Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

_hiddenPbk


  • This topic is locked This topic is locked
9 replies to this topic

#1 WinBMY

WinBMY

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 15 May 2013 - 11:42 PM

I run combofix to scan my notebook PC today. And found deleted file called: -hiddenPbk. It seems to me that PC was hacked.

 

Here is the DDS log.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by ASUS at 12:36:21 on 2013-05-16
Microsoft Windows 7 家用進階版   6.1.7601.1.950.886.1028.18.8103.6026 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall *Enabled* {F9380B5D-D31C-8B74-72FB-D86DF39490C2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
D:\Virus Protection Course\sandboxies\SbieSvc.exe
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Virus Protection Course\sandboxies\SbieCtrl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Virus Protection Course\sandboxies\SandboxieRpcSs.exe
D:\Virus Protection Course\sandboxies\SandboxieDcomLaunch.exe
D:\FFox\firefox.exe
D:\Virus Protection Course\sandboxies\32\SbieSvc.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tw.yahoo.com?fr=fp-comodo
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SandboxieControl] "D:\Virus Protection Course\sandboxies\SbieCtrl.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:34
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:34
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: 傳送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{8F77313F-9E3A-4822-A384-E848D1220AA5} : DHCPNameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988} : DHCPNameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\55355425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\
FF - prefs.js: browser.startup.homepage - www.google.com.tw
FF - prefs.js: keyword.URL - hxxp://tw.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2013-04-30 12:42; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-30 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-30 189936]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-7 25960]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-30 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-30 378432]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\System32\drivers\pwipf6.sys [2013-4-30 130744]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-11-7 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-30 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-30 80816]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-9 46808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 PFNet;Privacyware network service;C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe [2013-1-14 374600]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-26 91464]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-9-22 142632]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-1-10 219648]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-1-10 65024]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-22 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-22 169584]
R3 SbieDrv;SbieDrv;D:\Virus Protection Course\sandboxies\SbieDrv.sys [2012-12-16 202632]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe []
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-4-15 38912]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-05-16 01:13:15    --------    d-----w-    C:\Windows\SysWow64\Ew蠉Ewxt沔videace
2013-05-16 00:54:59    775232    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 13:05:24    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 13:05:24    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 13:05:23    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 13:04:30    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 13:04:28    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 13:04:28    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 13:04:27    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 13:03:50    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 13:03:50    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 13:03:21    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-15 11:41:10    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0EE1CC45-ADC7-4BB6-903D-B0743CED7767}
2013-05-14 03:36:48    --------    d-----w-    C:\Windows\SysWow64\蠉xtvideace
