Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to open "page" within a page


  • This topic is locked This topic is locked
12 replies to this topic

#1 jospeh

jospeh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 19 November 2012 - 04:03 AM

This happen after exactly like this:

1.I am playing an online browser game while attempting to download a file from the letitbit.net website.
2. A sudden suspicious windows appear before the download link appear, (that except clicking to cancel it, all the tabs of the browser hangs and unable to move forward).
3. Usually I ignore to press anything on this small windows, I choose to go for ctrl+alt+del, start the Task Manager, and end the Firefox process.
4. This action closed all the tabs and windows that concerned with Firefox, and so as the online browser game.

Problems that arised later on:
1. I found out I am unable to continue playing that game. The page hangs when I tried to open one of its page. (But please don't misunderstand that I am not here to ask for the solution of the game, I am not a game addict anyway.)
2. This problem affects on the Facebook too. For example, when I am viewing my friends pictures, there is an option whether to enlarge it or not. And I am starting to have some difficult here.
3. Before that, the pictures load pretty smoothly without a problem, but after this incident, the page will sometimes hang in the process whenever I tried to enlarge a picture, that I had to try it a few times until it can be successfully loaded.
4. The reason why I suspect they are both the same problems, because about the online browser game I had mentioned it earlier, one of its features, it too, load its minor page from a page like this. And it hangs and unable to proceed afterward.
5. Just about today, when I am checking on my Yahoo Mail, I found a "notification" on the mail which indicate that my account has an "recognised device" logon into my account.
6. I later on was advised to go and check in the Account Information about my login details, the page reveal I couldn't check any of my login data at all and indicate "the features is not available yet".
7. I found it unacceptable and willing to give another try. I close the page, reopen the page again with the same link, now I have no problem checking my login details, but I didn't find anything suspicious.
8. The pattern is the same for some faulty page, that from then now, I need to activate a page twise, in order to load it successfully.


Data and research that I gathered so far:
1.This browser game (not very sure) mostly uses a great deal in javascript in handling their page loading. I am using Mozilla Firefox as my default browser. When I disable the "enable javascript" in the option panel, the game can't run totally at all.
2. A small message appeared when the page failed to load, and I happened to notice it. Its a line mentioning about "javascript .... doPost (Server);", some sort alike that kind of msg. I am not sure entirely if I typed it correctly, I can't remember the exact phrase, I don't know much in programming stuff.
3. With later trials and errors, I believe this has very less to do with a certain browser program. As the other browsers like IE or Google Chrome perform the same malfunction in load the pages and the photos. This probloms affects all the browsers in my entire pc so its less likely a browser faulty problem.


Steps that I did so far:
With some surveys on the net, some indicate this is an corrupted file in the java, or the browser itself. So I
1. I uninstalled and reinstall Firefox browser entirely. Doesn't work.
2. Disabled the addons of "Java Development Toolkit 7.0.90.5 10.9.2.5" in Firefox. Doesn't work either.
3. I do not find any kind of Java Scripts or Java programs I could find in my Programs Features in my Control Panel. But I recalled I had once installed Java before. Perhaps the uninstalled isn't complete, so I download Java platform again, and uninstall it again. Doesn't work either.
4. I have done a full scan from the newest patch of Malwarebytes in SafeMode, didn't report anything bad.


Thoughts:
I would hope this is not a trojan or malicious malware attacks, since what I have is browser problem so far, I would hope it is a corrupted file or something but I am not sure of that, especially after I receive the notification that my email maybe logon from an unrecognised device. I have done the steps as requested and make a full scan of the DDS downloaded. Kindly please have a look into it. Thanks a lot.

