Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown user name, and sometime browser not work


  • This topic is locked This topic is locked
30 replies to this topic

#1 WinBMY

WinBMY

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 18 May 2014 - 03:11 AM

I clean my computer temp storage by using oldtimer's TFC today.

The log shows several unknown user name. And recently the browser couldn't work fine for searching. Its show me disconnecting for some website: said the www.google.com.

 

Unknown user are:  User:UpdatusUser and

                                User: V.I.P.O R

TFC log:

 Getting user folders.

 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: ASUS
->Temp folder emptied: 53818607 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: V.I.P.O R
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4903 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 0 bytes
Process complete!
 
Total Files Cleaned = 51.00 mb
 
and here is the DDS log:

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041
Run by ASUS at 15:59:22 on 2014-05-18
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 家用進階版   6.1.7601.1.950.886.1028.18.8103.6556 [GMT 8:00]
.
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = <local>
mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = Explorer.exe
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
mWinlogon: SFCDisable = dword:0
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [ISUSPM] "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [EMET 4.1 Agent] "C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
IE: 傳送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - 
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{8F77313F-9E3A-4822-A384-E848D1220AA5} : DHCPNameServer = 202.96.107.27 202.96.107.28
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988} : DHCPNameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\771696B6F6C6F616D283 : DHCPNameServer = 192.168.1.98
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\A416E63757242415 : DHCPNameServer = 192.168.1.1 139.175.252.16
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
x64-mWinlogon: Shell = Explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-mWinlogon: SFCDisable = dword:0
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-Run: [COMODO Internet Security] D:\CIS 7\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.19\trustedads.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - 
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\
FF - prefs.js: browser.startup.homepage - www.google.com.tw
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ASUS\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2012-11-30 18:49; {972ce4c6-7e08-4474-a285-3208198ce6fd}; D:\FFox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-09-25 16:45; PrivDog@AdTrustMedia.com; C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\extensions\PrivDog@AdTrustMedia.com
FF - ExtSQL: 2013-11-07 08:57; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; D:\FFox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\Windows\System32\drivers\acpi.sys [2011-2-19 334208]
R0 amdxata;amdxata;C:\Windows\System32\drivers\amdxata.sys [2011-10-18 27008]
R0 atapi;IDE 通道;C:\Windows\System32\drivers\atapi.sys [2009-7-14 24128]
R0 CLFS;Common Log (CLFS);C:\Windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\Windows\System32\drivers\cng.sys [2013-11-13 458712]
R0 Compbatt;Microsoft Composite Battery Driver;C:\Windows\System32\drivers\compbatt.sys [2009-7-14 21584]
R0 Disk;磁碟驅動程式;C:\Windows\System32\drivers\disk.sys [2009-7-14 73280]
R0 FileInfo;File Information FS MiniFilter;C:\Windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 FltMgr;FltMgr;C:\Windows\System32\drivers\fltMgr.sys [2011-2-19 289664]
R0 fvevol;Bitlocker 磁碟機加密篩選器驅動程式;C:\Windows\System32\drivers\fvevol.sys [2013-4-10 223752]
R0 hwpolicy;Hardware Policy Driver;C:\Windows\System32\drivers\hwpolicy.sys [2011-2-19 14720]
R0 iaStor;Intel AHCI Controller;C:\Windows\System32\drivers\iaStor.sys [2011-9-22 437272]
R0 KSecDD;KSecDD;C:\Windows\System32\drivers\ksecdd.sys [2014-5-17 95680]
R0 KSecPkg;KSecPkg;C:\Windows\System32\drivers\ksecpkg.sys [2014-5-17 155072]
R0 mountmgr;掛接點管理員;C:\Windows\System32\drivers\mountmgr.sys [2011-2-19 94592]
R0 msahci;msahci;C:\Windows\System32\drivers\msahci.sys [2011-2-19 31104]
R0 msisadrv;msisadrv;C:\Windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 Mup;Mup;C:\Windows\System32\drivers\mup.sys [2009-7-14 60496]
R0 NDIS;NDIS System Driver;C:\Windows\System32\drivers\ndis.sys [2012-9-12 950128]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-11-7 25960]
R0 partmgr;磁碟分割管理員;C:\Windows\System32\drivers\partmgr.sys [2012-5-11 75120]
R0 pci;PCI Bus Driver;C:\Windows\System32\drivers\pci.sys [2011-2-19 184704]
R0 pciide;pciide;C:\Windows\System32\drivers\pciide.sys [2009-7-14 12352]
R0 pcw;Performance Counters for Windows Driver;C:\Windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 rdyboost;ReadyBoost;C:\Windows\System32\drivers\rdyboost.sys [2011-2-19 213888]
R0 Tcpip;TCP/IP Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-10-10 1903552]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\Windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 volmgr;Volume Manager Driver;C:\Windows\System32\drivers\volmgr.sys [2011-2-19 71552]
R0 volmgrx;動態磁碟區管理員;C:\Windows\System32\drivers\volmgrx.sys [2011-2-19 363392]
R0 volsnap;存放磁碟區;C:\Windows\System32\drivers\volsnap.sys [2011-10-18 296320]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\Windows\System32\drivers\Wdf01000.sys [2013-10-10 785624]
R1 AFD;Ancillary Function Driver for Winsock;C:\Windows\System32\drivers\afd.sys [2013-11-13 497152]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2014-5-9 121928]
R1 Beep;Beep;C:\Windows\System32\drivers\beep.sys [2009-7-14 6656]
R1 blbdrive;blbdrive;C:\Windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cdrom;CD-ROM Driver;C:\Windows\System32\drivers\cdrom.sys [2011-2-19 147456]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-3-25 23168]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-3-25 48360]
R1 DfsC;DFS Namespace Client Driver;C:\Windows\System32\drivers\dfsc.sys [2011-2-19 102400]
R1 inspect;COMODO Internet Security Firewall Driver;C:\Windows\System32\drivers\inspect.sys [2014-3-25 105552]
R1 Msfs;Msfs;C:\Windows\System32\drivers\msfs.sys [2009-7-14 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\Windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
R1 NetBIOS;NetBIOS Interface;C:\Windows\System32\drivers\netbios.sys [2009-7-14 44544]
R1 NetBT;NetBT;C:\Windows\System32\drivers\netbt.sys [2011-2-19 261632]
R1 Npfs;Npfs;C:\Windows\System32\drivers\npfs.sys [2009-7-14 44032]
R1 nsiproxy;NSI proxy service driver.;C:\Windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 Null;Null;C:\Windows\System32\drivers\null.sys [2009-7-14 6144]
R1 Psched;QoS 封包排程器;C:\Windows\System32\drivers\pacer.sys [2011-2-19 131584]
R1 rdbss;重新導向緩衝子系統;C:\Windows\System32\drivers\rdbss.sys [2011-2-19 309248]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
R1 tdx;NetIO 傳統 TDI 支援驅動程式;C:\Windows\System32\drivers\tdx.sys [2011-2-19 119296]
R1 TermDD;Terminal Device Driver;C:\Windows\System32\drivers\termdd.sys [2011-2-19 63360]
R1 VgaSave;VgaSave;C:\Windows\System32\drivers\vga.sys [2009-7-14 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R1 WfpLwf;WFP Lightweight Filter;C:\Windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R1 ws2ifsl;Winsock IFS 驅動程式;C:\Windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
R2 BFE;Base Filtering Engine;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 CryptSvc;Cryptographic Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Dhcp;DHCP Client;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 Dnscache;DNS Client;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 eventlog;Windows Event Log;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LanmanWorkstation;Workstation;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 MpsSvc;Windows Firewall;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 nsi;Network Store Interface Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 PlugPlay;Plug and Play;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Power;Power;C:\Windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 ProfSvc;User Profile Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\Windows\System32\svchost.exe -k RPCSS [2009-7-14 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\Windows\System32\svchost.exe -k rpcss [2009-7-14 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 Wlansvc;WLAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\System32\drivers\athrx.sys [2012-11-7 2228736]
R3 bowser;瀏覽支援驅動程式;C:\Windows\System32\drivers\bowser.sys [2011-10-18 90624]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-14 28832]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\Windows\System32\drivers\CompositeBus.sys [2011-2-19 38912]