2013-05-13 01:53:49    --------    d-----w-    C:\Windows\SysWow64\褱蠉褱xt淚videace
2013-05-10 12:43:59    --------    d-----w-    C:\Windows\SysWow64\彽蠉彽xt許videace
2013-05-10 06:44:29    --------    d-----w-    C:\Users\ASUS\AppData\Local\{3406FB32-1286-4914-AB80-599A6BA57EAD}
2013-05-10 02:28:50    --------    d-----w-    C:\Users\ASUS\AppData\Local\{D644157A-5E15-44A8-8AEF-8BD3E50E5ACF}
2013-05-09 07:15:11    --------    d-----w-    C:\Windows\SysWow64\蠉xt歿videace
2013-05-09 04:25:01    --------    d-----w-    C:\Windows\SysWow64\'w蠉'wxt崤videace
2013-05-08 11:28:47    --------    d-----w-    C:\Users\ASUS\AppData\Local\{D7F3CD94-905A-4578-96BE-CF5114D60B92}
2013-05-07 07:18:40    --------    d-----w-    C:\Users\ASUS\AppData\Local\{C6125A0E-9104-4B57-8CB2-79B77183F087}
2013-05-07 07:15:09    --------    d-----w-    C:\Users\ASUS\AppData\Local\{5E438DC4-7F8E-4DC3-814E-02839D2F7C73}
2013-05-07 06:44:52    98816    ----a-w-    C:\Windows\sed.exe
2013-05-07 06:44:52    256000    ----a-w-    C:\Windows\PEV.exe
2013-05-07 06:44:52    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-07 06:07:54    --------    d-----w-    C:\Windows\SysWow64\蠉xt豹videace
2013-05-06 02:30:08    --------    d-----w-    C:\Users\ASUS\AppData\Local\{B51AEB39-911B-49E3-AB33-8450CEB93A19}
2013-05-06 00:50:08    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lwxt豹videace
2013-05-05 05:01:37    --------    d-----w-    C:\Windows\SysWow64\Kw蠉Kwxt蓋videace
2013-05-05 00:03:15    --------    d-----w-    C:\Windows\SysWow64\盱蠉盱xt鈾videace
2013-05-04 23:04:51    --------    d-----w-    C:\Users\ASUS\AppData\Local\{5A3EA0A1-8E5F-454F-8FCD-914D87DD0B51}
2013-05-04 02:57:07    --------    d-----w-    C:\Windows\SysWow64\德蠉德xt廄videace
2013-05-04 02:24:25    --------    d-----w-    C:\Users\ASUS\AppData\Local\{63444D45-C19A-4C10-AF44-8A0A62F95081}
2013-05-03 05:57:20    --------    d-----w-    C:\Users\ASUS\AppData\Local\{96E67070-1385-4B22-BC64-81F96F1DA265}
2013-05-02 14:01:00    --------    d-----w-    C:\Program Files (x86)\GetFLV
2013-05-02 04:57:59    --------    d-----w-    C:\Windows\SysWow64\Gw蠉Gwxt娉videace
2013-05-02 02:12:03    --------    d-----w-    C:\Windows\SysWow64\菉蠉菉xt縷videace
2013-05-02 00:40:44    --------    d-----w-    C:\Program Files (x86)\Common Files\EagleGet
2013-05-01 06:11:29    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0F42C0ED-C480-46DC-A4A0-A8DE7FE4B4F6}
2013-05-01 05:22:01    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0FEFCA3B-D8F7-42DE-8DC7-20DC732471D1}
2013-05-01 04:41:10    --------    d-----w-    C:\Users\ASUS\AppData\Local\{43F7547D-3732-45C2-A228-7A5D768F9D9B}
2013-05-01 04:37:40    --------    d-----w-    C:\Users\ASUS\AppData\Local\{A3BFCF17-CC3A-490A-A876-885083379E64}
2013-05-01 02:13:02    --------    d-----w-    C:\Windows\SysWow64\饔蠉饔xt鈾videace
2013-05-01 01:54:38    --------    d-----w-    C:\Windows\SysWow64\lw蠉lwxt沔videace
2013-05-01 01:33:31    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lwxt廄videace
2013-04-30 08:10:18    --------    d-----w-    C:\Windows\SysWow64\蠉xt佢videace
2013-04-30 07:56:42    --------    d-----w-    C:\Windows\SysWow64\aw蠉awxtvideace
2013-04-30 07:03:52    --------    d-----w-    C:\Users\ASUS\AppData\Local\{7F31A970-7F2B-4E64-97A0-E47096E4B97E}
2013-04-30 07:00:05    --------    d-----w-    C:\Users\ASUS\AppData\Local\{FB94F1B0-1FAD-4DFA-AD0B-CC235F7EF6A2}
2013-04-30 05:11:44    --------    d-----w-    C:\Windows\SysWow64\ w蠉 wxt鈾videace
2013-04-30 05:00:13    --------    d-----w-    C:\Windows\SysWow64\逕蠉逕xtvideace
2013-04-30 04:59:07    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-04-30 04:59:07    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-04-30 04:54:28    --------    d-----w-    C:\Windows\SysWow64\kw蠉kwxtvideace
2013-04-30 04:42:47    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-04-30 04:42:46    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-30 04:42:46    1025808    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-04-30 04:42:33    41664    ----a-w-    C:\Windows\avastSS.scr
2013-04-30 04:42:24    --------    d-----w-    C:\Program Files\AVAST Software
2013-04-30 04:39:05    130744    ----a-w-    C:\Windows\System32\drivers\pwipf6.sys
2013-04-30 04:39:00    --------    d-----w-    C:\Program Files (x86)\Privacyware
2013-04-30 04:36:52    --------    d-----w-    C:\Windows\SysWow64\8w蠉8wxtvideace