DDS.txt report:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by piggy at 16:26:49 on 2012-11-19
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Avira\AntiVir Desktop\checkt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.torpia.com/
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=1&o=vb32&d=0109&m=aspire_m1641
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=1&o=vb32&d=0109&m=aspire_m1641
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -
BHO: Go!Zilla IE Helper: {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - c:\program files\gozilla\GozCatch.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
mRun: [eRecoveryService] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A59D3306-21E6-47A9-A64F-2FCDBCD6CA56} : DHCPNameServer = 192.168.0.1
Filter: x-sdch - <Clsid value has no data>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\piggy\appdata\roaming\mozilla\firefox\profiles\r8ddpqjv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115591684440828-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=649a56d3000000000000002185cf7b64&q={searchTerms}
FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-10-01 23:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115591684440828-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=649a56d3000000000000002185cf7b64&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN115591684440828-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=649a56d3000000000000002185cf7b64&q=
FF - user.js: extensions.zonealarm.id - 649a56d3000000000000002185cf7b64
FF - user.js: extensions.zonealarm.instlDay - 15661
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.423:38:50
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN115591684440828-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 Daemon;Daemon;c:\windows\system32\drivers\daemon.sys [2009-6-18 35712]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-9-4 102856]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-4 11608]
R2 AntiVirFirewallService;Avira Firewall;c:\program files\avira\antivir desktop\avfwsvc.exe [2009-9-4 536232]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-9-4 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-4 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-4 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-9-4 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-4 60936]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-9-4 79432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-18 07:24:58 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-18 04:58:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-17 17:17:49 -------- d-----w- c:\users\piggy\appdata\local\Microsoft_Corporation
2012-11-17 15:46:38 -------- d-----w- c:\users\piggy\appdata\roaming\CheckPoint
2012-11-17 15:45:39 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-17 15:24:07 -------- d-----w- c:\windows\system32\eu-ES
2012-11-17 15:24:07 -------- d-----w- c:\windows\system32\ca-ES
2012-11-17 15:24:06 -------- d-----w- c:\windows\system32\vi-VN
2012-11-17 15:21:51 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2012-11-17 15:21:18 -------- d-----w- c:\windows\system32\SPReview
2012-11-17 15:08:59 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2012-11-17 13:49:54 -------- d-----w- c:\windows\system32\EventProviders
2012-11-17 13:18:53 -------- d-----w- c:\users\piggy\appdata\local\Microsoft Help
2012-11-17 12:07:29 -------- d-----w- c:\users\piggy\appdata\local\WindowsUpdate
2012-11-17 11:40:50 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-11-17 11:40:50 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-17 11:39:38 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-17 11:39:17 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-17 11:23:05 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-11-17 11:23:05 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-11-17 11:23:05 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-11-17 11:23:05 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-11-17 11:23:05 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-11-17 11:21:02 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-11-17 10:35:51 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-11-17 10:34:57 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-11-17 10:33:59 867328 ----a-w- c:\windows\system32\wmpmde.dll
2012-11-17 10:32:54 714240 ----a-w- c:\windows\system32\timedate.cpl
2012-11-17 10:32:52 601600 ----a-w- c:\windows\system32\schedsvc.dll
2012-11-17 10:32:52 352768 ----a-w- c:\windows\system32\taskschd.dll
2012-11-17 10:32:52 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-11-17 10:32:52 171520 ----a-w- c:\windows\system32\taskeng.exe
2012-11-17 10:32:51 270336 ----a-w- c:\windows\system32\taskcomp.dll
2012-11-17 10:32:50 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2012-11-17 10:31:29 531968 ----a-w- c:\windows\system32\comctl32.dll
2012-11-17 10:31:17 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2012-11-17 10:31:17 1136640 ----a-w- c:\windows\system32\mfc42.dll
2012-11-17 10:31:12 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-11-17 10:31:10 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2012-11-17 10:31:06 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2012-11-17 10:31:04 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-11-17 10:31:03 36864 ----a-w- c:\windows\system32\rtutils.dll
2012-11-17 10:31:02 49152 ----a-w- c:\windows\system32\csrsrv.dll
2012-11-17 10:31:02 375808 ----a-w- c:\windows\system32\winsrv.dll
2012-11-17 10:31:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-11-17 10:29:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-11-17 10:29:23 81920 ----a-w- c:\windows\system32\consent.exe
2012-11-17 10:29:22 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-11-17 10:29:21 243712 ----a-w- c:\windows\system32\rastls.dll
2012-11-17 10:29:20 677888 ----a-w- c:\windows\system32\mstsc.exe
2012-11-17 10:29:20 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2012-11-17 10:29:20 2067968 ----a-w- c:\windows\system32\mstscax.dll
2012-11-17 10:29:19 276992 ----a-w- c:\windows\system32\schannel.dll
2012-11-17 10:29:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-11-17 08:14:21 -------- d-----w- c:\programdata\CheckPoint
2012-11-16 08:11:29 -------- d-----w- c:\program files\Nine
2012-11-15 19:20:14 3982240 ----a-w- c:\windows\system32\Flash10d.ocx
2012-11-15 19:20:14 -------- d-----w- c:\program files\StreamTransport
2012-11-15 18:05:35 -------- d-----w- c:\users\piggy\appdata\local\Freecorder 7 Converter
2012-11-15 17:40:16 -------- d-----w- c:\users\piggy\appdata\local\Freecorder 7 Screen
2012-11-11 04:54:46 94208 ----a-w- c:\windows\DIIUnin.exe
2012-11-11 04:54:46 2829 ----a-w- c:\windows\DIIUnin.pif
2012-11-11 04:44:18 -------- d-----w- c:\program files\Diablo II
2012-11-06 07:48:55 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-06 07:48:26 -------- d-----w- C:\Perfect World Entertainment
2012-11-05 20:18:52 -------- d-----w- c:\users\piggy\.swt
2012-10-30 12:13:15 -------- d-----w- c:\users\piggy\appdata\local\Freecorder 7 Video
2012-10-30 12:11:34 -------- d-----w- c:\users\piggy\appdata\local\Jaksta_Technologies_Pty_L
.
==================== Find3M ====================
.
2012-11-18 07:24:42 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-18 05:37:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-30 12:36:14 737280 ----a-w- c:\windows\iun6002.exe
2012-10-10 13:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 13:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 13:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 13:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 13:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 13:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 13:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 13:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 13:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 13:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 13:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-09-29 11:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 16:27:00.21 ===============

BC AdBot (Login to Remove)

 


#2 jospeh

jospeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 21 November 2012 - 01:47 AM

.... would appreciate some help here, my problem most probably concerned with browser hijacking, I believe this is the best place to seek advises from, thanks folks.

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:09 AM

Posted 21 November 2012 - 08:50 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 jospeh

jospeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 21 November 2012 - 09:50 PM

Thanks for the reply m0le. I am not new to this but been a long time didn't post here, hopefully you could get a bit patience with a newbie like me :P I tried to search for the "Watch this topic" option above but only find one indicate "Stop watching topic". I am not sure if I did click on it already before but since I didn't find any similar option I guess this is it. I checked on the post several times a day, I will reply to the post yes no worries.