R3 EapHost;Extensible Authentication Protocol;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-9-22 142632]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-1-10 219648]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-1-10 65024]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\Windows\System32\drivers\hdaudbus.sys [2011-2-19 122368]
R3 HidUsb;Microsoft HID 類別驅動程式;C:\Windows\System32\drivers\hidusb.sys [2011-2-19 30208]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\Windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
R3 kbdclass;鍵盤類別驅動程式;C:\Windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
R3 kbdhid;鍵盤 HID 驅動程式;C:\Windows\System32\drivers\kbdhid.sys [2011-2-19 33280]
R3 kbfiltr;Keyboard Filter;C:\Windows\System32\drivers\kbfiltr.sys [2011-9-22 15416]
R3 KeyIso;CNG Key Isolation;C:\Windows\System32\lsass.exe [2014-5-17 31232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-22 169584]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-9-22 56344]
R3 mouclass;滑鼠類別驅動程式;C:\Windows\System32\drivers\mouclass.sys [2009-7-14 49216]
R3 mouhid;滑鼠 HID 驅動程式;C:\Windows\System32\drivers\mouhid.sys [2009-7-14 31232]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 mrxsmb;SMB MiniRedirector 包裝函式與引擎;C:\Windows\System32\drivers\mrxsmb.sys [2011-10-18 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\System32\drivers\mrxsmb10.sys [2011-10-18 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\System32\drivers\mrxsmb20.sys [2011-10-18 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\Windows\System32\drivers\nwifi.sys [2009-7-14 318976]
R3 NdisTapi;遠端存取 NDIS TAPI 驅動程式;C:\Windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\Windows\System32\drivers\ndisuio.sys [2011-2-19 56832]
R3 NdisWan;遠端存取 NDIS WAN 驅動程式;C:\Windows\System32\drivers\ndiswan.sys [2011-2-19 164352]
R3 NDProxy;NDIS Proxy;C:\Windows\System32\drivers\ndproxy.sys [2011-2-19 57856]
R3 Netman;Network Connections;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 netprofm;Network List Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 Ntfs;Ntfs;C:\Windows\System32\drivers\ntfs.sys [2014-4-9 1684928]
R3 PolicyAgent;IPsec Policy Agent;C:\Windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-14 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\Windows\System32\drivers\raspptp.sys [2011-2-19 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\Windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\Windows\System32\drivers\rasl2tp.sys [2011-2-19 129536]
R3 RasPppoe;遠端存取 PPPOE 驅動程式;C:\Windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\Windows\System32\drivers\rassstp.sys [2009-7-14 83968]
R3 swenum;Software Bus Driver;C:\Windows\System32\drivers\swenum.sys [2009-7-14 12496]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\Windows\System32\drivers\tunnel.sys [2011-2-19 125440]
R3 umbus;UMBus Enumerator Driver;C:\Windows\System32\drivers\umbus.sys [2011-2-19 48640]
R3 usbccgp;Microsoft USB 一般上層驅動程式;C:\Windows\System32\drivers\usbccgp.sys [2014-1-15 99840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\Windows\System32\drivers\usbehci.sys [2014-1-15 53248]
R3 usbhub;Microsoft USB 標準集線器驅動程式;C:\Windows\System32\drivers\usbhub.sys [2014-1-15 343040]
R3 vwifibus;Virtual WiFi Bus Driver;C:\Windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\Windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
S0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-5-9 718840]
S0 spldr;Security Processor Loader Driver;C:\Windows\System32\drivers\spldr.sys [2009-7-14 19008]
S0 trufos;trufos;C:\Windows\System32\drivers\trufos.sys [2014-5-9 382536]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-3-25 738472]
S1 discache;System Attribute Cache;C:\Windows\System32\drivers\discache.sys [2009-7-14 40448]
S1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-5-9 148696]
S1 RDPCDD;RDPCDD;C:\Windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\Windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
S1 Wanarpv6;遠端存取 IPv6 ARP 驅動程式;C:\Windows\System32\drivers\wanarp.sys [2011-2-19 88576]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-11-7 379520]
S2 ASLDRService;ASLDR Service;C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2009-6-16 84536]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-14 138400]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-14 74912]
S2 ATKGFNEXSrv;ATKGFNEX Service;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-16 96896]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S2 AudioSrv;Windows Audio;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S2 BITS;Background Intelligent Transfer Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CmdAgent;COMODO Internet Security Helper Service;D:\CIS 7\COMODO\COMODO Internet Security\cmdagent.exe [2014-3-25 6817544]
S2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-1-28 2135232]
S2 EventSystem;COM+ Event System;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S2 gpsvc;Group Policy Client;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 gupdate;Google更新 服務 (gupdate);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-5-9 69368]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
S2 LanmanServer;Server;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\System32\drivers\lltdio.sys [2009-7-14 60928]
S2 lmhosts;TCP/IP NetBIOS Helper;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S2 luafv;UAC 檔案模擬;C:\Windows\System32\drivers\luafv.sys [2009-7-14 113152]
S2 MMCSS;Multimedia Class Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-11-7 1997416]
S2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe --> C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [?]
S2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S2 PEAUTH;PEAUTH;C:\Windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
S2 rspndr;Link-Layer Topology Discovery Responder;C:\Windows\System32\drivers\rspndr.sys [2009-7-14 76800]
S2 SamSs;Security Accounts Manager;C:\Windows\System32\lsass.exe [2014-5-17 31232]
S2 Schedule;Task Scheduler;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 secdrv;Security Driver;C:\Windows\System32\drivers\secdrv.sys [2009-7-14 23040]
S2 seclogon;Secondary Logon;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 SENS;System Event Notification Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 SharedAccess;Internet Connection Sharing (ICS);C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 ShellHWDetection;Shell Hardware Detection;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 SkypeUpdate;Skype Updater;D:\CS180\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 Spooler;Print Spooler;C:\Windows\System32\spoolsv.exe [2012-8-16 559104]
S2 sppsvc;Software Protection;C:\Windows\System32\sppsvc.exe [2011-2-19 3524608]
S2 stisvc;Windows Image Acquisition (WIA);C:\Windows\System32\svchost.exe -k imgsvc [2009-7-14 27136]
S2 SysMain;Superfetch;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\System32\drivers\tcpipreg.sys [2012-11-17 45568]
S2 Themes;Themes;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 TrkWks;Distributed Link Tracking Client;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
S2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-3-26 91464]
S2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-3-29 2292096]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2011-2-19 1525248]
S2 wscsvc;Security Center;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S2 WSearch;Windows Search;C:\Windows\System32\SearchIndexer.exe [2011-10-18 591872]
S2 wuauserv;Windows Update;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\Windows\System32\drivers\1394ohci.sys [2011-2-19 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\Windows\System32\drivers\acpipmi.sys [2011-2-19 12800]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-3-5 257928]
S3 adp94xx;adp94xx;C:\Windows\System32\drivers\adp94xx.sys [2009-6-11 491088]
S3 adpahci;adpahci;C:\Windows\System32\drivers\adpahci.sys [2009-7-14 339536]
S3 adpu320;adpu320;C:\Windows\System32\drivers\adpu320.sys [2009-7-14 182864]
S3 AeLookupSvc;Application Experience;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 agp440;Intel AGP Bus Filter;C:\Windows\System32\drivers\AGP440.sys [2009-7-14 61008]
S3 ALG;Application Layer Gateway Service;C:\Windows\System32\alg.exe [2009-7-14 79360]
S3 aliide;aliide;C:\Windows\System32\drivers\aliide.sys [2009-7-14 15440]
S3 amdide;amdide;C:\Windows\System32\drivers\amdide.sys [2009-7-14 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\Windows\System32\drivers\amdk8.sys [2009-7-14 64512]
S3 AmdPPM;AMD Processor Driver;C:\Windows\System32\drivers\amdppm.sys [2009-7-14 60928]
S3 amdsata;amdsata;C:\Windows\System32\drivers\amdsata.sys [2011-10-18 107904]
S3 amdsbs;amdsbs;C:\Windows\System32\drivers\amdsbs.sys [2009-6-11 194128]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
S3 AppID;AppID 驅動程式;C:\Windows\System32\drivers\appid.sys [2011-2-19 61440]
S3 AppIDSvc;Application Identity;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Appinfo;Application Information;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 arc;arc;C:\Windows\System32\drivers\arc.sys [2009-7-14 87632]
