:31.0294 1192 THREADORDER - ok
16:56:31.0317 1192 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:56:31.0329 1192 TrkWks - ok
16:56:31.0393 1192 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:56:31.0398 1192 TrustedInstaller - ok
16:56:31.0419 1192 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:56:31.0422 1192 tssecsrv - ok
16:56:31.0487 1192 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:56:31.0491 1192 TsUsbFlt - ok
16:56:31.0510 1192 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:56:31.0526 1192 TsUsbGD - ok
16:56:31.0568 1192 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
16:56:31.0573 1192 tsusbhub - ok
16:56:31.0622 1192 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:56:31.0625 1192 tunnel - ok
16:56:31.0798 1192 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
16:56:31.0832 1192 TunngleService - ok
16:56:31.0856 1192 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:56:31.0870 1192 uagp35 - ok
16:56:31.0906 1192 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:56:31.0947 1192 udfs - ok
16:56:32.0017 1192 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:56:32.0025 1192 UI0Detect - ok
16:56:32.0070 1192 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:56:32.0073 1192 uliagpkx - ok
16:56:32.0096 1192 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:56:32.0098 1192 umbus - ok
16:56:32.0112 1192 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:56:32.0114 1192 UmPass - ok
16:56:32.0198 1192 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:56:32.0249 1192 UmRdpService - ok
16:56:32.0852 1192 [ 6FDB1CA1ADD261F893C90738EBA37197 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:56:32.0869 1192 UNS - ok
16:56:32.0893 1192 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:56:32.0897 1192 upnphost - ok
16:56:32.0912 1192 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:56:32.0915 1192 usbccgp - ok
16:56:32.0941 1192 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:56:32.0943 1192 usbcir - ok
16:56:32.0952 1192 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:56:32.0954 1192 usbehci - ok
16:56:32.0987 1192 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:56:32.0991 1192 usbhub - ok
16:56:32.0999 1192 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:56:33.0001 1192 usbohci - ok
16:56:33.0029 1192 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:56:33.0031 1192 usbprint - ok
16:56:33.0053 1192 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:56:33.0055 1192 usbscan - ok
16:56:33.0068 1192 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:56:33.0070 1192 USBSTOR - ok
16:56:33.0082 1192 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:56:33.0084 1192 usbuhci - ok
16:56:33.0104 1192 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:56:33.0107 1192 UxSms - ok
16:56:33.0115 1192 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:56:33.0116 1192 VaultSvc - ok
16:56:33.0123 1192 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:56:33.0126 1192 vdrvroot - ok
16:56:33.0160 1192 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:56:33.0168 1192 vds - ok
16:56:33.0173 1192 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:56:33.0175 1192 vga - ok
16:56:33.0189 1192 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:56:33.0190 1192 VgaSave - ok
16:56:33.0193 1192 VGPU - ok
16:56:33.0203 1192 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:56:33.0207 1192 vhdmp - ok
16:56:33.0222 1192 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:56:33.0224 1192 viaide - ok
16:56:33.0275 1192 [ 7171B884DA8BFB1CE5C8BAE46D993CB1 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:56:33.0277 1192 VMAuthdService - ok
16:56:33.0301 1192 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:56:33.0305 1192 vmbus - ok
16:56:33.0318 1192 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:56:33.0320 1192 VMBusHID - ok
16:56:33.0353 1192 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
16:56:33.0356 1192 vmci - ok
16:56:33.0370 1192 [ AF3FAAE90D4BE41ECB510969A05C1842 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
16:56:33.0372 1192 vmkbd - ok
16:56:33.0396 1192 [ AEF53B47E960F227BF7638A6A1A9D5C6 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:56:33.0398 1192 VMnetAdapter - ok
16:56:33.0418 1192 [ C234A1DC2F06A15B9210787F54253810 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:56:33.0420 1192 VMnetBridge - ok
16:56:33.0425 1192 VMnetDHCP - ok
16:56:33.0437 1192 [ B19B92D57515D3DE3330ADD34AB6AB05 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
16:56:33.0439 1192 VMnetuserif - ok
16:56:33.0467 1192 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
16:56:33.0469 1192 vmusb - ok
16:56:33.0525 1192 [ 105CC87FF31CB3C911ED6C515EC82F75 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
16:56:33.0532 1192 VMUSBArbService - ok
16:56:33.0540 1192 VMware NAT Service - ok
16:56:33.0546 1192 [ B95C74CB53894249F43A8302E9AF7E23 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
16:56:33.0548 1192 vmx86 - ok
16:56:33.0565 1192 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:56:33.0567 1192 volmgr - ok
16:56:33.0579 1192 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:56:33.0583 1192 volmgrx - ok
16:56:33.0590 1192 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:56:33.0594 1192 volsnap - ok
16:56:33.0600 1192 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:56:33.0603 1192 vsmraid - ok
16:56:33.0614 1192 [ 1BD504B8678825B40C515BEF5BFB08E7 ] vsock C:\Windows\system32\drivers\vsock.sys
16:56:33.0617 1192 vsock - ok
16:56:33.0659 1192 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:56:33.0684 1192 VSS - ok
16:56:33.0700 1192 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:56:33.0702 1192 vwifibus - ok
16:56:33.0726 1192 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:56:33.0728 1192 vwififlt - ok
16:56:33.0744 1192 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:56:33.0750 1192 W32Time - ok
16:56:33.0797 1192 [ 37E4600E2CDAD3C1A3613A25B97D457C ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:56:33.0799 1192 wacmoumonitor - ok
16:56:33.0819 1192 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:56:33.0821 1192 WacomPen - ok
16:56:33.0848 1192 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:56:33.0850 1192 WANARP - ok
16:56:33.0866 1192 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:56:33.0867 1192 Wanarpv6 - ok
16:56:33.0918 1192 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:56:33.0944 1192 WatAdminSvc - ok
16:56:33.0980 1192 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:56:34.0007 1192 wbengine - ok
16:56:34.0013 1192 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:56:34.0018 1192 WbioSrvc - ok
16:56:34.0033 1192 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:56:34.0040 1192 wcncsvc - ok
16:56:34.0056 1192 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:56:34.0060 1192 WcsPlugInService - ok
16:56:34.0080 1192 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:56:34.0082 1192 Wd - ok
16:56:34.0100 1192 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:56:34.0108 1192 Wdf01000 - ok
16:56:34.0122 1192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:56:34.0126 1192 WdiServiceHost - ok
16:56:34.0130 1192 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:56:34.0132 1192 WdiSystemHost - ok
16:56:34.0147 1192 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:56:34.0152 1192 WebClient - ok
16:56:34.0160 1192 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:56:34.0165 1192 Wecsvc - ok
16:56:34.0176 1192 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:56:34.0179 1192 wercplsupport - ok
16:56:34.0208 1192 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:56:34.0212 1192 WerSvc - ok
16:56:34.0223 1192 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:56:34.0225 1192 WfpLwf - ok
16:56:34.0235 1192 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:56:34.0237 1192 WIMMount - ok
16:56:34.0251 1192 WinDefend - ok
16:56:34.0258 1192 WinHttpAutoProxySvc - ok
16:56:34.0297 1192 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:56:34.0301 1192 Winmgmt - ok
16:56:34.0342 1192 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:56:34.0376 1192 WinRM - ok
16:56:34.0434 1192 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:56:34.0436 1192 WinUsb - ok
16:56:34.0464 1192 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:56:34.0476 1192 Wlansvc - ok
16:56:34.0485 1192 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:56:34.0487 1192 WmiAcpi - ok
16:56:34.0511 1192 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:56:34.0515 1192 wmiApSrv - ok
16:56:34.0548 1192 WMPNetworkSvc - ok
16:56:34.0559 1192 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:56:34.0563 1192 WPCSvc - ok
16:56:34.0576 1192 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:56:34.0581 1192 WPDBusEnum - ok
16:56:34.0589 1192 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:56:34.0591 1192 ws2ifsl - ok
16:56:34.0623 1192 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:56:34.0627 1192 wscsvc - ok
16:56:34.0631 1192 WSearch - ok
16:56:34.0711 1192 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:56:34.0745 1192 wuauserv - ok
16:56:34.0750 1192 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:56:34.0753 1192 WudfPf - ok
16:56:34.0766 1192 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:56:34.0769 1192 WUDFRd - ok
16:56:34.0789 1192 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:56:34.0793 1192 wudfsvc - ok
16:56:34.0804 1192 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:56:34.0809 1192 WwanSvc - ok
16:56:34.0849 1192 ================ Scan global ===============================
16:56:34.0871 1192 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:56:34.0893 1192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:56:34.0902 1192 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:56:34.0917 1192 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:56:34.0936 1192 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:56:34.0941 1192 [Global] - ok
16:56:34.0942 1192 ================ Scan MBR ==================================
16:56:34.0951 1192 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:56:35.0092 1192 \Device\Harddisk0\DR0 - ok
16:56:35.0097 1192 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:56:35.0138 1192 \Device\Harddisk1\DR1 - ok
16:56:35.0138 1192 ================ Scan VBR ==================================
16:56:35.0166 1192 [ C0371A28D8DC0DCF0C104ECB14B8A679 ] \Device\Harddisk0\DR0\Partition1
16:56:35.0168 1192 \Device\Harddisk0\DR0\Partition1 - ok
16:56:35.0180 1192 [ 45E843B964749B68C02136F39296E20D ] \Device\Harddisk0\DR0\Partition2
16:56:35.0182 1192 \Device\Harddisk0\DR0\Partition2 - ok
16:56:35.0200 1192 [ 04BB5FCB2453AD7F4C52C23F098FFE53 ] \Device\Harddisk0\DR0\Partition3
16:56:35.0202 1192 \Device\Harddisk0\DR0\Partition3 - ok
16:56:35.0206 1192 [ 81A343019A88C73F4F64E5D625A4913B ] \Device\Harddisk0\DR0\Partition4
16:56:35.0207 1192 \Device\Harddisk0\DR0\Partition4 - ok
16:56:35.0213 1192 [ FF7AABC07EB4830E0F70523EA060068E ] \Device\Harddisk1\DR1\Partition1
16:56:35.0216 1192 \Device\Harddisk1\DR1\Partition1 - ok
16:56:35.0216 1192 ============================================================
16:56:35.0216 1192 Scan finished
16:56:35.0216 1192 ============================================================
16:56:35.0230 1128 Detected object count: 0
16:56:35.0230 1128 Actual detected object count: 0