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:09 AM

Posted 22 November 2012 - 08:29 PM

Well, the good news is that it doesn't follow any malware pattern and is more likely an annoying problem with your machine

This problem has come up before but only on Compaq/HP machines. Is yours one of these?
Posted Image
m0le is a proud member of UNITE

#6 jospeh

jospeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 22 November 2012 - 10:36 PM

I bought this pc a long ago, its quite old by now lol, but never encounter this problem before until now. Its an Acer that came in default as an installed Windows Vista that even their site says that the drivers are only compatible in Vista.

I first notice this problem when the "small page" failed to load in the entire page in the browser game. I contacted the game helpers and they told me to clear my cache or so on, you know, the default cookies clearing solution. Later on I found it out it isn't related to cache or cookies at all, because different browsers are presenting the similar problems.

I made a research on it and I found something weird which lead me to a possibility that maybe my browser is hijacked or even worse, maybe I am infected by a trojan or something like that. That is because I found out from my firewall, that something is keep on downloading even when the page (game page) is hanging and nothing shows up at all (actually that page just require a very small size to load and it loaded up almost an instant, pretty fast everytime).

So if the page can't load up, the size of the loading is intially small, but my download is still running at high speed and for quite a long time (I closed it up, do not want it to run for too long, do not want to be downloading something that I do not know). What exactly is my pc downloading and from where it is downloading from? The page is hang over there and nothing shows up isn't it? If its hang then it should be nothing is downloading right.

And later then, I found out it actually affects a lot of things on many websites that I use, Facebook is one of the best example, I am having difficulties in enlarging the pictures as mentioned above. Some of the sites also start to presenting problems in loading up (or takes more tries or time, or maybe I am just having a bad luck that the server is lagging or something, I am not sure). What I am assuming here is a scripts problem.

I do not know much about computer stuffs so I would try to give as much hints or data as I am able to observe here. There is a line shows up in the lower left of the page when the small page (the game page) hangs. It is written something like "javascript doPost {Server};" some sort of that kind of command line (that is not the exact command line, rather the pattern of the doPost line, I can't remember exactly how the command line in detail).

Frankly what worries me here is it possible they modified some of the scriptings in my pc for example, change the location where the files of the server should be downloaded from? As right before this problem arised, I am trying to get a link from letitbit.com, a page pop up (usually its been advised a pop up windows that asking you to download stuffs are most likely trojans), so I apply the task manager to close the entire Firefox. And when I re run Firefox again, the problem arises. That's how I got this problem.

Not sure anymore datas I can give you, if you would like to know anything more detail, please let me know about it. And thanks m0le.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:09 AM

Posted 23 November 2012 - 06:48 PM

Okay, let's do a generic clean and see if anything comes up during this. First a scanner with some punch, OTL

  • Please download OTL
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.

Posted Image
m0le is a proud member of UNITE

#8 jospeh

jospeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 24 November 2012 - 01:56 AM

Thanks m0le, an OTL report shows up and here it is:

OTL logfile created on: 24/11/2012 2:35:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\piggy\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

1.75 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 62.32% Memory free
3.74 Gb Paging File | 2.90 Gb Available in Paging File | 77.63% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 7.17 Gb Free Space | 10.27% Space Free | Partition Type: NTFS
Drive H: | 69.52 Gb Total Space | 34.64 Gb Free Space | 49.83% Space Free | Partition Type: NTFS
Drive I: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PIGGY-PC | User Name: piggy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/24 14:31:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\piggy\Downloads\OTL.exe
PRC - [2012/11/18 12:58:25 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/25 01:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/03 03:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/03 03:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2010/04/22 15:03:52 | 000,536,232 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010/04/22 15:03:52 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/04/22 15:03:52 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/04/22 15:03:52 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/03 00:48:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/04/03 00:48:33 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/03 00:48:33 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/05 14:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/12/20 09:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/18 01:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/09/11 07:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/18 12:58:24 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012/10/25 01:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/11 05:07:00 | 003,883,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/04/22 15:03:52 | 000,536,232 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010/04/22 15:03:52 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2010/04/22 15:03:52 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/04/22 15:03:52 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/04/03 00:48:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/03/05 14:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 10:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 09:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/18 01:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/11 07:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva277.sys -- (XDva277)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva219.sys -- (XDva219)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a3uilioh)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/24 06:21:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/04/03 00:48:40 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/04/03 00:48:40 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2010/04/03 00:48:40 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2010/04/03 00:48:40 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/04 17:44:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/06/07 18:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/06/07 18:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/11/07 00:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/07 00:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/09/11 02:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/16 17:38:06 | 000,030,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007/07/07 21:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/07/03 10:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2000/09/29 10:03:00 | 000,035,712 | R--- | M] (VeNoM386) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\daemon.sys -- (Daemon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=1&o=vb32&d=0109&m=aspire_m1641
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4409&s=1&o=vb32&d=0109&m=aspire_m1641
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.torpia.com/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {2CB465F8-6AD2-45EF-AB5F-12E0075C3712}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2CB465F8-6AD2-45EF-AB5F-12E0075C3712}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115591684440828-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=649a56d3000000000000002185cf7b64&q={searchTerms}&r=617
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" =
IE - HKCU\..\SearchScopes\{938691BE-2447-451C-A185-1B77948A7595}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_enMY311
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com.my"
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115591684440828-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=649a56d3000000000000002185cf7b64&q={searchTerms}"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/18 14:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/18 15:24:58 | 000,000,000 | ---D | M]