S3 arcsas;arcsas;C:\Windows\System32\drivers\arcsas.sys [2009-7-14 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-9-11 51808]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\Windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-14 36000]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-5-9 593144]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\Windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\Windows\System32\drivers\bxvbda.sys [2009-6-11 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2009-6-11 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 BridgeMP;MAC Bridge Miniport;C:\Windows\System32\drivers\bridge.sys [2009-7-14 95232]
S3 Browser;Computer Browser;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\Windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-14 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-14 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-14 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-14 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-14 280224]
S3 BthEnum;Bluetooth Request Block Driver;C:\Windows\System32\drivers\bthenum.sys [2009-7-14 41984]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\Windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\Windows\System32\drivers\bthpan.sys [2009-7-14 118784]
S3 BTHPORT;Bluetooth 連接埠驅動程式;C:\Windows\System32\drivers\bthport.sys [2012-8-17 552960]
S3 bthserv;Bluetooth Support Service;C:\Windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
S3 BTHUSB;Bluetooth 無線電 USB 驅動程式;C:\Windows\System32\drivers\BTHUSB.SYS [2011-10-18 80384]
S3 CertPropSvc;Certificate Propagation;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 circlass;Consumer IR Devices;C:\Windows\System32\drivers\circlass.sys [2009-7-14 45568]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\Windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
S3 cmdide;cmdide;C:\Windows\System32\drivers\cmdide.sys [2009-7-14 17488]
S3 cmdvirth;COMODO Virtual Service Manager;D:\CIS 7\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 COMSysApp;COM+ System Application;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
S3 defragsvc;Disk Defragmenter;C:\Windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
S3 dot3svc;Wired AutoConfig;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\Windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
S3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\System32\drivers\dxgkrnl.sys [2013-10-11 983488]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\Windows\System32\drivers\evbda.sys [2009-6-11 3286016]
S3 EFS;Encrypting File System (EFS);C:\Windows\System32\lsass.exe [2014-5-17 31232]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2011-2-19 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
S3 elxstor;elxstor;C:\Windows\System32\drivers\elxstor.sys [2009-6-11 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\System32\drivers\errdev.sys [2009-7-14 9728]
S3 exfat;exFAT File System Driver;C:\Windows\System32\drivers\exfat.sys [2009-7-14 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\Windows\System32\drivers\fastfat.sys [2009-7-14 204800]
S3 Fax;Fax;C:\Windows\System32\FXSSVC.exe [2011-2-19 689152]
S3 fdc;Floppy Disk Controller Driver;C:\Windows\System32\drivers\fdc.sys [2009-7-14 29696]
S3 fdPHost;Function Discovery Provider Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 FDResPub;Function Discovery Resource Publication;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Filetrace;Filetrace;C:\Windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 flpydisk;Floppy Disk Driver;C:\Windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2011-2-19 42856]
S3 FsDepends;File System Dependency Minifilter;C:\Windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-10-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe []
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\Windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
S3 gupdatem;Google更新 服務 (gupdatem);"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-7-14 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\Windows\System32\drivers\HdAudio.sys [2011-2-19 350208]
S3 HidBatt;HID UPS Battery Driver;C:\Windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\Windows\System32\drivers\hidbth.sys [2009-7-14 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\Windows\System32\drivers\hidir.sys [2009-7-14 46592]
S3 hidserv;Human Interface Device Access;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 hkmsvc;Health Key and Certificate Management;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 HomeGroupListener;HomeGroup Listener;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 HomeGroupProvider;HomeGroup Provider;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S3 HpSAMD;HpSAMD;C:\Windows\System32\drivers\HpSAMD.sys [2011-2-19 78720]
S3 HTTP;HTTP;C:\Windows\System32\drivers\http.sys [2011-2-19 753664]
S3 iaStorV;iaStorV;C:\Windows\System32\drivers\iaStorV.sys [2011-10-18 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2011-2-19 856400]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]
S3 igfx;igfx;C:\Windows\System32\drivers\igdkmd64.sys [2011-9-22 12273408]
S3 iirsp;iirsp;C:\Windows\System32\drivers\iirsp.sys [2009-7-14 44112]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\Windows\System32\drivers\RTKVHD64.sys [2012-11-7 2515432]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-22 317440]
S3 intelide;intelide;C:\Windows\System32\drivers\intelide.sys [2009-7-14 16960]
S3 intelppm;Intel Processor Driver;C:\Windows\System32\drivers\intelppm.sys [2009-7-14 62464]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 IpFilterDriver;IP 流量篩選器驅動程式;C:\Windows\System32\drivers\ipfltdrv.sys [2011-2-19 82944]
S3 IPMIDRV;IPMIDRV;C:\Windows\System32\drivers\IPMIDrv.sys [2011-2-19 78848]
S3 IPNAT;IP Network Address Translator;C:\Windows\System32\drivers\ipnat.sys [2009-7-14 116224]
S3 IRENUM;IR Bus Enumerator;C:\Windows\System32\drivers\irenum.sys [2009-7-14 17920]
S3 isapnp;isapnp;C:\Windows\System32\drivers\isapnp.sys [2009-7-14 20544]
S3 iScsiPrt;iScsiPort 驅動程式;C:\Windows\System32\drivers\msiscsi.sys [2014-4-9 274880]
S3 ksthunk;Kernel Streaming Thunks;C:\Windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 LSI_FC;LSI_FC;C:\Windows\System32\drivers\lsi_fc.sys [2009-7-14 114752]
S3 LSI_SAS;LSI_SAS;C:\Windows\System32\drivers\lsi_sas.sys [2009-7-14 106560]
S3 LSI_SAS2;LSI_SAS2;C:\Windows\System32\drivers\lsi_sas2.sys [2009-7-14 65600]
S3 LSI_SCSI;LSI_SCSI;C:\Windows\System32\drivers\lsi_scsi.sys [2009-7-14 115776]
S3 megasas;megasas;C:\Windows\System32\drivers\megasas.sys [2009-6-11 35392]
S3 MegaSR;MegaSR;C:\Windows\System32\drivers\MegaSR.sys [2009-7-14 284736]
S3 Modem;Modem;C:\Windows\System32\drivers\modem.sys [2009-7-14 40448]
S3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\System32\drivers\monitor.sys [2009-7-14 30208]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-30 117144]
S3 mpio;mpio;C:\Windows\System32\drivers\mpio.sys [2011-2-19 155008]
S3 MRxDAV;WebDav 用戶端重新導向器驅動程式;C:\Windows\System32\drivers\mrxdav.sys [2013-10-10 140800]
S3 msdsm;msdsm;C:\Windows\System32\drivers\msdsm.sys [2011-2-19 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\Windows\System32\msdtc.exe [2009-7-14 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\Windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 msiserver;Windows Installer;C:\Windows\System32\msiexec.exe [2011-2-19 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\Windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\Windows\System32\drivers\mspclock.sys [2009-7-14 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\Windows\System32\drivers\mspqm.sys [2009-7-14 6784]
S3 MsRPC;MsRPC;C:\Windows\System32\drivers\msrpc.sys [2011-2-19 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\Windows\System32\drivers\mstee.sys [2009-7-14 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\Windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 napagent;Network Access Protection Agent;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\Windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 Netlogon;Netlogon;C:\Windows\System32\lsass.exe [2014-5-17 31232]
S3 nfrd960;nfrd960;C:\Windows\System32\drivers\nfrd960.sys [2009-7-14 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\Windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 nvlddmkm;nvlddmkm;C:\Windows\System32\drivers\nvlddmkm.sys [2012-11-7 13076328]
S3 nvraid;nvraid;C:\Windows\System32\drivers\nvraid.sys [2011-10-18 148352]
S3 nvstor;nvstor;C:\Windows\System32\drivers\nvstor.sys [2011-10-18 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\Windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 ose;Office  Source Engine;C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 149352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Parport;Parallel port driver;C:\Windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-4-15 38912]