#11 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 22 October 2012 - 10:01 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 20:26:59
-----------------------------
20:26:59.756 OS Version: Windows x64 6.1.7601 Service Pack 1
20:26:59.756 Number of processors: 4 586 0x2502
20:26:59.756 ComputerName: DELL-PC UserName: DELL
20:27:03.812 Initialize success
20:38:16.467 AVAST engine defs: 12102200
21:02:27.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:02:27.986 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 3
21:02:27.986 Disk 0 MBR read successfully
21:02:28.001 Disk 0 MBR scan
21:02:28.017 Disk 0 Windows 7 default MBR code
21:02:28.017 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
21:02:28.032 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102300 MB offset 206848
21:02:28.048 Disk 0 Partition - 00 0F Extended LBA 292537 MB offset 209719233
21:02:28.064 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 81998 MB offset 808835072
21:02:28.095 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 292537 MB offset 209719296
21:02:28.126 Disk 0 scanning C:\Windows\system32\drivers
21:02:40.809 Service scanning
21:03:04.474 Modules scanning
21:03:04.490 Disk 0 trace - called modules:
21:03:04.505 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:03:04.505 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b9a060]
21:03:04.521 3 CLASSPNP.SYS[fffff8800199043f] -> nt!IofCallDriver -> [0xfffffa8003ad8d10]
21:03:04.521 5 ACPI.sys[fffff88000f5e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800491e060]
21:03:05.426 AVAST engine scan C:\Windows
21:03:09.716 AVAST engine scan C:\Windows\system32
21:07:39.331 AVAST engine scan C:\Windows\system32\drivers
21:07:55.477 AVAST engine scan C:\Users\DELL
21:13:41.735 File: C:\Users\DELL\Downloads\??ADSL??\MYRASDIAL.exe **INFECTED** Win32:Trojan-gen
21:14:20.720 AVAST engine scan C:\ProgramData
21:16:30.871 Scan finished successfully
21:44:12.471 Disk 0 MBR has been saved successfully to "C:\Users\DELL\Desktop\MBR.dat"
21:44:12.471 The log file has been saved successfully to "C:\Users\DELL\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 PM

Posted 22 October 2012 - 12:54 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Users\DELL\Downloads\??ADSL??\MYRASDIAL.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 23 October 2012 - 02:41 AM