[2012/11/18 14:27:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\piggy\AppData\Roaming\Mozilla\Extensions
[2012/11/18 14:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\piggy\AppData\Roaming\Mozilla\Firefox\Profiles\r8ddpqjv.default\extensions
[2012/07/12 20:44:35 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\piggy\AppData\Roaming\Mozilla\Firefox\Profiles\r8ddpqjv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/11/17 23:38:48 | 000,001,498 | ---- | M] () -- C:\Users\piggy\AppData\Roaming\Mozilla\Firefox\Profiles\r8ddpqjv.default\searchplugins\zonealarm.xml
[2012/11/18 14:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/25 01:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/25 01:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/25 01:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Search By ZoneAlarm ()
CHR - default_search_provider: search_url = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115591684440828-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=649a56d3000000000000002185cf7b64&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Drive = C:\Users\piggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\piggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\piggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\piggy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (Go!Zilla IE Helper) - {E1FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GoZilla\GozCatch.dll (Headlight Software, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r /c "C:\Program Files\CheckPoint\Install\Install.xml" File not found
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A59D3306-21E6-47A9-A64F-2FCDBCD6CA56}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\piggy\Downloads\Shakira Photos\shakira-weight-loss.jpg
O24 - Desktop BackupWallPaper: C:\Users\piggy\Downloads\Shakira Photos\shakira-weight-loss.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d436bae8-4f26-11df-82f0-002185cf7b64}\Shell - "" = AutoRun
O33 - MountPoints2\{d436bae8-4f26-11df-82f0-002185cf7b64}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 15:24:58 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/18 12:58:25 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/18 01:17:49 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\Microsoft_Corporation
[2012/11/17 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Roaming\CheckPoint
[2012/11/17 23:45:39 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/17 23:24:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/11/17 23:24:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/11/17 23:24:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/11/17 23:21:51 | 000,098,304 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
[2012/11/17 23:21:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/11/17 23:09:48 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2012/11/17 23:09:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2012/11/17 23:09:16 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012/11/17 23:09:15 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2012/11/17 23:09:15 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2012/11/17 23:09:15 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2012/11/17 23:09:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/11/17 23:09:14 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2012/11/17 23:09:14 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2012/11/17 23:09:14 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2012/11/17 23:09:13 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012/11/17 23:09:13 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2012/11/17 23:09:13 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2012/11/17 23:09:13 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2012/11/17 23:09:13 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2012/11/17 23:09:13 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2012/11/17 23:09:13 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/11/17 23:09:13 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2012/11/17 23:09:13 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2012/11/17 23:09:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2012/11/17 23:09:13 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/11/17 23:09:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2012/11/17 23:09:13 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2012/11/17 23:09:13 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2012/11/17 23:09:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2012/11/17 23:09:12 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2012/11/17 23:09:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/11/17 23:09:11 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2012/11/17 23:09:11 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/11/17 23:09:11 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2012/11/17 23:09:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2012/11/17 23:09:11 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2012/11/17 23:09:10 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2012/11/17 23:09:10 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2012/11/17 23:09:10 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2012/11/17 23:09:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2012/11/17 23:09:09 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2012/11/17 23:09:09 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2012/11/17 23:09:09 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2012/11/17 23:09:09 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2012/11/17 23:09:09 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2012/11/17 23:09:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2012/11/17 23:09:09 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/11/17 23:09:09 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2012/11/17 23:09:09 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2012/11/17 23:09:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2012/11/17 23:09:09 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2012/11/17 23:09:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2012/11/17 23:09:08 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012/11/17 23:09:08 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2012/11/17 23:09:08 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2012/11/17 23:09:08 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2012/11/17 23:09:08 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2012/11/17 23:09:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2012/11/17 23:09:07 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2012/11/17 23:09:07 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/11/17 23:09:07 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/11/17 23:09:07 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2012/11/17 23:09:07 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/11/17 23:09:07 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/11/17 23:09:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2012/11/17 23:09:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/11/17 23:09:06 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/11/17 23:09:06 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2012/11/17 23:09:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2012/11/17 23:09:05 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/11/17 23:09:05 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/11/17 23:09:05 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2012/11/17 23:09:04 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2012/11/17 23:09:01 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2012/11/17 23:09:01 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2012/11/17 23:09:01 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2012/11/17 23:09:01 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2012/11/17 23:09:01 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012/11/17 23:09:01 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2012/11/17 23:09:01 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2012/11/17 23:09:00 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/11/17 23:09:00 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012/11/17 23:09:00 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2012/11/17 23:09:00 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2012/11/17 23:09:00 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/11/17 23:09:00 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/17 23:09:00 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2012/11/17 23:09:00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2012/11/17 23:09:00 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2012/11/17 23:09:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2012/11/17 23:09:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012/11/17 23:09:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/11/17 23:09:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2012/11/17 23:08:59 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2012/11/17 23:08:59 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2012/11/17 23:08:59 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2012/11/17 23:08:59 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2012/11/17 23:08:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2012/11/17 23:08:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2012/11/17 23:08:59 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2012/11/17 23:08:59 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2012/11/17 23:08:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2012/11/17 23:08:59 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2012/11/17 23:08:59 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2012/11/17 23:08:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2012/11/17 23:08:58 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2012/11/17 23:08:58 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2012/11/17 23:08:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2012/11/17 23:08:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2012/11/17 23:08:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2012/11/17 23:08:58 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2012/11/17 23:08:58 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2012/11/17 23:08:58 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2012/11/17 23:08:58 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2012/11/17 23:08:58 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2012/11/17 23:08:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2012/11/17 23:08:57 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2012/11/17 23:08:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2012/11/17 23:08:57 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2012/11/17 23:08:57 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2012/11/17 23:08:57 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2012/11/17 23:08:57 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2012/11/17 23:08:57 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2012/11/17 23:08:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2012/11/17 23:08:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2012/11/17 23:08:57 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2012/11/17 23:08:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2012/11/17 23:08:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2012/11/17 23:08:57 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2012/11/17 23:08:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2012/11/17 23:08:56 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2012/11/17 23:08:56 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/11/17 23:08:56 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2012/11/17 23:08:56 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2012/11/17 23:08:56 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2012/11/17 23:08:56 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2012/11/17 23:08:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2012/11/17 23:08:56 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2012/11/17 23:08:56 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/17 23:08:56 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2012/11/17 