S3 pcmcia;pcmcia;C:\Windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Processor;Processor Driver;C:\Windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ProtectedStorage;Protected Storage;C:\Windows\System32\lsass.exe [2014-5-17 31232]
S3 ql2300;ql2300;C:\Windows\System32\drivers\ql2300.sys [2009-6-11 1524816]
S3 ql40xx;ql40xx;C:\Windows\System32\drivers\ql40xx.sys [2009-7-14 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 QWAVEdrv;QWAVE driver;C:\Windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\Windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 RasMan;Remote Access Connection Manager;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\Windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
S3 RDPWD;RDP Winstation Driver;C:\Windows\System32\drivers\rdpwd.sys [2012-6-13 210944]
S3 RemoteRegistry;Remote Registry;C:\Windows\System32\svchost.exe -k regsvc [2009-7-14 27136]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\Windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
S3 RichVideo;Cyberlink RichVideo Service(CRVS);"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" --> C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [?]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\Windows\System32\Locator.exe [2009-7-14 10240]
S3 sbp2port;sbp2port;C:\Windows\System32\drivers\sbp2port.sys [2011-2-19 103808]
S3 SCardSvr;Smart Card;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 scfilter;智慧卡 PnP 類別篩選器驅動程式;C:\Windows\System32\drivers\scfilter.sys [2011-2-19 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 SDRSVC;Windows Backup;C:\Windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136]
S3 SensrSvc;Adaptive Brightness;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Serenum;Serenum Filter Driver;C:\Windows\System32\drivers\serenum.sys [2009-7-14 23552]
S3 Serial;Serial;C:\Windows\System32\drivers\serial.sys [2009-7-14 94208]
S3 sermouse;Serial Mouse Driver;C:\Windows\System32\drivers\sermouse.sys [2009-7-14 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 sffdisk;SFF Storage Class Driver;C:\Windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\Windows\System32\drivers\sffp_sd.sys [2011-2-19 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\Windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 SiSRaid2;SiSRaid2;C:\Windows\System32\drivers\sisraid2.sys [2009-6-11 43584]
S3 SiSRaid4;SiSRaid4;C:\Windows\System32\drivers\sisraid4.sys [2009-7-14 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 SNMPTRAP;SNMP Trap;C:\Windows\System32\snmptrap.exe [2009-7-14 14336]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\System32\drivers\snp2uvc.sys [2011-9-22 1800832]
S3 sppuinotify;SPP Notification Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 srv;Server SMB 1.xxx 驅動程式;C:\Windows\System32\drivers\srv.sys [2011-10-18 467456]
S3 srv2;Server SMB 2.xxx 驅動程式;C:\Windows\System32\drivers\srv2.sys [2011-10-18 410112]
S3 srvnet;srvnet;C:\Windows\System32\drivers\srvnet.sys [2011-10-18 168448]
S3 SSDPSRV;SSDP Discovery;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 stexstor;stexstor;C:\Windows\System32\drivers\stexstor.sys [2009-7-14 24656]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\Windows\System32\svchost.exe -k swprv [2009-7-14 27136]
S3 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TapiSrv;Telephony;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\Windows\System32\drivers\tcpip.sys [2013-10-10 1903552]
S3 TDPIPE;TDPIPE;C:\Windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
S3 TDTCP;TDTCP;C:\Windows\System32\drivers\tdtcp.sys [2012-4-7 23552]
S3 TermService;Remote Desktop Services;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 THREADORDER;Thread Ordering Server;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 TPM;TPM;C:\Windows\System32\drivers\tpm.sys [2009-7-14 38400]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2011-2-19 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\Windows\System32\drivers\tssecsrv.sys [2013-8-15 39936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\Windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
S3 UI0Detect;Interactive Services Detection;C:\Windows\System32\UI0Detect.exe [2009-7-14 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmPass;Microsoft UMPass Driver;C:\Windows\System32\drivers\umpass.sys [2009-7-14 9728]
S3 upnphost;UPnP Device Host;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 usbaudio;USB Audio Driver (WDM);C:\Windows\System32\drivers\USBAUDIO.sys [2013-10-10 109824]
S3 usbcir;eHome 紅外線接收器 (USBCIR);C:\Windows\System32\drivers\usbcir.sys [2013-10-10 100864]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\Windows\System32\drivers\usbohci.sys [2014-1-15 25600]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\System32\drivers\usbprint.sys [2009-7-14 25088]
S3 usbscan;USB 掃描器驅動程式;C:\Windows\System32\drivers\usbscan.sys [2013-10-10 42496]
S3 USBSTOR;USB Mass Storage Driver;C:\Windows\System32\drivers\USBSTOR.SYS [2011-10-18 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\Windows\System32\drivers\usbuhci.sys [2014-1-15 30720]
S3 usbvideo;USB 視訊裝置 (WDM);C:\Windows\System32\drivers\usbvideo.sys [2013-10-10 185344]
S3 VaultSvc;Credential Manager;C:\Windows\System32\lsass.exe [2014-5-17 31232]
S3 vds;Virtual Disk;C:\Windows\System32\vds.exe [2011-2-19 533504]
S3 vga;vga;C:\Windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
S3 vhdmp;vhdmp;C:\Windows\System32\drivers\vhdmp.sys [2011-2-19 215936]
S3 viaide;viaide;C:\Windows\System32\drivers\viaide.sys [2009-7-14 17488]
S3 vsmraid;vsmraid;C:\Windows\System32\drivers\vsmraid.sys [2009-6-11 161872]
S3 VSS;Volume Shadow Copy;C:\Windows\System32\VSSVC.exe [2011-2-19 1600512]
S3 W32Time;Windows Time;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WANARP;遠端存取 IP ARP 驅動程式;C:\Windows\System32\drivers\wanarp.sys [2011-2-19 88576]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-8 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\Windows\System32\wbengine.exe [2011-2-19 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\Windows\System32\svchost.exe -k WbioSvcGroup [2009-7-14 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 WcsPlugInService;Windows Color System;C:\Windows\System32\svchost.exe -k wcssvc [2009-7-14 27136]
S3 Wd;Wd;C:\Windows\System32\drivers\wd.sys [2009-7-14 21056]
S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WebClient;WebClient;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 Wecsvc;Windows Event Collector;C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe -k WerSvcGroup [2009-7-14 27136]
S3 WimFltr;WimFltr;C:\Windows\System32\drivers\WimFltr.sys [2008-5-24 154168]
S3 WIMMount;WIMMount;C:\Windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinDefend;Windows Defender;C:\Windows\System32\svchost.exe -k secsvcs [2009-7-14 27136]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\Windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 WinUsb;WinUsb;C:\Windows\System32\drivers\winusb.sys [2011-2-19 41984]
S3 wmiApSrv;WMI Performance Adapter;C:\Windows\System32\wbem\WmiApSrv.exe [2009-7-14 203264]
S3 WPCSvc;家長監護;C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\Windows\System32\drivers\WUDFPf.sys [2012-11-17 87040]
S3 WUDFRd;WUDFRd;C:\Windows\System32\drivers\WUDFRd.sys [2012-11-17 198656]
S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WwanSvc;WWAN AutoConfig;C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S4 cdfs;CD/DVD File System Reader;C:\Windows\System32\drivers\cdfs.sys [2009-7-14 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-14 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-14 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\Windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-9-11 139856]
S4 RemoteAccess;Routing and Remote Access;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 udfs;udfs;C:\Windows\System32\drivers\udfs.sys [2011-2-19 328192]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: ComFile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: ois.exe: Edit=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellEdit "%1"
ShellExec: ois.exe: Open=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
ShellExec: ois.exe: Preview=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellPreview "%1"
ShellExec: PDFReader.exe: open="C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" "%1"
ShellExec: PDFReader.exe: print="C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" /p "%1"
ShellExec: PDFReader.exe: printto="C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" /t "%1" "%2" "%3" "%4"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: Winword.exe: edit="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2014-05-18 07:53:30 -------- d-sh--w- C:\Users\ASUS\AppData\Local\EmieUserList
2014-05-18 07:53:30 -------- d-sh--w- C:\Users\ASUS\AppData\Local\EmieSiteList
2014-05-18 07:26:43 -------- d-----w- C:\Windows\SysWow64\镽蠉镽videace
2014-05-18 01:00:49 -------- d-----w- C:\Windows\SysWow64\tw蠉twvideace
2014-05-17 23:53:13 -------- d-----w- C:\Windows\SysWow64\Xw蠉Xwvideace