the redirected page issue still exist

ComboFix 12-10-22.03 - DELL 0/2012 Tue 15:31:20.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.3959.2530 [GMT 8:00]
执行位置: c:\users\DELL\Desktop\ComboFix.exe
Command switches used :: c:\users\DELL\Desktop\CFScript.txt.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( 2012-09-23 至 2012-10-23 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-10-23 07:36 . 2012-10-23 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-23 07:25 . 2012-10-23 07:25 -------- d-----w- c:\users\DELL\AppData\Roaming\BANDISOFT
2012-10-23 07:25 . 2012-10-23 07:25 -------- d-----w- c:\program files (x86)\Bandicam
2012-10-23 07:25 . 2012-10-23 07:25 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-10-23 06:36 . 2012-10-23 06:36 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-23 06:36 . 2012-10-23 06:36 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-10-22 21:07 . 2012-10-22 21:07 -------- d-----w- C:\TDDownload
2012-10-22 21:05 . 2012-10-22 21:11 -------- d-----w- c:\users\Public\Thunder Network
2012-10-22 21:05 . 2012-10-22 21:05 -------- d-----w- c:\programdata\Thunder Network
2012-10-22 20:28 . 2012-10-22 20:28 -------- d-----w- c:\program files (x86)\eMule
2012-10-22 14:54 . 2010-10-23 16:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-10-22 14:54 . 2012-10-22 14:54 -------- d-----w- c:\program files (x86)\CamStudio 2.6b
2012-10-22 09:48 . 2012-10-22 09:50 -------- d-----w- C:\TEST
2012-10-21 21:27 . 2012-10-21 21:42 -------- d-----w- c:\users\DELL\AppData\Roaming\FAH
2012-10-20 12:37 . 2012-10-20 12:37 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-10-20 12:16 . 2012-10-20 12:16 -------- d-----w- c:\program files (x86)\uTorrent
2012-10-20 12:16 . 2012-10-23 07:34 -------- d-----w- c:\users\DELL\AppData\Roaming\uTorrent
2012-10-20 03:44 . 2012-10-20 03:44 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-20 03:44 . 2012-10-20 03:44 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-20 03:44 . 2012-10-20 03:44 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-20 03:44 . 2012-10-20 03:44 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-20 03:44 . 2012-10-20 03:44 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-20 03:44 . 2012-10-20 03:44 188904 ----a-w- c:\windows\system32\java.exe
2012-10-20 03:43 . 2012-10-20 03:43 -------- d-----w- c:\program files\Java
2012-10-17 10:00 . 2012-10-17 10:00 -------- d-----w- c:\program files (x86)\NuGet
2012-10-17 09:57 . 2012-10-17 09:58 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-10-17 09:56 . 2012-10-17 09:56 -------- d-----w- c:\windows\symbols
2012-10-17 09:55 . 2012-10-17 09:55 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2012-10-17 09:54 . 2012-10-17 09:54 -------- d-----w- c:\program files (x86)\Windows Kits
2012-10-17 09:54 . 2012-10-17 09:54 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2012-10-17 09:53 . 2012-10-17 09:53 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-10-17 09:53 . 2012-10-17 09:53 -------- d-----w- c:\windows\SysWow64\1033
2012-10-17 09:53 . 2012-10-17 09:53 -------- d-----w- c:\windows\system32\1033
2012-10-17 09:53 . 2012-10-17 10:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-10-17 09:53 . 2012-10-17 10:00 -------- d-----w- c:\program files\Microsoft SQL Server
2012-10-17 09:52 . 2012-10-17 09:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-10-17 09:52 . 2012-10-17 09:52 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-10-17 09:52 . 2012-10-17 09:54 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2012-10-17 09:43 . 2012-10-17 09:45 -------- d-----w- c:\programdata\Package Cache
2012-10-17 09:43 . 2012-10-17 09:43 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2012-10-16 12:01 . 2011-07-01 03:46 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-10-16 12:01 . 2012-10-17 08:26 -------- d-----w- c:\program files\SecurityKISS Tunnel
2012-10-15 16:33 . 2012-10-15 16:33 -------- d-----w- c:\program files (x86)\Puzzlegeddon
2012-10-15 12:51 . 2012-10-23 06:29 -------- d-----w- c:\users\DELL\AppData\Roaming\IDM
2012-10-15 12:51 . 2012-10-15 15:45 -------- d-----w- c:\program files (x86)\Internet Download Manager
2012-10-14 07:58 . 2012-10-23 06:31 -------- d-----r- c:\users\DELL\Dropbox
2012-10-14 07:16 . 2012-10-23 06:31 -------- d-----w- c:\users\DELL\AppData\Roaming\Dropbox
2012-10-14 03:47 . 2012-10-14 03:47 -------- d-----w- c:\users\DELL\AppData\Local\Microsoft Corporation
2012-10-14 03:47 . 2012-10-14 03:47 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor
2012-10-12 13:27 . 2012-10-12 13:27 -------- d-----w- c:\users\DELL\AppData\Roaming\Doublefine
2012-10-12 10:53 . 2012-10-12 10:53 -------- d-----w- c:\users\DELL\AppData\Roaming\Squids
2012-10-11 20:32 . 2012-10-11 20:32 -------- d-----w- c:\users\DELL\AppData\Roaming\UDown
2012-10-11 20:32 . 2012-10-11 20:32 -------- d-----w- c:\program files (x86)\115
2012-10-11 20:14 . 2012-10-11 20:14 -------- d-----w- c:\users\DELL\AppData\Local\115Chrome
2012-10-11 14:16 . 2012-10-11 14:41 -------- dc----w- c:\users\DELL\AppData\Local\MigWiz
2012-10-10 16:30 . 2012-10-10 16:30 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-10-10 16:30 . 2012-10-10 16:30 38632 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-10-10 09:36 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-10-06 12:47 . 2012-10-06 12:47 -------- d-----w- c:\program files (x86)\HDDGURU LLF Tool
2012-10-05 15:22 . 2012-10-05 15:28 -------- d-----w- C:\JRT
2012-10-04 10:54 . 2012-10-04 10:54 -------- d-----w- c:\program files (x86)\ESET
2012-10-04 08:06 . 2012-10-04 08:09 -------- d-----w- c:\program files (x86)\Google
2012-10-03 12:51 . 2012-10-03 12:51 -------- d-----w- c:\windows\system32\appmgmt
2012-10-03 11:44 . 2012-10-20 10:35 -------- d-----w- c:\users\DELL\AppData\Roaming\Foxit Software
2012-10-03 11:43 . 2012-10-03 11:43 -------- d-----w- c:\program files (x86)\Foxit Software
2012-10-03 11:37 . 2012-10-03 11:42 -------- d-----w- c:\program files (x86)\Google Books Downloader
2012-09-30 13:54 . 2012-09-30 13:56 -------- d-----w- c:\program files (x86)\PowerDataRecovery
2012-09-27 09:59 . 2012-10-21 03:35 -------- d-----w- c:\users\DELL\AppData\Local\VMware
2012-09-27 09:58 . 2012-10-21 03:35 -------- d-----w- c:\users\DELL\AppData\Roaming\VMware
2012-09-27 09:58 . 2012-07-06 04:30 67224 ----a-w- c:\windows\system32\vsocklib.dll
2012-09-27 09:58 . 2012-07-06 04:29 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2012-09-27 09:58 . 2012-07-06 04:29 70256 ----a-w- c:\windows\system32\drivers\vsock.sys
2012-09-27 09:58 . 2012-08-15 07:18 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-09-27 09:58 . 2012-08-15 07:16 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-09-27 09:57 . 2012-08-15 07:18 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-09-27 09:57 . 2012-08-15 07:17 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-09-27 09:57 . 2012-08-15 07:18 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-09-27 09:57 . 2012-08-15 07:18 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2012-09-27 09:57 . 2012-08-01 09:10 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-09-27 09:56 . 2012-09-27 09:56 -------- d-----w- c:\program files\Common Files\VMware
2012-09-27 09:56 . 2012-10-23 06:30 -------- d-----w- c:\programdata\VMware
2012-09-27 09:56 . 2012-09-27 09:56 -------- d-----w- c:\program files (x86)\VMware
2012-09-27 09:56 . 2012-09-27 09:56 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-09-26 13:46 . 2012-09-26 13:53 -------- d-----w- c:\users\DELL\AppData\Local\Facebook
2012-09-26 12:08 . 2012-09-26 12:08 -------- d--h--w- c:\programdata\CanonIJScan
2012-09-26 12:07 . 2012-09-26 12:08 -------- d-----w- c:\users\DELL\AppData\Roaming\Canon
2012-09-26 12:07 . 2012-09-26 12:07 -------- d-----w- c:\program files (x86)\Canon
2012-09-26 12:05 . 2012-09-26 12:05 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-09-26 12:05 . 2012-09-26 12:05 -------- d--h--w- c:\program files\CanonBJ
2012-09-26 12:05 . 2009-06-09 07:26 694272 ----a-w- c:\windows\system32\CNQ4807L.DLL
2012-09-26 12:05 . 2009-04-02 10:12 1354240 ----a-w- c:\windows\system32\CNQ4807C.DLL
2012-09-26 12:05 . 2009-04-02 10:12 92672 ----a-w- c:\windows\system32\CNQ4807I.DLL
2012-09-26 12:05 . 2007-03-15 06:13 229888 ----a-w- c:\windows\system32\CNQ4807O.DLL
2012-09-25 12:27 . 2012-09-25 12:27 -------- d-----w- c:\users\DELL\AppData\Roaming\Fenrir Inc
2012-09-25 12:27 . 2012-09-25 12:27 -------- d-----w- c:\program files (x86)\Fenrir Inc
2012-09-25 12:17 . 2012-09-25 12:17 -------- d-----w- c:\program files\Speccy
2012-09-25 10:52 . 2012-09-25 10:52 -------- d-----w- c:\users\DELL\New folder
2012-09-24 11:39 . 2012-09-24 11:39 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-17 10:01 . 2012-10-17 10:01 1066368 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2012-09-18 06:49 . 2012-09-12 06:13 461464 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-09-07 13:31 . 2012-09-07 13:31 249856 ------w- c:\windows\Setup1.exe
2012-09-07 13:31 . 2012-09-07 13:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-09-07 09:04 . 2012-09-04 11:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 13:20 . 2012-08-23 13:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 13:20 . 2012-08-23 13:20 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 04:39 . 2012-08-23 04:39 119808 ----a-r- c:\users\DELL\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-08-15 07:16 . 2012-08-15 07:16 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-08-15 07:16 . 2012-08-15 07:16 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-08-15 07:16 . 2012-08-15 07:16 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-08-15 07:16 . 2012-08-15 07:16 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-08-15 07:16 . 2012-08-15 07:16 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-08-15 05:33 . 2012-08-15 05:33 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-08-10 09:49 . 2012-08-10 09:49 768200 ----a-w- c:\windows\SysWow64\letvNet.dll
2012-08-09 07:40 . 2012-08-09 07:40 70184 ----a-w- c:\windows\system32\bdmpega64.acm
2012-08-09 07:40 . 2012-08-09 07:40 65576 ----a-w- c:\windows\SysWow64\bdmpega.acm
2012-08-09 07:40 . 2012-08-09 07:40 69672 ----a-w- c:\windows\system32\bdmpegv64.dll
2012-08-09 07:40 . 2012-08-09 07:40 65576 ----a-w- c:\windows\SysWow64\bdmpegv.dll
2012-08-09 07:40 . 2012-08-09 07:40 25120 ----a-w- c:\windows\system32\bdmjpeg64.dll
2012-08-09 07:40 . 2012-08-09 07:40 22560 ----a-w- c:\windows\SysWow64\bdmjpeg.dll
2012-08-01 09:10 . 2012-08-01 09:10 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
2012-07-26 11:08 . 2012-07-26 11:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 11:08 . 2012-07-26 11:08 837072 ----a-w- c:\windows\SysWow64\vcamp110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 82888 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-07-26 11:08 . 2012-07-26 11:08 82888 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-07-26 11:08 . 2012-07-26 11:08 8234952 ----a-w- c:\windows\SysWow64\mfc110ud.dll