23:08:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2012/11/17 23:08:55 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2012/11/17 23:08:55 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2012/11/17 23:08:55 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2012/11/17 23:08:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2012/11/17 23:08:54 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2012/11/17 23:08:54 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2012/11/17 23:08:54 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2012/11/17 23:08:54 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2012/11/17 23:08:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2012/11/17 23:08:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2012/11/17 23:08:53 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2012/11/17 23:08:53 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2012/11/17 23:08:53 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2012/11/17 23:08:53 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2012/11/17 23:08:53 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2012/11/17 23:08:53 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2012/11/17 23:08:53 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2012/11/17 23:08:53 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2012/11/17 23:08:52 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012/11/17 23:08:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2012/11/17 23:08:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2012/11/17 23:08:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2012/11/17 23:08:52 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2012/11/17 23:08:52 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2012/11/17 23:08:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2012/11/17 23:08:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/11/17 23:08:52 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2012/11/17 23:08:51 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2012/11/17 23:08:51 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/11/17 23:08:51 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012/11/17 23:08:51 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2012/11/17 23:08:51 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2012/11/17 23:08:50 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2012/11/17 23:08:50 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2012/11/17 23:08:50 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/11/17 23:08:50 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2012/11/17 23:08:50 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2012/11/17 23:08:50 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2012/11/17 23:08:50 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2012/11/17 23:08:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2012/11/17 23:08:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2012/11/17 23:08:49 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/11/17 23:08:49 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2012/11/17 23:08:49 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2012/11/17 23:08:49 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2012/11/17 23:08:49 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2012/11/17 23:08:49 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2012/11/17 23:08:49 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2012/11/17 23:08:49 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2012/11/17 23:08:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2012/11/17 23:08:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2012/11/17 23:08:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2012/11/17 23:08:48 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2012/11/17 23:08:48 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2012/11/17 23:08:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2012/11/17 23:08:47 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2012/11/17 23:08:47 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2012/11/17 23:08:47 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2012/11/17 23:08:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/17 23:08:47 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2012/11/17 23:08:47 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2012/11/17 23:08:46 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/11/17 23:08:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2012/11/17 23:08:45 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2012/11/17 23:08:45 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2012/11/17 23:08:45 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2012/11/17 23:08:45 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2012/11/17 23:08:45 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2012/11/17 23:08:45 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2012/11/17 23:08:45 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2012/11/17 23:08:45 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2012/11/17 23:08:45 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2012/11/17 23:08:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2012/11/17 23:08:45 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/11/17 23:08:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2012/11/17 23:08:45 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2012/11/17 23:08:44 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2012/11/17 23:08:44 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/11/17 23:08:44 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2012/11/17 23:08:44 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2012/11/17 23:08:44 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2012/11/17 23:08:44 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012/11/17 23:08:44 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/11/17 23:08:44 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2012/11/17 23:08:44 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/11/17 23:08:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2012/11/17 23:08:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2012/11/17 23:08:44 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2012/11/17 23:08:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2012/11/17 23:08:43 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/11/17 23:08:43 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2012/11/17 23:08:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2012/11/17 23:08:43 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2012/11/17 23:08:43 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/11/17 23:08:43 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2012/11/17 23:08:43 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2012/11/17 23:08:43 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2012/11/17 23:08:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2012/11/17 23:08:43 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2012/11/17 23:08:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2012/11/17 23:08:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2012/11/17 23:08:42 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2012/11/17 23:08:42 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2012/11/17 23:08:42 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2012/11/17 23:08:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2012/11/17 23:08:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2012/11/17 23:08:41 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012/11/17 23:08:41 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2012/11/17 23:08:41 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2012/11/17 23:08:41 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2012/11/17 23:08:41 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2012/11/17 23:08:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2012/11/17 23:08:41 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/11/17 23:08:41 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2012/11/17 23:08:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2012/11/17 23:08:41 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2012/11/17 23:08:41 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2012/11/17 23:08:40 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/11/17 23:08:40 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/11/17 23:08:40 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2012/11/17 23:08:39 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/11/17 23:08:38 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2012/11/17 23:08:38 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2012/11/17 23:08:38 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2012/11/17 23:08:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2012/11/17 23:08:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2012/11/17 23:08:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2012/11/17 23:08:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2012/11/17 23:08:37 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2012/11/17 23:08:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2012/11/17 23:08:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2012/11/17 23:08:37 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2012/11/17 23:08:36 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012/11/17 23:08:36 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/11/17 23:08:36 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2012/11/17 23:08:36 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2012/11/17 23:08:36 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2012/11/17 23:08:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2012/11/17 23:08:35 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2012/11/17 23:08:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2012/11/17 23:08:35 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2012/11/17 23:08:34 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2012/11/17 23:08:34 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2012/11/17 23:08:34 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2012/11/17 23:08:34 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2012/11/17 23:08:34 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/11/17 23:08:34 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2012/11/17 23:08:33 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2012/11/17 23:08:33 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2012/11/17 23:08:33 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2012/11/17 23:08:33 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2012/11/17 23:08:33 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/11/17 23:08:33 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2012/11/17 23:08:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2012/11/17 23:08:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2012/11/17 23:08:33 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2012/11/17 23:08:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2012/11/17 23:08:32 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2012/11/17 23:08:32 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2012/11/17 23:08:32 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2012/11/17 23:08:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2012/11/17 23:08:32 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2012/11/17 23:08:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2012/11/17 23:08:31 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2012/11/17 23:08:31 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2012/11/17 23:08:31 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2012/11/17 23:08:31 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2012/11/17 23:08:31 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2012/11/17 23:08:31 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2012/11/17 23:08:31 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2012/11/17 23:08:31 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2012/11/17 23:08:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2012/11/17 23:08:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2012/11/17 23:08:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2012/11/17 