2014-05-17 00:41:36 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-05-17 00:41:35 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-17 00:41:35 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-17 00:41:35 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-05-17 00:41:35 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-05-17 00:41:34 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-05-17 00:41:34 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-17 00:41:34 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-17 00:41:33 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-05-17 00:41:33 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-05-17 00:41:32 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-17 00:41:32 538112 ----a-w- C:\Windows\SysWow64\objsel.dll
2014-05-17 00:41:31 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-05-17 00:41:31 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-05-17 00:41:31 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-17 00:41:31 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-17 00:41:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-17 00:41:30 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-17 00:41:30 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-05-17 00:41:29 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-05-17 00:41:29 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-05-17 00:41:29 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-05-17 00:41:29 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-05-17 00:41:29 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-05-17 00:41:29 51200 ----a-w- C:\Windows\SysWow64\cngprovider.dll
2014-05-17 00:41:29 49664 ----a-w- C:\Windows\SysWow64\adprovider.dll
2014-05-17 00:41:29 48128 ----a-w- C:\Windows\SysWow64\capiprovider.dll
2014-05-17 00:41:29 47616 ----a-w- C:\Windows\SysWow64\dpapiprovider.dll
2014-05-17 00:41:29 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-05-17 00:41:29 36864 ----a-w- C:\Windows\SysWow64\dimsroam.dll
2014-05-17 00:41:29 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-17 00:41:28 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-05-17 00:41:27 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-05-17 00:41:27 35328 ----a-w- C:\Windows\SysWow64\wincredprovider.dll
2014-05-17 00:41:27 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-05-17 00:41:26 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-17 00:41:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-05-17 00:41:26 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-05-17 00:41:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-05-17 00:41:26 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-17 00:41:26 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-16 03:38:58 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-16 00:39:17 14175744 ----a-w- C:\Windows\System32\shell32.dll
2014-05-16 00:39:16 12874240 ----a-w- C:\Windows\SysWow64\shell32.dll
2014-05-16 00:30:31 -------- d-----w- C:\Windows\SysWow64\dw蠉dwvideace
2014-05-16 00:29:15 84992 ----a-w- C:\Windows\System32\mshtmled.dll
2014-05-16 00:29:15 23544320 ----a-w- C:\Windows\System32\mshtml.dll
2014-05-16 00:29:14 69632 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2014-05-16 00:29:14 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-16 00:29:14 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-16 00:29:14 17382912 ----a-w- C:\Windows\SysWow64\mshtml.dll
2014-05-16 00:28:29 -------- d-----w- C:\Program Files (x86)\Common Files\DESIGNER
2014-05-16 00:23:30 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-16 00:23:30 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-14 10:35:44 -------- d-----w- C:\Windows\SysWow64\cw蠉cwvideace
2014-05-14 08:14:16 -------- d-----w- C:\Windows\SysWow64\荑蠉荑videace
2014-05-14 03:02:29 -------- d--h--w- C:\VTRoot
2014-05-13 11:46:55 -------- d-----w- C:\Windows\SysWow64\蠉吒videace
2014-05-12 10:04:24 -------- d-----w- C:\Windows\SysWow64\kw蠉kwvideace
2014-05-12 09:48:28 -------- d-----w- C:\Windows\SysWow64\tw蠉twvideace
2014-05-12 09:44:38 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-12 01:27:12 -------- d-----w- C:\Windows\SysWow64\燸蠉燸videace
2014-05-10 13:26:20 -------- d-----w- C:\Windows\SysWow64\盱蠉盱videace
2014-05-09 04:22:11 -------- d-----w- C:\Windows\SysWow64\揅蠉揅videace
2014-05-09 04:01:07 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2014-05-09 03:55:25 200813 ----a-w- C:\ProgramData\1399607550.bdinstall.bin
2014-05-09 03:54:11 261056 ----a-w- C:\Windows\System32\drivers\SET2403.tmp
2014-05-09 03:54:10 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2014-05-09 03:54:10 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2014-05-09 03:53:33 -------- d-----w- C:\Program Files\Bitdefender
2014-05-09 03:53:17 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2014-05-09 03:53:17 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2014-05-09 03:40:40 -------- d-----w- C:\Windows\SysWow64\─蠉─videace
2014-05-09 03:14:39 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-09 03:14:37 -------- d-----w- C:\Windows\temp
2014-05-09 02:56:12 -------- d-----w- C:\Windows\SysWow64\$w蠉$w吭videace
2014-05-09 00:30:19 -------- d-----w- C:\Windows\SysWow64\9w蠉9wvideace
2014-05-08 01:52:39 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-05-08 01:05:43 -------- d-----w- C:\Windows\SysWow64\Lw蠉Lwvideace
2014-05-06 10:08:06 -------- d-----w- C:\Windows\SysWow64\綩蠉綩坼videace
2014-05-05 13:55:16 -------- d-----w- C:\Windows\SysWow64\jw蠉jwvideace
2014-04-30 03:59:41 -------- d-----w- C:\Windows\SysWow64\黲蠉黲videace
2014-04-30 01:08:19 -------- d-----w- C:\Windows\SysWow64\Dw蠉Dwvideace
2014-04-29 00:56:56 -------- d-----w- C:\Windows\SysWow64\Jw蠉Jwvideace
2014-04-28 02:06:03 -------- d-----w- C:\Windows\SysWow64\患蠉患videace
2014-04-28 01:38:29 -------- d-----w- C:\Program Files (x86)\Skype
2014-04-28 01:38:29 -------- d-----w- C:\Config.Msi
2014-04-28 01:37:21 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-26 23:36:36 -------- d-----w- C:\Windows\SysWow64\aw蠉awvideace
2014-04-26 08:14:27 -------- d-----w- C:\Windows\SysWow64\鰉蠉鰉videace
2014-04-25 22:12:54 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-25 09:16:53 -------- d-----w- C:\Windows\SysWow64\吷蠉吷兝videace
2014-04-24 22:21:19 -------- d-----w- C:\Windows\SysWow64\镽蠉镽videace
2014-04-24 08:20:38 -------- d-----w- C:\Windows\SysWow64\蠉αvideace
2014-04-22 00:28:53 -------- d-----w- C:\Windows\SysWow64\叱蠉叱俞videace
2014-04-21 07:03:33 -------- d-----w- C:\Windows\SysWow64\趴蠉趴videace
2014-04-20 13:33:38 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-20 13:33:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-20 13:33:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 13:06:24 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-20 13:05:03 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-20 12:59:39 -------- d-----w- C:\Windows\SysWow64\ow蠉owvideace
2014-04-19 23:03:27 -------- d-----w- C:\Windows\SysWow64\敨蠉敨videace
2014-04-19 09:33:42 -------- d-----w- C:\Windows\SysWow64\針蠉針videace
2014-04-19 06:49:28 -------- d-----w- C:\Windows\SysWow64\蠉坼videace
2014-04-17 21:52:38 -------- d-----w- C:\Windows\SysWow64\#w蠉#wvideace
2014-04-17 13:17:18 -------- d-----w- C:\Users\ASUS\AppData\Local\AdTrustMedia
2014-04-17 12:59:42 -------- d-----w- C:\Windows\SysWow64\Mw蠉Mwvideace
2014-04-17 11:33:59 -------- d-----w- C:\Users\ASUS\AppData\Local\Comodo
2014-04-17 11:33:51 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-04-17 11:33:51 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-04-17 11:33:43 -------- d-----w- C:\ProgramData\Comodo Downloader
2014-04-17 11:29:35 -------- d-----w- C:\Windows\SysWow64\饘蠉饘videace
2014-04-17 11:28:02 5170904 ----a-w- C:\ProgramData\cisF6B0.exe
2014-04-17 06:21:07 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-17 06:17:59 5170904 ----a-w- C:\ProgramData\cis8BF9.exe
2014-04-17 06:01:46 -------- d-----w- C:\Windows\SysWow64\Xw蠉Xwvideace
2014-04-17 05:38:14 5181144 ----a-w- C:\ProgramData\cis8C18.exe
2014-04-17 02:36:34 -------- d-----w- C:\Windows\SysWow64\ㄈ蠉ㄈvideace
2014-04-17 02:17:49 -------- d-----w- C:\Windows\SysWow64\Mw蠉Mwvideace
2014-04-17 00:18:09 -------- d-----w- C:\Windows\SysWow64\銤蠉銤淚videace
2014-04-16 00:15:45 -------- d-----w- C:\Windows\SysWow64\喦蠉喦videace
2014-04-15 13:04:13 -------- d-----w- C:\Program Files (x86)\EMET 4.1
2014-04-15 01:04:32 -------- d-----w- C:\Windows\SysWow64\_w蠉_wvideace
2014-04-14 18:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-14 10:47:44 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-14 01:34:35 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-13 00:13:59 -------- d-----w- C:\Windows\SysWow64\蠉兝videace
2014-04-11 13:36:35 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-11 09:45:26 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-11 09:45:26 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-11 09:45:25 574976 ----a-w- C:\Windows\System32\ieui.dll
2014-04-11 09:45:25 440832 ----a-w- C:\Windows\SysWow64\ieui.dll