2013-04-30 04:32:09    --------    d-----w-    C:\Windows\SysWow64\腛蠉腛xtvideace
2013-04-30 04:18:48    --------    d-----w-    C:\Windows\SysWow64\漙蠉漙xt豹videace
2013-04-30 02:58:36    --------    d-----w-    C:\Users\ASUS\AppData\Local\{B5BA0E4A-7E07-4074-9C74-7D18F089D69F}
2013-04-30 02:26:47    --------    d-----w-    C:\Users\ASUS\AppData\Local\{D5E40A15-FC6A-4611-924F-985E43FAC4A3}
2013-04-30 02:07:27    --------    d-----w-    C:\Users\ASUS\AppData\Local\{EBF7DE30-7DC7-4586-B34D-4790F075FF02}
2013-04-29 04:43:51    --------    d-----w-    C:\Windows\SysWow64\歡蠉歡xt豹videace
2013-04-29 02:53:54    --------    d-----w-    C:\Windows\SysWow64\蠉xt柦videace
2013-04-29 01:36:10    --------    d-----w-    C:\Users\ASUS\AppData\Local\{607EA0D7-1EDE-4BD4-80C0-7D6A878C788D}
2013-04-28 22:03:37    --------    d-----w-    C:\Users\ASUS\AppData\Local\{C7AE2E85-FF5C-4714-BA5A-4D6CFF2394CD}
2013-04-28 22:02:17    --------    d-----w-    C:\Users\ASUS\AppData\Local\{97C74683-3E61-4C4C-9590-720C0C4533F0}
2013-04-28 21:54:44    --------    d-----w-    C:\Users\ASUS\AppData\Local\{1CCB4E2B-A081-4D8B-92B4-E32AA1F6948E}
2013-04-28 13:04:59    --------    d-----w-    C:\Users\ASUS\AppData\Local\{E7979F30-FE70-49B7-980D-451BB06D887F}
2013-04-28 11:09:52    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lwxt墦videace
2013-04-28 06:53:38    --------    d-----w-    C:\Users\ASUS\AppData\Local\{78E5BBBC-4930-4A37-9548-7A38A2ABB51F}
2013-04-28 01:38:09    --------    d-----w-    C:\Users\ASUS\AppData\Local\{917D366E-0355-4BD3-B854-2C93781A1AE9}
2013-04-28 01:23:03    --------    d-----w-    C:\Users\ASUS\AppData\Local\{03D07FFC-258B-4B4E-9073-40047F290641}
2013-04-28 01:16:14    --------    d-----w-    C:\Users\ASUS\AppData\Local\{8CB31659-BA14-4B7A-9A63-0C0AA1D136DA}
2013-04-27 11:03:29    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0B68B939-A5B1-4761-8EF9-03E662C695BF}
2013-04-27 11:02:30    --------    d-----w-    C:\Users\ASUS\AppData\Local\{48F6A668-56B6-42D7-BADE-9FBE5917E040}
2013-04-27 10:57:05    --------    d-----w-    C:\Users\ASUS\AppData\Local\{2A251A4A-D043-4E40-9DC1-206E06D25850}
2013-04-26 21:39:49    --------    d-----w-    C:\Users\ASUS\AppData\Local\{2D183F55-EEB3-4697-B538-430476D4870B}
2013-04-26 03:50:30    --------    d-----w-    C:\Users\ASUS\AppData\Local\{3C944303-675B-46DF-9A2B-4CB0AE87ABEA}
2013-04-26 02:15:41    --------    d-----w-    C:\VTRoot
2013-04-24 04:57:38    --------    d-----w-    C:\Users\ASUS\AppData\Local\{615FE3FF-8ACC-474F-8804-0721405EBA70}
2013-04-24 04:44:16    --------    d-----w-    C:\Windows\SysWow64\Jw蠉Jwxt崤videace
2013-04-24 01:30:02    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-23 11:52:23    --------    d-----w-    C:\Users\ASUS\AppData\Local\{BADCBB3E-068E-4273-9EFA-CF2BD5056B7B}
2013-04-23 11:45:41    --------    d-----w-    C:\ProgramData\VSO
2013-04-23 11:45:41    --------    d-----w-    C:\Program Files (x86)\VSO
2013-04-23 10:38:18    --------    d-----w-    C:\Windows\SysWow64\髯蠉髯xt箤videace
2013-04-23 08:01:38    --------    d-----w-    C:\Windows\SysWow64\6w蠉6wxt俞videace
2013-04-23 07:53:10    --------    d-----w-    C:\Windows\SysWow64\)w蠉)wxt黠videace
2013-04-23 07:48:06    --------    d-----w-    C:\Windows\SysWow64\0w蠉0wxt娉videace
2013-04-23 07:43:26    --------    d-----w-    C:\Windows\SysWow64\蠉xt墦videace
2013-04-23 07:35:24    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2013-04-23 07:32:20    --------    d-----w-    C:\Windows\SysWow64\Dw蠉Dwxt枯videace
2013-04-23 01:22:02    --------    d-----w-    C:\Windows\SysWow64\逕蠉逕xt涂videace
.
==================== Find3M  ====================
.
2013-05-16 01:13:54    45056    ----a-w-    C:\Windows\SysWow64\acovcnt.exe
2013-05-15 13:08:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:08:27    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 06:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-03 21:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-06 01:13:15    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-06 01:13:15    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-15 06:08:40    44032    ----a-w-    C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26    158720    ----a-w-    C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10    3217408    ----a-w-    C:\Windows\SysWow64\mstscax.dll
.
============= FINISH: 12:36:58.40 ===============