2012-07-26 11:08 . 2012-07-26 11:08 821200 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 8164296 ----a-w- c:\windows\SysWow64\mfc110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-07-26 11:08 . 2012-07-26 11:08 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-07-26 11:08 . 2012-07-26 11:08 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-07-26 11:08 . 2012-07-26 11:08 729560 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-07-26 11:08 . 2012-07-26 11:08 70608 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-07-26 11:08 . 2012-07-26 11:08 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-07-26 11:08 . 2012-07-26 11:08 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-07-26 11:08 . 2012-07-26 11:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-07-26 11:08 . 2012-07-26 11:08 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-07-26 11:08 . 2012-07-26 11:08 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-07-26 11:08 . 2012-07-26 11:08 4446152 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-07-26 11:08 . 2012-07-26 11:08 4411848 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-07-26 11:08 . 2012-07-26 11:08 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 11:08 . 2012-07-26 11:08 1678792 ----a-w- c:\windows\SysWow64\msvcr110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 11:08 . 2012-07-26 11:08 144848 ----a-w- c:\windows\SysWow64\vcomp110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 11:08 . 2012-07-26 11:08 111560 ----a-w- c:\windows\SysWow64\mfcm110d.dll
2012-07-26 11:08 . 2012-07-26 11:08 110544 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
2012-07-26 07:22 . 2012-07-26 07:22 997336 ----a-w- c:\windows\system32\vccorlib110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 90056 ----a-w- c:\windows\system32\mfcm110u.dll
2012-07-26 07:22 . 2012-07-26 07:22 90056 ----a-w- c:\windows\system32\mfcm110.dll
2012-07-26 07:22 . 2012-07-26 07:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 07:22 . 2012-07-26 07:22 74704 ----a-w- c:\windows\system32\mfc110fra.dll
2012-07-26 07:22 . 2012-07-26 07:22 74704 ----a-w- c:\windows\system32\mfc110deu.dll
2012-07-26 07:22 . 2012-07-26 07:22 73680 ----a-w- c:\windows\system32\mfc110esn.dll
2012-07-26 07:22 . 2012-07-26 07:22 72656 ----a-w- c:\windows\system32\mfc110ita.dll
2012-07-26 07:22 . 2012-07-26 07:22 70608 ----a-w- c:\windows\system32\mfc110rus.dll
2012-07-26 07:22 . 2012-07-26 07:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 64976 ----a-w- c:\windows\system32\mfc110enu.dll
2012-07-26 07:22 . 2012-07-26 07:22 5606856 ----a-w- c:\windows\system32\mfc110u.dll
2012-07-26 07:22 . 2012-07-26 07:22 5579208 ----a-w- c:\windows\system32\mfc110.dll
2012-07-26 07:22 . 2012-07-26 07:22 53712 ----a-w- c:\windows\system32\mfc110jpn.dll
2012-07-26 07:22 . 2012-07-26 07:22 53200 ----a-w- c:\windows\system32\mfc110kor.dll
2012-07-26 07:22 . 2012-07-26 07:22 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-07-26 07:22 . 2012-07-26 07:22 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-07-26 07:22 . 2012-07-26 07:22 385480 ----a-w- c:\windows\system32\vcamp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 07:22 . 2012-07-26 07:22 1957328 ----a-w- c:\windows\system32\msvcr110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 07:22 . 2012-07-26 07:22 153040 ----a-w- c:\windows\system32\vcomp110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 07:22 . 2012-07-26 07:22 120776 ----a-w- c:\windows\system32\mfcm110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 119760 ----a-w- c:\windows\system32\mfcm110ud.dll
2012-07-26 07:22 . 2012-07-26 07:22 1106384 ----a-w- c:\windows\system32\msvcp110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 10915784 ----a-w- c:\windows\system32\mfc110ud.dll
2012-07-26 07:22 . 2012-07-26 07:22 10843080 ----a-w- c:\windows\system32\mfc110d.dll
2012-07-26 07:22 . 2012-07-26 07:22 1077688 ----a-w- c:\windows\system32\vcamp110d.dll
2012-07-25 12:25 . 2012-07-25 12:25 59848 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2012-07-25 12:25 . 2012-07-25 12:25 713672 ----a-w- c:\windows\SysWow64\d3d11_1sdklayers.dll
2012-07-25 12:25 . 2012-07-25 12:25 609224 ----a-w- c:\windows\SysWow64\d3d11ref.dll
2012-07-25 12:25 . 2012-07-25 12:25 590792 ----a-w- c:\windows\SysWow64\d3d11sdklayers.dll
2012-07-25 12:25 . 2012-07-25 12:25 461256 ----a-w- c:\windows\SysWow64\d3d10sdklayers.dll
2012-07-25 12:25 . 2012-07-25 12:25 383944 ----a-w- c:\windows\SysWow64\d3dref9.dll
2012-07-25 12:25 . 2012-07-25 12:25 365512 ----a-w- c:\windows\SysWow64\d3d10ref.dll
2012-07-25 12:25 . 2012-07-25 12:25 232904 ----a-w- c:\windows\SysWow64\dxcpl.exe
2012-07-25 12:25 . 2012-07-25 12:25 102344 ----a-w- c:\windows\SysWow64\dxgidebug.dll
2012-07-25 12:10 . 2012-07-25 12:10 79304 ----a-w- c:\windows\system32\VSD3DRefDebug.dll
2012-07-25 12:10 . 2012-07-25 12:10 887240 ----a-w- c:\windows\system32\d3d11_1sdklayers.dll
2012-07-25 12:10 . 2012-07-25 12:10 749000 ----a-w- c:\windows\system32\d3d11ref.dll
2012-07-25 12:10 . 2012-07-25 12:10 713160 ----a-w- c:\windows\system32\d3d11sdklayers.dll
2012-07-25 12:10 . 2012-07-25 12:10 596936 ----a-w- c:\windows\system32\d3d10sdklayers.dll
2012-07-25 12:10 . 2012-07-25 12:10 461256 ----a-w- c:\windows\system32\d3d10ref.dll
2012-07-25 12:10 . 2012-07-25 12:10 446408 ----a-w- c:\windows\system32\d3dref9.dll
2012-07-25 12:10 . 2012-07-25 12:10 340936 ----a-w- c:\windows\system32\d2d1debug1.dll
2012-07-25 12:10 . 2012-07-25 12:10 127432 ----a-w- c:\windows\system32\dxgidebug.dll
2012-07-25 12:10 . 2012-07-25 12:10 246216 ----a-w- c:\windows\system32\dxcpl.exe
2007-04-15 16:00 1169224 --sh--w- c:\windows\MSDCSC\msdcscx.exe
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}]
2012-08-01 10:08 174000 ----a-w- c:\program files (x86)\QvodPlayer\QvodExtend.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-12 08:00 208608 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-12 08:00 208608 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-12 08:00 208608 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-09-18 07:29 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-09-18 07:29 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-09-18 07:29 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-11 3536320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QvodTerminal"="c:\program files (x86)\QvodPlayer\QvodTerminal.exe" [2012-08-27 1148848]
.
c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
SnapCrab.lnk - c:\program files (x86)\Fenrir Inc\SnapCrab for Windows\SnapCrab.exe [2012-9-25 1439104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 116648]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-28 1075712]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 116648]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-07-21 5132888]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-22 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-07-06 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-07-06 70256]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-23 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-10-10 41704]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-09-11 1494144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-08-01 917656]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-15 321064]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-27 86120]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ XLServicePlatform
.
‘计划任务’ 文件夹 里的内容
.
2012-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
- c:\users\DELL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-26 13:46]
.
2012-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
- c:\users\DELL\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-26 13:46]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:06]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-04 08:06]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 17:36]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
- c:\users\DELL\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-22 17:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-12 08:00 232672 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-12 08:00 232672 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-12 08:00 232672 ----a-w- c:\users\DELL\AppData\Local\Microsoft\SkyDrive\16.4.4111.0525\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-09-18 07:38 2860192 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-09-18 07:38 2860192 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-09-18 07:38 2860192 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\DELL\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 07:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.le123.com/hao123.html
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = socks=24.197.103.55:36058
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &使用115优蛋 3下?
IE: &使用115优蛋 3下?全部?接
IE: &使用115优蛋 3下载 - c:\program files (x86)\115\UDown\getUrl.htm
IE: &使用115优蛋 3下载全部链接 - c:\program files (x86)\115\UDown\getAllUrl.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: 使用迅雷下载 - c:\users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\geturl.htm
IE: 使用迅雷下载全部链接 - c:\users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\getAllurl.htm
IE: 使用迅雷看看播放器播放 - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
IE: 使用迅雷离线下载 - c:\users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\OfflineDownload.htm
IE: 添加?前?到迅雷看看播放器??
IE: 添加当前页到迅雷看看播放器标签 - c:\users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34}: NameServer = 8.8.8.8,8.8.4.4
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\Microsoft Office 15\root\office15\msosb.dll
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{4562B511-62E9-4533-B7B2-56A8BB10B482} - c:\program files (x86)\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(976).dll
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
AddRemove-迅雷看看高清播放组件 - c:\program files (x86)\Common Files\Thunder Network\Kankan\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-970553753-799633038-556229140-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3d,2d,52,f6,9f,04,36,a6,01,18,22,7d,4a,ee,44,ed,62,c8,d1,5a,3f,
da,af,d3,a3,c3,b8,72,99,6f,f8,2b,60,7b,7b,4a,09,7e,73,b6,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-970553753-799633038-556229140-1000_Classes\Wow6432Node\CLSID\{e8e0cd87-4ddd-4c80-9a25-d31f81d3c099}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000115
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,0f,4b,9c,61,fa,48,63,bb,a6,fc,50,1e,cf,89,53,70,f9,78,0a,9e,84,ee,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-10-23 15:38:33
ComboFix-quarantined-files.txt 2012-10-23 07:38
ComboFix2.txt 2012-10-21 14:28
.
Pre-Run: 32,077,754,368 bytes free
Post-Run: 31,956,680,704 bytes free
.
- - End Of File - - 140E045E1917DD68405EF48FA1D52B8A