2014-04-11 09:45:20 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-11 09:45:20 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-11 09:45:20 470016 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-11 09:45:20 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-11 09:45:20 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-04-11 09:45:20 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-04-11 09:45:20 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2014-04-11 09:45:20 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-04-11 09:45:19 722432 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2014-04-11 09:45:19 271360 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-04-11 09:45:17 586240 ----a-w- C:\Windows\System32\ie4uinit.exe
2014-04-11 09:45:17 48128 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-04-11 09:45:17 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-04-11 09:45:17 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-11 09:45:17 33792 ----a-w- C:\Windows\System32\iernonce.dll
2014-04-11 09:45:16 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-04-11 09:45:15 628736 ----a-w- C:\Windows\System32\msfeeds.dll
2014-04-11 09:45:15 524288 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2014-04-11 09:45:15 51200 ----a-w- C:\Windows\System32\jsproxy.dll
2014-04-11 09:45:15 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2014-04-11 09:45:15 43008 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2014-04-11 09:45:15 367616 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2014-04-11 09:45:15 296960 ----a-w- C:\Windows\System32\dxtrans.dll
2014-04-11 09:45:15 244224 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2014-04-11 09:45:15 195584 ----a-w- C:\Windows\System32\msrating.dll
2014-04-11 09:45:15 164864 ----a-w- C:\Windows\SysWow64\msrating.dll
2014-04-11 09:45:14 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-04-11 09:45:14 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-04-11 09:45:14 32768 ----a-w- C:\Windows\SysWow64\iernonce.dll
2014-04-11 09:45:14 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-04-11 09:45:14 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-04-11 09:45:14 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-04-11 09:45:13 8011776 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-04-11 09:45:12 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-11 09:45:12 846336 ----a-w- C:\Windows\System32\ieapfltr.dll
2014-04-11 09:45:12 704512 ----a-w- C:\Windows\SysWow64\ieapfltr.dll
2014-04-11 09:45:12 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-04-11 09:45:12 570368 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-04-11 09:45:12 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-04-11 09:45:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-04-11 09:45:12 326144 ----a-w- C:\Program Files\Internet Explorer\F12Tools.dll
2014-04-11 09:45:12 255488 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-04-11 09:45:12 227840 ----a-w- C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-04-11 09:45:12 209408 ----a-w- C:\Program Files\Internet Explorer\DiagnosticsTap.dll
2014-04-11 09:45:12 1850880 ----a-w- C:\Program Files\Internet Explorer\MemoryAnalyzer.dll
2014-04-11 09:45:12 151552 ----a-w- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll
2014-04-11 09:45:12 146432 ----a-w- C:\Program Files\Internet Explorer\Timeline_is.dll
2014-04-11 09:45:12 145920 ----a-w- C:\Program Files\Internet Explorer\Timeline.dll
2014-04-11 09:45:12 1191936 ----a-w- C:\Program Files\Internet Explorer\networkinspection.dll
2014-04-11 09:45:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-04-11 09:45:12 1064960 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-04-11 09:45:11 2767360 ----a-w- C:\Windows\System32\iertutil.dll
2014-04-11 09:45:11 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-04-11 09:45:11 2178048 ----a-w- C:\Windows\SysWow64\iertutil.dll
2014-04-11 09:45:11 1796608 ----a-w- C:\Program Files\Internet Explorer\F12.dll
2014-04-11 09:45:11 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-04-11 09:45:11 1143808 ----a-w- C:\Windows\SysWow64\urlmon.dll
2014-04-11 09:45:10 811728 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-11 09:45:10 809680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-04-11 09:45:10 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-04-11 09:45:10 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-04-11 09:45:10 1400832 ----a-w- C:\Windows\System32\urlmon.dll
2014-04-11 09:45:10 13551104 ----a-w- C:\Windows\System32\ieframe.dll
2014-04-11 09:45:09 11745792 ----a-w- C:\Windows\SysWow64\ieframe.dll
2014-04-11 09:45:08 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-04-11 09:45:08 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-04-10 00:28:32 -------- d-----w- C:\Windows\SysWow64\,w蠉,wvideace
2014-04-09 08:19:42 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-09 08:19:42 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-09 08:19:42 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-04-09 08:19:42 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-04-09 08:19:42 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-04-09 08:19:40 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-09 08:19:40 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-09 08:19:40 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-09 08:19:40 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-09 08:19:40 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-09 08:19:40 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 08:19:40 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-09 08:19:40 1163264 ----a-w- C:\Windows\System32\kernel32.dll
2014-04-09 08:19:40 1114112 ----a-w- C:\Windows\SysWow64\kernel32.dll
2014-04-09 08:19:39 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-09 08:19:39 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-09 08:19:37 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-09 00:35:03 -------- d-----w- C:\Windows\SysWow64\Ow蠉Owvideace
2014-04-07 09:02:39 -------- d-----w- C:\Windows\SysWow64\[w蠉[wvideace
2014-04-07 02:20:07 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-06 05:31:33 -------- d-----w- C:\Windows\SysWow64\肓蠉肓沔videace
2014-04-05 23:33:29 -------- d-----w- C:\Windows\SysWow64\徲蠉徲videace
2014-04-05 11:09:04 -------- d-----w- C:\Windows\SysWow64\憨蠉憨苒videace
2014-04-04 23:44:36 -------- d-----w- C:\Windows\SysWow64\蠉videace
2014-04-04 07:28:38 -------- d-----w- C:\Windows\SysWow64\蠉歿videace
2014-03-31 21:12:28 2127040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL
2014-03-31 10:28:46 -------- d-----w- C:\Windows\SysWow64\瞝蠉瞝videace
2014-03-31 01:30:42 -------- d-----w- C:\Windows\SysWow64\.w蠉.wvideace
2014-03-30 07:06:31 -------- d-----w- C:\Windows\SysWow64\鋍蠉鋍吒videace
2014-03-29 23:41:17 -------- d-----w- C:\Windows\SysWow64\黲蠉黲愧videace
2014-03-29 12:06:34 -------- d-----w- C:\Windows\SysWow64\(w蠉(wαvideace
2014-03-29 00:12:13 -------- d-----w- C:\Windows\SysWow64\#w蠉#wvideace
2014-03-27 01:08:31 -------- d-----w- C:\Windows\SysWow64\蠉吒videace
2014-03-25 12:22:52 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2014-03-25 12:22:52 105552 ----a-w- C:\Windows\System32\drivers\inspect.sys
2014-03-25 12:22:50 738472 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2014-03-25 12:22:50 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2014-03-25 12:22:38 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2014-03-25 12:22:38 363504 ----a-w- C:\Windows\SysWow64\guard32.dll
2014-03-25 12:22:36 453680 ----a-w- C:\Windows\System32\guard64.dll
2014-03-25 12:22:30 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll
2014-03-25 12:22:30 352984 ----a-w- C:\Windows\System32\cmdvrt64.dll
2014-03-25 12:22:26 284888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2014-03-25 12:22:24 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2014-03-24 06:21:57 -------- d-----w- C:\Windows\SysWow64\w蠉w兝videace
2014-03-24 02:53:01 -------- d-----w- C:\Windows\SysWow64\pw蠉pw廄videace
2014-03-21 06:20:52 -------- d-----w- C:\Windows\SysWow64\nw蠉nw吒videace
.
==================== Find6M  ====================
.
2014-05-18 07:35:32 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2014-05-16 00:25:10 93223848 ----a-w- C:\Windows\System32\MRT.exe
2014-03-12 13:41:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 13:41:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-05 04:53:24 5170904 ----a-w- C:\ProgramData\cis678E.exe
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-01 07:44:23 208216 ----a-w- C:\Windows\System32\drivers\73719873.sys
2014-02-20 14:13:30 5102808 ----a-w- C:\ProgramData\cis91AB.exe
2014-02-19 07:20:52 181064 ----a-w- C:\Windows\PSEXESVC.EXE
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-17 22:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-11-21 02:14:06 150672 ----a-w- C:\Windows\apppatch\AppPatch64\EMET64.dll
2013-11-21 02:14:00 549520 ----a-w- C:\Windows\apppatch\EMET.dll
.
============= FINISH: 16:00:11.18 ===============
 