 



BC AdBot (Login to Remove)

 


#2 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 15 May 2013 - 11:43 PM

And here is the DDS scan attached file.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家用進階版
Boot Device: \Device\HarddiskVolume2
Install Date: 2012/11/6 14:33:20
System Uptime: 2013/5/16 10:24:24 (2 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | N43SL
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 135.281 GiB free.
D: is FIXED (NTFS) - 241 GiB total, 214.758 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP165: 2013/4/30 12:42:04 - avast! Free Antivirus 安裝
RP166: 2013/4/30 12:51:47 - Installed Java 7 Update 21
RP167: 2013/5/1 09:16:26 - Windows Update
RP168: 2013/5/1 10:10:56 - Windows Update
RP169: 2013/5/2 22:08:39 - Removed WinZip 17.0
RP170: 2013/5/7 14:45:02 - ComboFix created restore point
RP171: 2013/5/13 09:36:52 - ComboFix created restore point
RP172: 2013/5/16 08:52:49 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Alcor Micro USB Card Reader
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS RT-N12C1 Wireless Router Utilities
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ASUS_N3_Series
Atheros Client Installation Program
ATK Package
avast! Free Antivirus
Bluetooth Win7 Suite (64)
CCleaner
Comodo Dragon
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX Windows Live Mesh pour connexions a distance
Controlo ActiveX do Windows Live Mesh para Ligacoes Remotas
CutePDF Writer 2.8
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ETDWare PS/2-X64 8.0.5.3_WHQL
ExpressGateCloud
Fast Boot
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galeria fotografica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Processor Graphics
Intel® Turbo Boost Technology Monitor
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware 版本 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.2 (x86 zh-TW)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Update Components
Privatefirewall 7.0
Realtek High Definition Audio Driver
Sandboxie 3.76 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SonicMaster
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 UVC 2M WebCam
Windows Live
Windows Live ?件包
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片?
Windows Live 影像中心
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
用于?程?接的 Windows Live Mesh ActiveX 控件(?体中文)
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== End Of File ===========================



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 20 May 2013 - 11:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/494771 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 21 May 2013 - 01:44 PM