Edited by zkteh, 23 October 2012 - 02:43 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:37 PM

Posted 23 October 2012 - 04:38 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zkteh

zkteh
  • Topic Starter

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 AM

Posted 23 October 2012 - 05:30 AM

OTL logfile created on: 23/10/2012 6:24:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DELL\Downloads\Programs
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

3.87 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.91% Memory free
7.73 Gb Paging File | 5.84 Gb Available in Paging File | 75.48% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99.90 Gb Total Space | 29.18 Gb Free Space | 29.21% Space Free | Partition Type: NTFS
Drive D: | 285.68 Gb Total Space | 117.00 Gb Free Space | 40.95% Space Free | Partition Type: NTFS
Drive E: | 80.08 Gb Total Space | 54.92 Gb Free Space | 68.59% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 69.59 Mb Free Space | 69.59% Space Free | Partition Type: NTFS
Drive H: | 6.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL-PC | User Name: DELL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DELL\Downloads\Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (nlsvc) -- C:\Program Files\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV:64bit: - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (nltdi) -- C:\Program Files\NetLimiter 3\nltdi.sys (Locktime Software)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tap0901t) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.le123.com/hao123.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com
IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-my
IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 02 17 D3 8E 8A CD 01 [binary data]
IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-970553753-799633038-556229140-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=24.197.103.55:36058


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.6.(976).dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\DELL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\DELL\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\DELL\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/09/05 17:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/09/05 17:39:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\dict@www.youdao.com: C:\Program Files (x86)\Youdao\Dict4\stable\extensions\firefox [2012/09/12 19:40:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\DELL\AppData\Roaming\IDM\idmmzcc5 [2012/10/15 23:44:15 | 000,000,000 | ---D | M]