23:08:30 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2012/11/17 23:08:30 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2012/11/17 23:08:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2012/11/17 23:08:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2012/11/17 23:08:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2012/11/17 23:08:29 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012/11/17 23:08:29 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2012/11/17 23:08:29 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/11/17 23:08:29 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2012/11/17 23:08:29 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2012/11/17 23:08:29 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2012/11/17 23:08:29 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2012/11/17 23:08:29 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2012/11/17 23:08:28 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2012/11/17 23:08:28 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/11/17 23:08:28 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2012/11/17 23:08:27 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2012/11/17 23:08:26 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2012/11/17 23:08:26 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/11/17 23:08:26 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/11/17 23:08:26 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2012/11/17 23:08:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2012/11/17 23:08:26 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2012/11/17 23:08:25 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2012/11/17 23:08:24 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2012/11/17 23:08:24 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2012/11/17 23:08:24 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2012/11/17 23:08:24 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2012/11/17 23:08:24 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2012/11/17 23:08:24 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2012/11/17 23:08:24 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2012/11/17 23:08:24 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2012/11/17 23:08:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2012/11/17 23:08:23 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2012/11/17 23:08:23 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2012/11/17 23:08:23 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2012/11/17 23:08:23 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2012/11/17 23:08:23 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012/11/17 23:08:23 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012/11/17 23:08:23 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2012/11/17 23:08:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2012/11/17 23:08:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012/11/17 23:08:23 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2012/11/17 23:08:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012/11/17 23:08:23 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2012/11/17 23:08:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2012/11/17 23:08:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/11/17 23:08:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2012/11/17 23:08:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2012/11/17 23:08:22 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2012/11/17 23:08:21 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2012/11/17 23:08:21 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2012/11/17 23:08:21 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2012/11/17 23:08:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2012/11/17 23:08:20 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2012/11/17 23:08:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2012/11/17 23:08:19 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012/11/17 23:08:17 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/11/17 23:08:17 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2012/11/17 23:08:16 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2012/11/17 23:08:15 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2012/11/17 23:08:15 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2012/11/17 21:49:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/11/17 21:18:53 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\Microsoft Help
[2012/11/17 20:07:29 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\WindowsUpdate
[2012/11/17 19:58:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/11/17 19:40:50 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012/11/17 19:40:50 | 000,062,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/11/17 19:39:38 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/11/17 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/11/17 19:23:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2012/11/17 19:23:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2012/11/17 19:23:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2012/11/17 19:21:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2012/11/17 19:20:54 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2012/11/17 19:20:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2012/11/17 19:20:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2012/11/17 19:20:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2012/11/17 19:20:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2012/11/17 19:20:53 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2012/11/17 19:20:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2012/11/17 19:20:52 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2012/11/17 19:20:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2012/11/17 19:20:52 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2012/11/17 19:20:49 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2012/11/17 19:20:49 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2012/11/17 19:20:49 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2012/11/17 19:20:49 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2012/11/17 19:20:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2012/11/17 18:42:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/17 18:42:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/17 18:42:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/17 18:42:12 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/17 18:42:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/17 18:42:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/17 18:42:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/17 18:42:11 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/17 18:42:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/17 18:42:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/17 18:42:09 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/17 18:42:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/17 18:42:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/17 18:42:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/17 18:42:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/11/17 18:42:08 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/17 18:42:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/17 18:35:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2012/11/17 18:35:51 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2012/11/17 18:35:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2012/11/17 18:35:51 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2012/11/17 18:35:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2012/11/17 18:35:51 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2012/11/17 18:35:50 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2012/11/17 18:35:50 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2012/11/17 18:35:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2012/11/17 18:35:27 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2012/11/17 18:35:10 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/11/17 18:35:10 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2012/11/17 18:35:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/11/17 18:34:57 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2012/11/17 18:34:36 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/17 18:34:36 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/17 18:34:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/17 18:34:24 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/11/17 18:34:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/11/17 18:34:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/11/17 18:34:23 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/17 18:34:20 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2012/11/17 18:34:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2012/11/17 18:34:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2012/11/17 18:34:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2012/11/17 18:33:59 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2012/11/17 18:33:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/11/17 18:33:54 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/11/17 18:33:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/11/17 18:33:54 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/11/17 18:33:54 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/11/17 18:33:32 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2012/11/17 18:33:17 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2012/11/17 18:33:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/17 18:32:54 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/11/17 18:32:52 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2012/11/17 18:32:52 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2012/11/17 18:32:51 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2012/11/17 18:32:50 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2012/11/17 18:31:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/11/17 18:31:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/11/17 18:31:02 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/11/17 18:31:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/11/17 18:31:00 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/11/17 18:30:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2012/11/17 18:30:52 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2012/11/17 18:30:49 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2012/11/17 18:30:49 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2012/11/17 18:30:48 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2012/11/17 18:29:23 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2012/11/17 18:29:20 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2012/11/17 18:29:18 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2012/11/17 16:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/11/16 16:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nine
[2012/11/16 04:06:15 | 000,000,000 | ---D | C] -- C:\Users\piggy\Documents\StreamTransport
[2012/11/16 03:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport
[2012/11/16 03:20:14 | 003,982,240 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\Flash10d.ocx
[2012/11/16 03:20:14 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport
[2012/11/16 03:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/16 02:05:35 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\Freecorder 7 Converter
[2012/11/16 01:40:16 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\Freecorder 7 Screen
[2012/11/11 13:12:24 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2012/11/11 12:54:46 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2012/11/11 12:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2012/11/11 12:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo II
[2012/11/06 15:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/11/06 15:48:26 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/11/06 04:18:52 | 000,000,000 | ---D | C] -- C:\Users\piggy\.swt
[2012/10/30 20:13:15 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\Freecorder 7 Video
[2012/10/30 20:11:34 | 000,000,000 | ---D | C] -- C:\Users\piggy\AppData\Local\Jaksta_Technologies_Pty_L