Hi, Here is the new DDS log.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by ASUS at 2:40:26 on 2013-05-22
Microsoft Windows 7 家用進階版   6.1.7601.1.950.886.1028.18.8103.5865 [GMT 8:00]
.
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
D:\Virus Protection Course\sandboxies\SbieSvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Virus Protection Course\sandboxies\SbieCtrl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\virtkiosk.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
D:\FFox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tw.yahoo.com?fr=fp-comodo
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SandboxieControl] "D:\Virus Protection Course\sandboxies\SbieCtrl.exe"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:34
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:34
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: 傳送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\55355425D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\A416E63757B416C62696 : DHCPNameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\A616E63757 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\
FF - prefs.js: browser.startup.homepage - www.google.com.tw
FF - prefs.js: keyword.URL - hxxp://tw.search.yahoo.com/search?fr=ytff-comodo&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ASUS\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-7 25960]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-4-15 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-4-15 706560]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-4-15 48360]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-11-7 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-26 91464]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
R3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-4-15 158928]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-9-22 142632]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-1-10 219648]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-1-10 65024]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-22 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-22 169584]
R3 SbieDrv;SbieDrv;D:\Virus Protection Course\sandboxies\SbieDrv.sys [2012-12-16 202632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe []
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-4-15 38912]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-05-21 18:30:46    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-05-21 18:15:22    --------    d-----w-    C:\Windows\SysWow64\蠉xt餐videace
2013-05-21 12:05:56    --------    d-----w-    C:\Windows\SysWow64\鈖蠉鈖xtvideace
2013-05-21 12:03:13    --------    d-----w-    C:\Windows\SysWow64\#w蠉#wxt柦videace
2013-05-21 11:47:53    --------    d-----w-    C:\Program Files\COMODO
2013-05-21 11:37:59    --------    d-----w-    C:\Windows\SysWow64\蠉xt偅videace
2013-05-21 11:34:35    --------    d-----w-    C:\Windows\SysWow64\yw蠉ywxt穀videace
2013-05-21 07:41:33    --------    d-----w-    C:\Windows\SysWow64\髯蠉髯xt暝videace
2013-05-21 06:48:46    --------    d-----w-    C:\Windows\SysWow64\蠉xtvideace
2013-05-21 04:58:27    --------    d-----w-    C:\Windows\SysWow64\囪蠉囪xt枯videace
2013-05-19 12:29:54    --------    d-----w-    C:\Windows\SysWow64\蠉xt么videace
2013-05-16 01:13:15    --------    d-----w-    C:\Windows\SysWow64\Ew蠉Ewxt沔videace
2013-05-16 00:54:59    775232    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 13:05:24    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 13:05:24    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 13:05:23    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 13:04:30    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 13:04:28    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 13:04:28    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 13:04:27    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 13:03:50    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-05-15 13:03:50    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-05-15 13:03:21    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-05-15 11:41:10    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0EE1CC45-ADC7-4BB6-903D-B0743CED7767}
2013-05-14 03:36:48    --------    d-----w-    C:\Windows\SysWow64\蠉xtvideace
2013-05-13 01:53:49    --------    d-----w-    C:\Windows\SysWow64\褱蠉褱xt淚videace