[2012/09/12 17:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/03 19:37:30 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DELL\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\DELL\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\DELL\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: \u6709\u9053\u8BCD\u5178Chrome\u9F20\u6807\u53D6\u8BCD\u63D2\u4EF6 = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohddidmgooofkgohkbkaohadkolgejj\1.21_0\
CHR - Extension: Turn Off the Lights = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.12_0\
CHR - Extension: YouTube = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Monster Dash = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Thunder,QQDownload,FlashGet Files Downloader = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpllenfapkfpdkahamlbmbichihpmmg\4.0.4_0\
CHR - Extension: Fruity Annie = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbacnfobpliffdmiickfhceamljbcnjf\1.0.4_0\
CHR - Extension: IDM Integration = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: \u6709\u9053\u4E91\u7B14\u8BB0\u7F51\u9875\u526A\u62A5 = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\joinpgckiioeklibflapokicmndlcnef\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\kndnlpadobhdmiplckgecjhpeibcepkj\7.0.1439_0\
CHR - Extension: Print Friendly & PDF = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\1.1_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Canvas Rider = C:\Users\DELL\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2012/10/21 22:25:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (ŃøĄ×ĻĀŌŲÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\XunleiBHO7.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&SnapCrab) - {F0398615-9DF9-4A98-ADEC-8FEDECC14EB0} - C:\Program Files (x86)\Fenrir Inc\SnapCrab for IE\SnapCrabBand.dll (Fenrir Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKU\S-1-5-21-970553753-799633038-556229140-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/10/08 10:06:38 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\DELL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-970553753-799633038-556229140-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-970553753-799633038-556229140-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &使用115优蛋 3下? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用115优蛋 3下?全部?接 - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用115优蛋 3下载 - C:\Program Files (x86)\115\UDown\getUrl.htm ()
O8:64bit: - Extra context menu item: &使用115优蛋 3下载全部链接 - C:\Program Files (x86)\115\UDown\getAllUrl.htm ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: 使用迅雷下载 - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: 使用迅雷下载全部链接 - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm File not found
O8:64bit: - Extra context menu item: 使用迅雷离线下载 - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: 添加?前?到迅雷看看播放器?? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm File not found
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &使用115优蛋 3下? - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用115优蛋 3下?全部?接 - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用115优蛋 3下载 - C:\Program Files (x86)\115\UDown\getUrl.htm ()
O8 - Extra context menu item: &使用115优蛋 3下载全部链接 - C:\Program Files (x86)\115\UDown\getAllUrl.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: 使用迅雷下载 - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\geturl.htm ()
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\getAllurl.htm ()
O8 - Extra context menu item: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm File not found
O8 - Extra context menu item: 使用迅雷离线下载 - C:\Users\DELL\Downloads\Compressed\Thunder7.2.10.3694JayXon\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: 添加?前?到迅雷看看播放器?? - Reg Error: Value error. File not found
O8 - Extra context menu item: 添加当前页到迅雷看看播放器标签 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenuAddStoreTab.htm File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C05BAD-3336-4EF7-BCC7-7DA9634B9B34}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A30E99B7-A063-4562-A145-5D5FC25D6E06}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/19 16:21:33 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/04/20 02:09:27 | 000,000,059 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/23 16:24:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/23 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\BANDISOFT
[2012/10/23 15:25:36 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Bandicam
[2012/10/23 15:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2012/10/23 15:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2012/10/23 15:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2012/10/23 14:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/10/23 14:36:15 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/23 14:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/10/23 05:07:21 | 000,000,000 | ---D | C] -- C:\TDDownload
[2012/10/23 05:05:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Thunder Network
[2012/10/23 05:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Thunder Network
[2012/10/23 04:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2012/10/23 04:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule
[2012/10/22 22:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/10/22 22:54:44 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\SysNative\CamCodec.dll
[2012/10/22 22:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.6b
[2012/10/22 17:48:16 | 000,000,000 | ---D | C] -- C:\TEST
[2012/10/22 17:05:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DELL\Desktop\aswMBR.exe
[2012/10/22 16:52:06 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DELL\Desktop\tdsskiller.exe
[2012/10/22 05:27:50 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\FAH
[2012/10/21 22:17:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/21 22:17:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/21 22:17:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/21 22:17:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/21 22:17:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/21 22:16:11 | 004,987,434 | R--- | C] (Swearware) -- C:\Users\DELL\Desktop\ComboFix.exe
[2012/10/20 20:50:42 | 000,000,000 | ---D | C] -- C:\Users\DELL\Desktop\RK_Quarantine
[2012/10/20 20:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/10/20 20:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/20 20:16:08 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\uTorrent
[2012/10/20 11:44:14 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/10/20 11:44:13 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/10/20 11:44:13 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/10/20 11:44:08 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/10/20 11:44:08 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/10/20 11:44:08 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/10/20 11:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/19 18:09:37 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\DELL\Desktop\dds.com
[2012/10/17 20:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2012/10/17 18:01:13 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Visual Studio 2012
[2012/10/17 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2012/10/17 17:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012/10/17 17:56:54 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/10/17 17:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2012/10/17 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2012/10/17 17:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2012/10/17 17:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express
[2012/10/17 17:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2012/10/17 17:54:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2012/10/17 17:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012/10/17 17:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012/10/17 17:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012/10/17 17:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012/10/17 17:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/10/17 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/10/17 17:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/10/17 17:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2012/10/17 17:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2012/10/17 17:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/10/17 16:29:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/16 20:01:34 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/10/16 20:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\SecurityKISS Tunnel
[2012/10/16 00:33:47 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Puzzlegeddon
[2012/10/16 00:33:31 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\暪嗨譏枙
[2012/10/16 00:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\暪嗨譏枙
[2012/10/16 00:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Puzzlegeddon
[2012/10/15 23:44:09 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/10/15 23:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/10/15 20:51:39 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\IDM
[2012/10/15 20:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2012/10/14 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Any Audio Converter
[2012/10/14 15:58:44 | 000,000,000 | R--D | C] -- C:\Users\DELL\Dropbox
[2012/10/14 15:16:53 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/10/14 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Dropbox
[2012/10/14 11:47:56 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\Microsoft Corporation
[2012/10/14 11:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2012/10/13 00:37:51 | 000,000,000 | ---D | C] -- C:\Users\DELL\Desktop\tai-gou-da-ren
[2012/10/12 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Doublefine
[2012/10/12 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Squids
[2012/10/12 04:32:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\115
[2012/10/12 04:32:37 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\UDown
[2012/10/12 04:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\115
[2012/10/12 04:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\115
[2012/10/12 04:14:12 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\115Chrome
[2012/10/11 22:16:29 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\MigWiz
[2012/10/11 00:30:42 | 000,041,704 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2012/10/11 00:30:40 | 000,038,632 | ---- | C] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012/10/10 17:36:33 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/10/08 10:06:38 | 000,000,000 | -H-D | C] -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2012/10/06 20:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDDGURU LLF Tool
[2012/10/06 20:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool
[2012/10/06 19:38:07 | 000,000,000 | ---D | C] -- C:\Users\DELL\Desktop\rkill
[2012/10/05 23:22:07 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/04 18:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/04 17:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/10/04 16:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/10/04 16:06:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/10/03 20:51:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/10/03 19:44:39 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Foxit Software
[2012/10/03 19:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/10/03 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/10/03 19:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
[2012/10/03 19:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Books Downloader
[2012/09/30 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.5
[2012/09/30 21:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerDataRecovery
[2012/09/27 18:09:20 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\Virtual Machines
[2012/09/27 17:59:10 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\VMware
[2012/09/27 17:58:54 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\VMware
[2012/09/27 17:58:16 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2012/09/27 17:58:16 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2012/09/27 17:58:15 | 000,070,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2012/09/27 17:58:11 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012/09/27 17:58:10 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2012/09/27 17:57:34 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012/09/27 17:57:25 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012/09/27 17:57:22 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012/09/27 17:57:19 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012/09/27 17:57:09 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012/09/27 17:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/09/27 17:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/09/27 17:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012/09/27 17:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2012/09/27 17:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/09/26 21:46:43 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Local\Facebook
[2012/09/26 20:08:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012/09/26 20:07:15 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Canon
[2012/09/26 20:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/09/26 20:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/09/26 20:05:18 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/09/26 20:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 200
[2012/09/26 20:05:12 | 001,354,240 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4807C.DLL
[2012/09/26 20:05:12 | 000,694,272 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4807L.DLL
[2012/09/26 20:05:12 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNQ4807O.DLL
[2012/09/26 20:05:12 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4807I.DLL
[2012/09/26 20:05:12 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/09/25 20:27:42 | 000,000,000 | ---D | C] -- C:\Users\DELL\AppData\Roaming\Fenrir Inc
[2012/09/25 20:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fenrir Inc
[2012/09/25 20:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fenrir Inc
[2012/09/25 20:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/09/25 20:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/09/25 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\DELL\New folder
[2012/09/24 19:39:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/09/24 14:53:30 | 000,000,000 | ---D | C] -- C:\Users\DELL\Documents\EAInstallerLog