========== Files - Modified Within 30 Days ==========

[2012/11/24 14:29:12 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 14:29:12 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/24 14:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/24 14:24:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 14:24:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 14:24:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/24 05:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/22 16:01:52 | 000,062,976 | ---- | M] () -- C:\Users\piggy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/20 18:10:54 | 000,001,920 | ---- | M] () -- C:\Users\piggy\Desktop\ToZ Launcher.lnk
[2012/11/19 15:34:15 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/18 15:24:42 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/11/18 15:24:42 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/11/18 14:27:12 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/18 13:37:36 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/18 13:37:36 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/18 12:37:07 | 000,297,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/17 23:38:50 | 000,000,126 | ---- | M] () -- C:\user.js
[2012/11/17 05:07:28 | 000,001,572 | ---- | M] () -- C:\Users\piggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Go!Zilla.lnk
[2012/11/16 03:20:15 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\ StreamTransport.lnk
[2012/11/16 03:14:18 | 000,001,935 | ---- | M] () -- C:\Users\piggy\Desktop\Google Chrome.lnk
[2012/11/14 15:55:51 | 000,000,948 | ---- | M] () -- C:\Users\piggy\Desktop\Windows Media Player.lnk
[2012/11/12 22:30:20 | 000,035,773 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2012/11/11 13:12:24 | 000,001,690 | ---- | M] () -- C:\Users\piggy\Desktop\Diablo II - Lord of Destruction.lnk
[2012/11/11 12:54:46 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2012/11/11 12:54:46 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2012/11/10 19:14:32 | 000,000,525 | ---- | M] () -- C:\Users\piggy\Desktop\launcher - Shortcut.lnk
[2012/10/30 20:36:14 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012/10/30 20:03:06 | 000,000,361 | ---- | M] () -- C:\Users\piggy\Application Data\Microsoft\Internet Explorer\Quick Launch\My Downloads.lnk
[2012/10/29 18:45:17 | 000,000,361 | ---- | M] () -- C:\Users\piggy\Desktop\My Downloads.lnk

========== Files Created - No Company Name ==========

[2012/11/20 18:10:54 | 000,001,920 | ---- | C] () -- C:\Users\piggy\Desktop\ToZ Launcher.lnk
[2012/11/19 15:34:15 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/18 14:27:12 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 23:38:50 | 000,000,126 | ---- | C] () -- C:\user.js
[2012/11/17 23:09:09 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/11/17 23:09:08 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/11/17 23:09:08 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012/11/17 23:09:01 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/11/17 23:09:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/11/17 23:08:59 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/11/17 23:08:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/11/17 23:08:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/11/17 23:08:23 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/11/17 23:08:23 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/11/17 23:08:19 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/11/17 19:20:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/11/17 19:20:50 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/11/17 19:20:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/11/17 05:07:28 | 000,001,572 | ---- | C] () -- C:\Users\piggy\Application Data\Microsoft\Internet Explorer\Quick Launch\Go!Zilla.lnk
[2012/11/16 03:20:15 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\ StreamTransport.lnk
[2012/11/16 03:14:18 | 000,001,935 | ---- | C] () -- C:\Users\piggy\Desktop\Google Chrome.lnk
[2012/11/16 03:08:10 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 03:08:09 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/14 15:55:51 | 000,000,948 | ---- | C] () -- C:\Users\piggy\Desktop\Windows Media Player.lnk
[2012/11/11 13:12:24 | 000,001,690 | ---- | C] () -- C:\Users\piggy\Desktop\Diablo II - Lord of Destruction.lnk
[2012/11/11 12:54:47 | 000,035,773 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/11/11 12:54:46 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2012/11/10 19:14:32 | 000,000,525 | ---- | C] () -- C:\Users\piggy\Desktop\launcher - Shortcut.lnk
[2012/10/30 20:03:06 | 000,000,361 | ---- | C] () -- C:\Users\piggy\Application Data\Microsoft\Internet Explorer\Quick Launch\My Downloads.lnk
[2012/10/29 18:45:17 | 000,000,361 | ---- | C] () -- C:\Users\piggy\Desktop\My Downloads.lnk
[2011/02/20 07:07:09 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/04/24 13:02:12 | 000,000,552 | ---- | C] () -- C:\Users\piggy\AppData\Local\d3d8caps.dat
[2009/02/06 03:19:32 | 000,062,976 | ---- | C] () -- C:\Users\piggy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 20:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/22 00:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:09 AM