2013-05-10 12:43:59    --------    d-----w-    C:\Windows\SysWow64\彽蠉彽xt許videace
2013-05-10 06:44:29    --------    d-----w-    C:\Users\ASUS\AppData\Local\{3406FB32-1286-4914-AB80-599A6BA57EAD}
2013-05-10 02:28:50    --------    d-----w-    C:\Users\ASUS\AppData\Local\{D644157A-5E15-44A8-8AEF-8BD3E50E5ACF}
2013-05-09 07:15:11    --------    d-----w-    C:\Windows\SysWow64\蠉xt歿videace
2013-05-09 04:25:01    --------    d-----w-    C:\Windows\SysWow64\'w蠉'wxt崤videace
2013-05-08 11:28:47    --------    d-----w-    C:\Users\ASUS\AppData\Local\{D7F3CD94-905A-4578-96BE-CF5114D60B92}
2013-05-07 07:18:40    --------    d-----w-    C:\Users\ASUS\AppData\Local\{C6125A0E-9104-4B57-8CB2-79B77183F087}
2013-05-07 07:15:09    --------    d-----w-    C:\Users\ASUS\AppData\Local\{5E438DC4-7F8E-4DC3-814E-02839D2F7C73}
2013-05-07 06:44:52    98816    ----a-w-    C:\Windows\sed.exe
2013-05-07 06:44:52    256000    ----a-w-    C:\Windows\PEV.exe
2013-05-07 06:44:52    208896    ----a-w-    C:\Windows\MBR.exe
2013-05-07 06:07:54    --------    d-----w-    C:\Windows\SysWow64\蠉xt豹videace
2013-05-06 02:30:08    --------    d-----w-    C:\Users\ASUS\AppData\Local\{B51AEB39-911B-49E3-AB33-8450CEB93A19}
2013-05-06 00:50:08    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lwxt豹videace
2013-05-05 05:01:37    --------    d-----w-    C:\Windows\SysWow64\Kw蠉Kwxt蓋videace
2013-05-05 00:03:15    --------    d-----w-    C:\Windows\SysWow64\盱蠉盱xt鈾videace
2013-05-04 23:04:51    --------    d-----w-    C:\Users\ASUS\AppData\Local\{5A3EA0A1-8E5F-454F-8FCD-914D87DD0B51}
2013-05-04 02:57:07    --------    d-----w-    C:\Windows\SysWow64\德蠉德xt廄videace
2013-05-04 02:24:25    --------    d-----w-    C:\Users\ASUS\AppData\Local\{63444D45-C19A-4C10-AF44-8A0A62F95081}
2013-05-03 05:57:20    --------    d-----w-    C:\Users\ASUS\AppData\Local\{96E67070-1385-4B22-BC64-81F96F1DA265}
2013-05-02 14:01:00    --------    d-----w-    C:\Program Files (x86)\GetFLV
2013-05-02 04:57:59    --------    d-----w-    C:\Windows\SysWow64\Gw蠉Gwxt娉videace
2013-05-02 02:12:03    --------    d-----w-    C:\Windows\SysWow64\菉蠉菉xt縷videace
2013-05-02 00:40:44    --------    d-----w-    C:\Program Files (x86)\Common Files\EagleGet
2013-05-01 06:11:29    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0F42C0ED-C480-46DC-A4A0-A8DE7FE4B4F6}
2013-05-01 05:22:01    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0FEFCA3B-D8F7-42DE-8DC7-20DC732471D1}
2013-05-01 04:41:10    --------    d-----w-    C:\Users\ASUS\AppData\Local\{43F7547D-3732-45C2-A228-7A5D768F9D9B}
2013-05-01 04:37:40    --------    d-----w-    C:\Users\ASUS\AppData\Local\{A3BFCF17-CC3A-490A-A876-885083379E64}
2013-05-01 02:13:02    --------    d-----w-    C:\Windows\SysWow64\饔蠉饔xt鈾videace
2013-05-01 01:54:38    --------    d-----w-    C:\Windows\SysWow64\lw蠉lwxt沔videace
2013-05-01 01:33:31    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lwxt廄videace
2013-04-30 08:10:18    --------    d-----w-    C:\Windows\SysWow64\蠉xt佢videace
2013-04-30 07:56:42    --------    d-----w-    C:\Windows\SysWow64\aw蠉awxtvideace
2013-04-30 07:03:52    --------    d-----w-    C:\Users\ASUS\AppData\Local\{7F31A970-7F2B-4E64-97A0-E47096E4B97E}
2013-04-30 07:00:05    --------    d-----w-    C:\Users\ASUS\AppData\Local\{FB94F1B0-1FAD-4DFA-AD0B-CC235F7EF6A2}
2013-04-30 05:11:44    --------    d-----w-    C:\Windows\SysWow64\ w蠉 wxt鈾videace
2013-04-30 05:00:13    --------    d-----w-    C:\Windows\SysWow64\逕蠉逕xtvideace
2013-04-30 04:54:28    --------    d-----w-    C:\Windows\SysWow64\kw蠉kwxtvideace
2013-04-30 04:42:24    --------    d-----w-    C:\Program Files\AVAST Software
2013-04-30 04:36:52    --------    d-----w-    C:\Windows\SysWow64\8w蠉8wxtvideace
2013-04-30 04:32:09    --------    d-----w-    C:\Windows\SysWow64\腛蠉腛xtvideace
2013-04-30 04:18:48    --------    d-----w-    C:\Windows\SysWow64\漙蠉漙xt豹videace
2013-04-30 02:26:47    --------    d-----w-    C:\Users\ASUS\AppData\Local\{D5E40A15-FC6A-4611-924F-985E43FAC4A3}
2013-04-30 02:07:27    --------    d-----w-    C:\Users\ASUS\AppData\Local\{EBF7DE30-7DC7-4586-B34D-4790F075FF02}
2013-04-29 04:43:51    --------    d-----w-    C:\Windows\SysWow64\歡蠉歡xt豹videace
2013-04-29 02:53:54    --------    d-----w-    C:\Windows\SysWow64\蠉xt柦videace
2013-04-29 01:36:10    --------    d-----w-    C:\Users\ASUS\AppData\Local\{607EA0D7-1EDE-4BD4-80C0-7D6A878C788D}