And here is the Extra log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 家用進階版 
Boot Device: \Device\HarddiskVolume2
Install Date: 2012/11/6 14:33:20
System Uptime: 2014/5/18 15:55:21 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. |  | N43SL
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz | CPU 1 | 2294/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 200 GiB total, 123.662 GiB free.
D: is FIXED (NTFS) - 241 GiB total, 212.943 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP276: 2014/4/15 21:03:19 - Installed EMET 4.1
RP277: 2014/4/17 13:48:11 - 裝置驅動程式套件安裝: COMODO Network Service
RP278: 2014/4/17 14:29:29 - 裝置驅動程式套件安裝: COMODO Network Service
RP279: 2014/4/17 19:36:43 - 裝置驅動程式套件安裝: COMODO Network Service
RP280: 2014/5/16 08:22:01 - Windows Update
RP281: 2014/5/16 11:36:37 - Windows Update
RP282: 2014/5/17 22:19:12 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 12 Plugin
Akamai NetSession Interface
Alcor Micro USB Card Reader
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS RT-N12 Wireless Router Utilities
ASUS RT-N12C1 Wireless Router Utilities
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
Atheros Client Installation Program
ATK Package
Bitdefender Antivirus Free Edition
Bluetooth Win7 Suite (64)
CCleaner
Comodo Dragon
COMODO Internet Security Premium
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX Windows Live Mesh pour connexions a distance
Controlo ActiveX do Windows Live Mesh para Ligacoes Remotas
CutePDF Writer 2.8
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EMET 4.1
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.5.3_WHQL
ExpressGateCloud
Fast Boot
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galeria fotografica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Update Helper
HiJackThis
HyView 影像瀏覽軟體 3.4
Intel® Control Center
Intel® Processor Graphics
Intel® Turbo Boost Technology Monitor
Junk Mail filter update
LINE
Malwarebytes Anti-Malware 版本 2.0.1.1004
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 zh-TW)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Update Components
PrivDog
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687413) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
SonicMaster
swMSM
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
USB2.0 UVC 2M WebCam
Windows Live
Windows Live ?件包
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片?
Windows Live 影像中心
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
用于?程?接的 Windows Live Mesh ActiveX 控件(?体中文)
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== End Of File ===========================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 23 May 2014 - 03:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/534710 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 23 May 2014 - 07:46 AM