========== Files - Modified Within 30 Days ==========

[2012/10/23 18:23:45 | 000,000,000 | ---- | M] () -- C:\Users\DELL\Desktop\OTL.exe
[2012/10/23 18:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 17:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
[2012/10/23 17:17:58 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/23 15:51:21 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
[2012/10/23 15:25:33 | 000,001,043 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2012/10/23 15:25:33 | 000,001,019 | ---- | M] () -- C:\Users\DELL\Desktop\Bandicam.lnk
[2012/10/23 15:15:01 | 004,987,434 | R--- | M] (Swearware) -- C:\Users\DELL\Desktop\ComboFix.exe
[2012/10/23 15:08:38 | 000,000,168 | ---- | M] () -- C:\Users\DELL\defogger_reenable
[2012/10/23 14:56:27 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012/10/23 14:38:26 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/10/23 14:38:22 | 000,655,924 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/23 14:38:22 | 000,122,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/23 14:38:21 | 000,785,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/23 14:38:07 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 14:38:07 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 14:36:15 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/23 14:30:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/23 14:30:30 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/23 05:04:23 | 000,437,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/23 04:28:18 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/10/23 04:20:02 | 000,013,759 | ---- | M] () -- C:\Users\DELL\Desktop\[SGS][The_Borrower_Arrietty][BDRip][720p][SCJP][MKV].torrent
[2012/10/22 22:52:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
[2012/10/22 21:51:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
[2012/10/22 21:44:12 | 000,000,512 | ---- | M] () -- C:\Users\DELL\Desktop\MBR.dat
[2012/10/22 17:07:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DELL\Desktop\aswMBR.exe
[2012/10/22 16:53:24 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DELL\Desktop\tdsskiller.exe
[2012/10/21 22:25:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/20 20:17:01 | 000,000,998 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/20 20:17:01 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/10/20 11:44:05 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/10/20 11:44:01 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/10/20 11:44:01 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/10/20 11:44:01 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/10/20 11:44:00 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/10/20 11:44:00 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/10/19 23:13:01 | 049,841,359 | ---- | M] () -- C:\Users\DELL\Documents\How to get Portal 2 DLC 2 on SKIDROW release.mp4
[2012/10/19 21:39:08 | 000,302,592 | ---- | M] () -- C:\Users\DELL\Desktop\svuk1glk.exe
[2012/10/18 19:18:12 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\DELL\Desktop\dds.com
[2012/10/17 20:21:47 | 000,036,864 | ---- | M] () -- C:\Users\DELL\Documents\EasyBCD Backup (2012-10-17).bcd
[2012/10/17 20:21:38 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2012/10/17 17:48:54 | 000,769,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/17 16:29:39 | 398,744,235 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/17 05:34:02 | 000,000,879 | ---- | M] () -- C:\Users\DELL\Desktop\Continue Media Player Classic Installation.lnk
[2012/10/16 22:02:13 | 000,000,210 | ---- | M] () -- C:\Users\DELL\SecurityKISSTunnel.config
[2012/10/16 00:33:31 | 000,000,962 | ---- | M] () -- C:\Users\DELL\Desktop\暪嗨譏枙.lnk
[2012/10/14 19:48:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/14 19:39:31 | 000,001,252 | ---- | M] () -- C:\Users\DELL\Desktop\Any Audio Converter.lnk
[2012/10/14 19:29:20 | 001,161,286 | ---- | M] () -- C:\Users\DELL\Desktop\录音000.amr
[2012/10/14 15:58:44 | 000,001,037 | ---- | M] () -- C:\Users\DELL\Desktop\Dropbox.lnk
[2012/10/14 15:50:42 | 032,892,023 | ---- | M] () -- C:\Users\DELL\Documents\DJ Jyn - Wow Gangnam Style Is The Best Baby (KPOP Mashup).flv
[2012/10/14 15:17:04 | 000,001,047 | ---- | M] () -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/14 11:47:32 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/10/12 04:32:38 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\115UDown.lnk
[2012/10/12 04:32:38 | 000,000,102 | ---- | M] () -- C:\Users\Public\Desktop\114徽厙硊絳瑤.url
[2012/10/11 21:18:22 | 004,036,999 | ---- | M] () -- C:\Users\DELL\Documents\Untitled (2).wma
[2012/10/11 20:53:35 | 000,002,436 | ---- | M] () -- C:\Users\DELL\Desktop\Google Chrome.lnk
[2012/10/11 00:30:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2012/10/11 00:30:40 | 000,038,632 | ---- | M] (AnchorFree Inc) -- C:\Windows\SysNative\drivers\taphss.sys
[2012/10/08 09:18:58 | 000,286,666 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-8_9-18-58_No-00.png
[2012/10/06 20:47:10 | 000,000,001 | ---- | M] () -- C:\Users\DELL\AppData\Local\llftool.4.25.agreement
[2012/10/06 20:47:07 | 000,001,111 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Hard Disk Low Level Format Tool.lnk
[2012/10/06 20:47:07 | 000,001,087 | ---- | M] () -- C:\Users\DELL\Desktop\Hard Disk Low Level Format Tool.lnk
[2012/10/06 10:07:28 | 000,295,109 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-6_10-7-28_No-00.png
[2012/10/06 10:07:20 | 000,341,885 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-6_10-7-20_No-00.png
[2012/10/04 21:26:35 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/04 19:05:41 | 001,301,112 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-4_19-5-41_No-00.png
[2012/10/04 15:55:59 | 000,237,696 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-4_15-55-59_No-00.png
[2012/10/04 15:27:50 | 000,000,512 | ---- | M] () -- C:\Users\DELL\Documents\MBR.dat
[2012/10/03 22:19:22 | 000,476,386 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-3_22-19-22_No-00.png
[2012/10/03 19:43:29 | 000,001,181 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/10/03 19:43:29 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/10/03 19:39:06 | 002,720,062 | ---- | M] () -- C:\Users\DELL\Desktop\RlQ6qVgQcEwC.pdf
[2012/10/03 19:37:42 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Books Downloader.lnk
[2012/10/03 15:34:36 | 000,215,022 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-3_15-34-35_No-00.png
[2012/10/02 19:02:14 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/10/02 19:02:14 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/10/02 15:42:08 | 000,413,520 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-2_15-42-8_No-00.png
[2012/10/01 19:02:13 | 000,252,645 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_Desktop_2012-10-1_19-2-13_No-00.png
[2012/09/30 21:54:13 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.5.lnk
[2012/09/30 10:59:03 | 000,689,518 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-30_10-59-3_No-00.png
[2012/09/29 19:58:22 | 001,125,349 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-29_19-58-22_No-00.png
[2012/09/29 19:58:19 | 001,331,270 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_Desktop_2012-9-29_19-58-19_No-00.png
[2012/09/28 18:33:22 | 000,078,761 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-28_18-33-22_No-00.png
[2012/09/28 02:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
[2012/09/27 17:58:23 | 000,001,050 | ---- | M] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2012/09/27 17:56:45 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012/09/27 14:13:19 | 000,061,475 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-27_14-13-19_No-00.png
[2012/09/26 22:14:11 | 000,117,229 | ---- | M] () -- C:\Users\DELL\Documents\Untitled.wma
[2012/09/26 20:07:03 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012/09/25 20:29:13 | 000,045,624 | ---- | M] () -- C:\Users\DELL\Desktop\SnapCrab_Run_2012-9-25_20-29-13_No-00.png
[2012/09/25 20:17:40 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/09/23 21:58:09 | 000,000,000 | -H-- | M] () -- C:\Users\DELL\Documents\Default.rdp