2013-04-28 22:03:37    --------    d-----w-    C:\Users\ASUS\AppData\Local\{C7AE2E85-FF5C-4714-BA5A-4D6CFF2394CD}
2013-04-28 22:02:17    --------    d-----w-    C:\Users\ASUS\AppData\Local\{97C74683-3E61-4C4C-9590-720C0C4533F0}
2013-04-28 21:54:44    --------    d-----w-    C:\Users\ASUS\AppData\Local\{1CCB4E2B-A081-4D8B-92B4-E32AA1F6948E}
2013-04-28 13:04:59    --------    d-----w-    C:\Users\ASUS\AppData\Local\{E7979F30-FE70-49B7-980D-451BB06D887F}
2013-04-28 11:09:52    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lwxt墦videace
2013-04-28 06:53:38    --------    d-----w-    C:\Users\ASUS\AppData\Local\{78E5BBBC-4930-4A37-9548-7A38A2ABB51F}
2013-04-28 01:38:09    --------    d-----w-    C:\Users\ASUS\AppData\Local\{917D366E-0355-4BD3-B854-2C93781A1AE9}
2013-04-28 01:23:03    --------    d-----w-    C:\Users\ASUS\AppData\Local\{03D07FFC-258B-4B4E-9073-40047F290641}
2013-04-28 01:16:14    --------    d-----w-    C:\Users\ASUS\AppData\Local\{8CB31659-BA14-4B7A-9A63-0C0AA1D136DA}
2013-04-27 11:03:29    --------    d-----w-    C:\Users\ASUS\AppData\Local\{0B68B939-A5B1-4761-8EF9-03E662C695BF}
2013-04-27 11:02:30    --------    d-----w-    C:\Users\ASUS\AppData\Local\{48F6A668-56B6-42D7-BADE-9FBE5917E040}
2013-04-27 10:57:05    --------    d-----w-    C:\Users\ASUS\AppData\Local\{2A251A4A-D043-4E40-9DC1-206E06D25850}
2013-04-26 21:39:49    --------    d-----w-    C:\Users\ASUS\AppData\Local\{2D183F55-EEB3-4697-B538-430476D4870B}
2013-04-26 03:50:30    --------    d-----w-    C:\Users\ASUS\AppData\Local\{3C944303-675B-46DF-9A2B-4CB0AE87ABEA}
2013-04-26 02:15:41    --------    d--h--w-    C:\VTRoot
2013-04-24 04:57:38    --------    d-----w-    C:\Users\ASUS\AppData\Local\{615FE3FF-8ACC-474F-8804-0721405EBA70}
2013-04-24 04:44:16    --------    d-----w-    C:\Windows\SysWow64\Jw蠉Jwxt崤videace
2013-04-24 01:30:02    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-23 11:52:23    --------    d-----w-    C:\Users\ASUS\AppData\Local\{BADCBB3E-068E-4273-9EFA-CF2BD5056B7B}
2013-04-23 11:45:41    --------    d-----w-    C:\ProgramData\VSO
2013-04-23 11:45:41    --------    d-----w-    C:\Program Files (x86)\VSO
2013-04-23 10:38:18    --------    d-----w-    C:\Windows\SysWow64\髯蠉髯xt箤videace
2013-04-23 08:01:38    --------    d-----w-    C:\Windows\SysWow64\6w蠉6wxt俞videace
2013-04-23 07:53:10    --------    d-----w-    C:\Windows\SysWow64\)w蠉)wxt黠videace
2013-04-23 07:48:06    --------    d-----w-    C:\Windows\SysWow64\0w蠉0wxt娉videace
2013-04-23 07:43:26    --------    d-----w-    C:\Windows\SysWow64\蠉xt墦videace
2013-04-23 07:35:24    --------    d-s---w-    C:\Windows\SysWow64\Microsoft
2013-04-23 07:32:20    --------    d-----w-    C:\Windows\SysWow64\Dw蠉Dwxt枯videace
2013-04-23 01:22:02    --------    d-----w-    C:\Windows\SysWow64\逕蠉逕xt涂videace
.
==================== Find3M  ====================
.
2013-05-21 18:30:46    45056    ----a-w-    C:\Windows\SysWow64\acovcnt.exe
2013-05-15 13:08:27    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 13:08:27    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-23 14:04:10    437176    ----a-w-    C:\Windows\System32\guard64.dll
2013-04-23 14:04:10    348048    ----a-w-    C:\Windows\SysWow64\guard32.dll
2013-04-15 10:38:54    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2013-04-15 10:38:52    706560    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2013-04-15 10:38:52    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2013-04-15 10:38:40    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2013-04-15 10:38:30    45776    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2013-04-15 10:38:30    343760    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2013-04-15 10:38:26    40656    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2013-04-15 10:38:26    276688    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-05 06:52:14    2242048    ----a-w-    C:\Windows\System32\wininet.dll
2013-04-05 06:50:36    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24    1767424    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 06:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-04-03 21:35:05    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-06 01:13:15    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-06 01:13:15    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH:  2:41:49.51 ===============
 