Posted 24 November 2012 - 09:56 PM

You have a lot of orphaned entries (that means there is no file associated with the entry) and one of these could be causing the problem. It could be that one of these services is calling a file that is no longer present on the machine. You seem to have ZoneAlarm in some form but this does not appear to be running so looks like remnants - particularly as you are running Avast's firewall. I have removed them where they are oprhaned but you might want to use their uninstaller to be sure.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\PnkBstrA.exe -- (PnkBstrA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva277.sys -- (XDva277)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva219.sys -- (XDva219)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a3uilioh)
    IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r /c "C:\Program Files\CheckPoint\Install\Install.xml" File not found
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Next please run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.


Please also update me on the problem and whether it still occurs.
Posted Image
m0le is a proud member of UNITE

#10 jospeh

jospeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 25 November 2012 - 03:07 AM

It is unbelievable, the problem is solved. I tested it by running the site where the major problem was detected, the browser game which the page hangs, and it doesn't hang anymore, I believe so will be Facebook and other sites. May I know what's the problem that actually caused the hang of the page? Is it of the services? But why do they exist when they are not needed anymore, beside they may have been existed for a long time but didn't cause any problems so far.

Thanks m0le, you are really, really amazing. Its shocked to know that so much things I do not know about my computer. So many things unexplored and unknown. I wish to enter the training program and learn myself more on this, but regretfully find that it is already full.. Is there any slots left? If there is any, can you help me about it? I am very interested to learn more.

About the ZoneAlarm, that is what has been installed after the problem occurs. I have tried a lot of methods in order to find out where the unknown downloading running from. Avira's Firewall only can detect the speed of the download but not what file is being downloaded nor from where it came from. So the next I installed ZoneAlarm firewall but it doesn't seem to work out as well. I didn't plan to delete it since it can offer extra protection, but later on the ZoneAlarm generates an incompatibility problem with the Firefox, so I have to remove it.


Here is the logs and reports:

The logs of the custom fix at OTL's.

========== OTL ==========
Service PnkBstrA stopped successfully!
Service PnkBstrA deleted successfully!
File C:\Windows\system32\PnkBstrA.exe not found.
Service XDva277 stopped successfully!
Service XDva277 deleted successfully!
File C:\Windows\system32\XDva277.sys not found.
Service XDva219 stopped successfully!
Service XDva219 deleted successfully!
File C:\Windows\system32\XDva219.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Error: No service named a3uilioh was found to stop!
Service\Driver key a3uilioh not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Installer deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11252012_133049







The logs of the ESET scan result:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ba703bbff15f544b6db6d2f45b438f0
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-25 07:35:57
# local_time=2012-11-25 03:35:57 (+0800, Malay Peninsula Standard Time)
# country="Malaysia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 111047544 111047544 0 0
# compatibility_mode=1798 16775165 100 100 69597317 151310042 70403691 0
# compatibility_mode=5892 16776638 100 100 657241 191352332 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118412
# found=1
# cleaned=1
# scan_time=5795
C:\Users\piggy\Downloads\Programs\CheatEngine55.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


This cheatengine55.exe, is a file that existed in my pc like, 3-5 years ago. It is given to me by a trusted real life friend when we are playing games together. I am sure some would say don't receive files from friends but not this one, we have know each others since childhood. I am sure he does not know the file is harmful as well. We have no idea it is a virus, I don't think that's the problem that caused all these as so far it didn't cause any browser problems before, but I am not sure about it either.

And great thanks to you m0le. :thumbsup:

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:09 AM

Posted 25 November 2012 - 07:10 PM

About the ZoneAlarm, that is what has been installed after the problem occurs


This is probably the cause. Some of the program has been removed and what is left is attempting to run, this can often leave ghost windows and error messages.

As for the training, I can only offer the advice to persevere and keep checking the page. If you want to be here then you will be!

We should clear up now

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it jospeh, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#12 jospeh

jospeh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 26 November 2012 - 02:41 AM

I downloaded OTC and clean it, the process requires to reboot once and its done. And wow.. that's is certainly, a heavenly resource link of tutorials and guidance down there, if only I could have found that years ago earlier... guess I am going to spend my time study on them, thanks m0le! :thumbsup:

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:09 AM

Posted 03 December 2012 - 08:34 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users