========== Files Created - No Company Name ==========

[2012/10/23 18:23:39 | 000,000,000 | ---- | C] () -- C:\Users\DELL\Desktop\OTL.exe
[2012/10/23 15:25:33 | 000,001,043 | ---- | C] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2012/10/23 15:25:33 | 000,001,019 | ---- | C] () -- C:\Users\DELL\Desktop\Bandicam.lnk
[2012/10/23 15:08:38 | 000,000,168 | ---- | C] () -- C:\Users\DELL\defogger_reenable
[2012/10/23 14:56:27 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2012/10/23 14:38:26 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012/10/23 04:28:18 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/10/23 04:20:19 | 000,013,759 | ---- | C] () -- C:\Users\DELL\Desktop\[SGS][The_Borrower_Arrietty][BDRip][720p][SCJP][MKV].torrent
[2012/10/22 21:44:12 | 000,000,512 | ---- | C] () -- C:\Users\DELL\Desktop\MBR.dat
[2012/10/21 22:17:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/21 22:17:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/21 22:17:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/21 22:17:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/21 22:17:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/20 20:17:01 | 000,000,998 | ---- | C] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/10/20 20:17:01 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/10/19 23:03:33 | 049,841,359 | ---- | C] () -- C:\Users\DELL\Documents\How to get Portal 2 DLC 2 on SKIDROW release.mp4
[2012/10/19 21:39:04 | 000,302,592 | ---- | C] () -- C:\Users\DELL\Desktop\svuk1glk.exe
[2012/10/17 20:21:47 | 000,036,864 | ---- | C] () -- C:\Users\DELL\Documents\EasyBCD Backup (2012-10-17).bcd
[2012/10/17 20:21:38 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 2.2.lnk
[2012/10/17 16:29:39 | 398,744,235 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/17 05:34:02 | 000,000,879 | ---- | C] () -- C:\Users\DELL\Desktop\Continue Media Player Classic Installation.lnk
[2012/10/16 20:02:24 | 000,000,210 | ---- | C] () -- C:\Users\DELL\SecurityKISSTunnel.config
[2012/10/16 00:33:31 | 000,000,962 | ---- | C] () -- C:\Users\DELL\Desktop\暪嗨譏枙.lnk
[2012/10/14 19:48:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/10/14 19:41:26 | 001,161,286 | ---- | C] () -- C:\Users\DELL\Desktop\录音000.amr
[2012/10/14 19:39:31 | 000,001,252 | ---- | C] () -- C:\Users\DELL\Desktop\Any Audio Converter.lnk
[2012/10/14 15:58:44 | 000,001,037 | ---- | C] () -- C:\Users\DELL\Desktop\Dropbox.lnk
[2012/10/14 15:44:06 | 032,892,023 | ---- | C] () -- C:\Users\DELL\Documents\DJ Jyn - Wow Gangnam Style Is The Best Baby (KPOP Mashup).flv
[2012/10/14 15:17:04 | 000,001,047 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/14 11:47:32 | 000,002,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/10/14 11:47:32 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/10/13 00:35:30 | 790,274,282 | ---- | C] () -- C:\Users\DELL\Desktop\tai-gou-da-ren.rar
[2012/10/12 04:32:38 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\115UDown.lnk
[2012/10/12 04:32:38 | 000,000,102 | ---- | C] () -- C:\Users\Public\Desktop\114徽厙硊絳瑤.url
[2012/10/11 21:18:22 | 004,036,999 | ---- | C] () -- C:\Users\DELL\Documents\Untitled (2).wma
[2012/10/08 09:18:58 | 000,286,666 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-8_9-18-58_No-00.png
[2012/10/06 20:47:10 | 000,000,001 | ---- | C] () -- C:\Users\DELL\AppData\Local\llftool.4.25.agreement
[2012/10/06 20:47:07 | 000,001,111 | ---- | C] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Hard Disk Low Level Format Tool.lnk
[2012/10/06 20:47:07 | 000,001,087 | ---- | C] () -- C:\Users\DELL\Desktop\Hard Disk Low Level Format Tool.lnk
[2012/10/06 10:07:28 | 000,295,109 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-6_10-7-28_No-00.png
[2012/10/06 10:07:20 | 000,341,885 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-6_10-7-20_No-00.png
[2012/10/04 19:05:41 | 001,301,112 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-4_19-5-41_No-00.png
[2012/10/04 16:06:06 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 16:06:06 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 15:55:59 | 000,237,696 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-4_15-55-59_No-00.png
[2012/10/04 15:27:50 | 000,000,512 | ---- | C] () -- C:\Users\DELL\Documents\MBR.dat
[2012/10/03 22:19:22 | 000,476,386 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-3_22-19-22_No-00.png
[2012/10/03 19:43:29 | 000,001,181 | ---- | C] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/10/03 19:43:29 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/10/03 19:39:06 | 002,720,062 | ---- | C] () -- C:\Users\DELL\Desktop\RlQ6qVgQcEwC.pdf
[2012/10/03 19:37:42 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Google Books Downloader.lnk
[2012/10/03 15:34:35 | 000,215,022 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-3_15-34-35_No-00.png
[2012/10/02 15:42:08 | 000,413,520 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-10-2_15-42-8_No-00.png
[2012/10/01 19:02:13 | 000,252,645 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_Desktop_2012-10-1_19-2-13_No-00.png
[2012/09/30 21:54:13 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.5.lnk
[2012/09/30 10:59:03 | 000,689,518 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-30_10-59-3_No-00.png
[2012/09/29 19:58:22 | 001,125,349 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-29_19-58-22_No-00.png
[2012/09/29 19:58:19 | 001,331,270 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_Desktop_2012-9-29_19-58-19_No-00.png
[2012/09/28 18:33:22 | 000,078,761 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-28_18-33-22_No-00.png
[2012/09/28 18:28:55 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/09/28 18:28:55 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/09/27 17:58:23 | 000,001,050 | ---- | C] () -- C:\Users\DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2012/09/27 17:56:45 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2012/09/27 14:13:19 | 000,061,475 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_NoName_2012-9-27_14-13-19_No-00.png
[2012/09/26 22:14:11 | 000,117,229 | ---- | C] () -- C:\Users\DELL\Documents\Untitled.wma
[2012/09/26 21:46:47 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000UA.job
[2012/09/26 21:46:46 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-970553753-799633038-556229140-1000Core.job
[2012/09/26 20:07:03 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012/09/25 20:29:13 | 000,045,624 | ---- | C] () -- C:\Users\DELL\Desktop\SnapCrab_Run_2012-9-25_20-29-13_No-00.png
[2012/09/25 20:17:40 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/09/23 21:58:09 | 000,000,000 | -H-- | C] () -- C:\Users\DELL\Documents\Default.rdp
[2012/09/17 10:27:30 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/09 20:24:14 | 000,000,911 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\coreavc.ini
[2012/09/09 20:21:53 | 000,003,293 | ---- | C] () -- C:\Users\DELL\FunShion.ini
[2012/09/08 19:10:39 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2012/09/05 17:53:21 | 000,000,366 | ---- | C] () -- C:\Users\DELL\AppData\Roaming\Network Meter_Settings.ini
[2012/09/01 00:15:50 | 000,769,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/23 01:27:14 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/08/23 01:27:14 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/08/22 13:30:58 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2012/08/09 15:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012/08/09 15:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Files - Unicode (All) ==========
[2012/10/12 04:14:19 | 000,001,208 | ---- | M] ()(C:\Users\DELL\Desktop\115憤厒銡擬?.lnk) -- C:\Users\DELL\Desktop\115憤厒銡擬.lnk
[2012/10/12 04:14:19 | 000,001,208 | ---- | C] ()(C:\Users\DELL\Desktop\115憤厒銡擬?.lnk) -- C:\Users\DELL\Desktop\115憤厒銡擬.lnk
[2012/10/12 04:14:19 | 000,000,000 | ---D | C](C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\115憤厒銡擬?) -- C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\115憤厒銡擬
[2012/09/07 20:10:49 | 000,000,991 | ---- | M] ()(C:\Users\Public\Desktop\秞厒?雄.lnk) -- C:\Users\Public\Desktop\秞厒雄.lnk
[2012/09/07 20:10:49 | 000,000,991 | ---- | C] ()(C:\Users\Public\Desktop\秞厒?雄.lnk) -- C:\Users\Public\Desktop\秞厒雄.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\秞厒?雄) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\秞厒雄

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users