#5 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 21 May 2013 - 01:45 PM

And, here is the new attached file.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家用進階版
Boot Device: \Device\HarddiskVolume2
Install Date: 2012/11/6 14:33:20
System Uptime: 2013/5/22 02:30:16 (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | N43SL
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU 1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 135.621 GiB free.
D: is FIXED (NTFS) - 241 GiB total, 214.758 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP169: 2013/5/2 22:08:39 - Removed WinZip 17.0
RP170: 2013/5/7 14:45:02 - ComboFix created restore point
RP171: 2013/5/13 09:36:52 - ComboFix created restore point
RP172: 2013/5/16 08:52:49 - Windows Update
RP173: 2013/5/19 16:12:19 - ComboFix created restore point
RP174: 2013/5/21 13:01:44 - ComboFix created restore point
RP175: 2013/5/21 19:31:26 - avast! Free Antivirus 安裝
RP176: 2013/5/21 19:36:00 - Removed Privatefirewall 7.0
RP177: 2013/5/21 19:48:27 - 裝置驅動程式套件安裝: COMODO Network Service
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Alcor Micro USB Card Reader
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS RT-N12C1 Wireless Router Utilities
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ASUS_N3_Series
Atheros Client Installation Program
ATK Package
Bluetooth Win7 Suite (64)
CCleaner
Comodo Dragon
COMODO Internet Security Premium
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX Windows Live Mesh pour connexions a distance
Controlo ActiveX do Windows Live Mesh para Ligacoes Remotas
CutePDF Writer 2.8
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ETDWare PS/2-X64 8.0.5.3_WHQL
ExpressGateCloud
Fast Boot
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galeria fotografica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Processor Graphics
Intel® Turbo Boost Technology Monitor
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware 版本 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.2 (x86 zh-TW)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Update Components
Realtek High Definition Audio Driver
Sandboxie 3.76 (64-bit)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SonicMaster
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598241) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB2.0 UVC 2M WebCam
Windows Live
Windows Live ?件包
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片?
Windows Live 影像中心
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
用于?程?接的 Windows Live Mesh ActiveX 控件(?体中文)
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== End Of File ===========================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 22 May 2013 - 09:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You log is clean.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#7 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 22 May 2013 - 08:24 PM

Hi, I notice that one line in DDS  Pseudo HJT Report log called:

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

 

Is this exe file safe?

 

Here is the security check log file:

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
COMODO Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware 版本 1.75.0.1300  
 JavaFX 2.1.1    
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Mozilla Firefox 16.0.2 Firefox out of Date!  
 Google Chrome 26.0.1410.43  
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 sandboxies SbieSvc.exe   
 sandboxies SbieCtrl.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

And here is the AdwCleaner log file:

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 09:04:38
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ASUS - ASUS-PC
# Boot Mode : Normal
# Running from : C:\Users\ASUS\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (zh-TW)

File : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R16].txt - [935 octets] - [08/05/2013 16:02:12]
AdwCleaner[R17].txt - [995 octets] - [14/05/2013 09:26:47]
AdwCleaner[R18].txt - [1055 octets] - [16/05/2013 09:25:58]
AdwCleaner[R19].txt - [1117 octets] - [16/05/2013 18:38:52]
AdwCleaner[R20].txt - [1179 octets] - [19/05/2013 17:02:35]
AdwCleaner[R21].txt - [1109 octets] - [23/05/2013 09:04:38]

########## EOF - C:\AdwCleaner[R21].txt - [1170 octets] ##########
 

And here is the AdwCleaner log file after click delete tab.

# AdwCleaner v2.301 - Logfile created 05/23/2013 at 09:06:06
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ASUS - ASUS-PC
# Boot Mode : Normal
# Running from : C:\Users\ASUS\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (zh-TW)

File : C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R16].txt - [935 octets] - [08/05/2013 16:02:12]
AdwCleaner[R17].txt - [995 octets] - [14/05/2013 09:26:47]
AdwCleaner[R18].txt - [1055 octets] - [16/05/2013 09:25:58]
AdwCleaner[R19].txt - [1117 octets] - [16/05/2013 18:38:52]
AdwCleaner[R20].txt - [1179 octets] - [19/05/2013 17:02:35]
AdwCleaner[R21].txt - [1240 octets] - [23/05/2013 09:04:38]
AdwCleaner[S3].txt - [1170 octets] - [23/05/2013 09:06:06]
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 23 May 2013 - 06:41 AM

Looking good.

I notice that one line in DDS Pseudo HJT Report log called:
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe


FancyStart is a utility that allows you to change the boot logo at computer startup. You can access this utility in Windows via the Start menu. It has options to completely customize your bootup including backgrounds, photos, and sounds.

Not required at Startup. You can remove the ,lnk file C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK

===

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

Edited by nasdaq, 23 May 2013 - 06:42 AM.


#9 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 23 May 2013 - 07:53 AM

Thank you very much for the help.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 PM

Posted 23 May 2013 - 09:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users