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by ASUS at 20:40:29 on 2014-05-23
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
uLocal Page = C:\Windows\System32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uProxyOverride = <local>
mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = Explorer.exe
mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
mWinlogon: SFCDisable = dword:0
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe"
mRun: [IME14 CHT Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [EMET 4.1 Agent] "C:\Program Files (x86)\EMET 4.1\EMET_agent.exe"
uPolicies-System: disableregistrytools = dword:0
uPolicies-Windows\System: disablecmd = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: DisableRegistryTools = dword:0
IE: 傳送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} -
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988} : DHCPNameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\771696B6F6C6F616D283 : DHCPNameServer = 192.168.1.98
TCP: Interfaces\{F4A2FC8E-77EF-476A-A47D-62299D31A988}\A416E63757242415 : DHCPNameServer = 192.168.1.1 139.175.252.16
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages =  msv1_0
LSA: Notification Packages =  scecli
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\Windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
x64-mWinlogon: Shell = Explorer.exe
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,
x64-mWinlogon: SFCDisable = dword:0
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
x64-Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
x64-Run: [COMODO Internet Security] D:\comodo 6\Comodo 7\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\2.1.0.19\trustedads.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
x64-Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - <orphaned>
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\System32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\System32\themeui.dll
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\System32\shell32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\
FF - prefs.js: browser.startup.homepage - www.google.com.tw
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ASUS\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2012-11-30 18:49; {972ce4c6-7e08-4474-a285-3208198ce6fd}; D:\FFox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-09-25 16:45; PrivDog@AdTrustMedia.com; C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default\extensions\PrivDog@AdTrustMedia.com
FF - ExtSQL: 2013-11-07 08:57; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; D:\FFox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: comfile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\Windows\hh.exe" %1
FileExt: .ini: inifile=C:\Windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\Windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\Windows\System32\NOTEPAD.EXE %1
ShellExec: ois.exe: Edit=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellEdit "%1"
ShellExec: ois.exe: Open=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
ShellExec: ois.exe: Preview=C:\PROGRA~2\MICROS~1\Office14\OIS.EXE /shellPreview "%1"
ShellExec: PDFReader.exe: open="C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" "%1"
ShellExec: PDFReader.exe: print="C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" /p "%1"
ShellExec: PDFReader.exe: printto="C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe" /t "%1" "%2" "%3" "%4"
ShellExec: photoviewer.dll: open=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: Winword.exe: edit="C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2014-05-23 12:35:12    --------    d-----w-    C:\Windows\SysWow64\Gw蠉Gwxt狖videace
2014-05-23 11:06:36    --------    d-sh--w-    C:\Users\ASUS\AppData\Local\EmieUserList
2014-05-23 11:06:36    --------    d-sh--w-    C:\Users\ASUS\AppData\Local\EmieSiteList
2014-05-23 11:06:24    --------    d-----w-    C:\Windows\SysWow64\Jw蠉Jwxt胐videace
2014-05-23 10:26:08    --------    d-----w-    C:\Windows\SysWow64\2w蠉2wxt莍videace
2014-05-22 01:00:25    --------    d-----w-    C:\Windows\SysWow64\患蠉患xt黠videace
2014-05-21 02:08:09    --------    d-----w-    C:\Windows\SysWow64\,w蠉,wxtvideace
2014-05-21 01:53:34    --------    d-----w-    C:\_OTL
2014-05-21 01:20:35    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-05-21 01:20:33    --------    d-----w-    C:\Windows\temp
2014-05-20 14:30:30    --------    d-----w-    C:\Windows\SysWow64\pw蠉pwxt跚videace
2014-05-20 11:54:43    --------    d-----w-    C:\Windows\SysWow64\)w蠉)wvideace
2014-05-20 10:37:27    --------    d-----w-    C:\Windows\SysWow64\pw蠉pwxt﹏videace
2014-05-20 06:56:33    --------    d-----w-    C:\Windows\SysWow64\饘蠉饘xt坼videace
2014-05-20 06:50:30    --------    d-----w-    C:\Windows\SysWow64\Hw蠉Hwxt汻videace
2014-05-20 04:16:02    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 04:06:53    --------    d-----w-    C:\Windows\SysWow64\癉蠉癉xtvideace
2014-05-20 03:31:22    --------    d-----w-    C:\Windows\SysWow64\輀蠉輀videace
2014-05-19 01:57:42    --------    d-----w-    C:\Windows\SysWow64\莇蠉莇俞videace
2014-05-18 13:28:32    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-05-18 07:26:43    --------    d-----w-    C:\Windows\SysWow64\镽蠉镽﹏videace
2014-05-18 01:00:49    --------    d-----w-    C:\Windows\SysWow64\tw蠉twvideace
2014-05-17 23:53:13    --------    d-----w-    C:\Windows\SysWow64\Xw蠉Xwvideace
2014-05-17 00:41:36    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-05-17 00:41:35    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-17 00:41:35    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-17 00:41:35    3969984    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2014-05-17 00:41:35    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2014-05-17 00:41:34    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-05-17 00:41:34    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-17 00:41:34    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-17 00:41:33    722944    ----a-w-    C:\Windows\System32\objsel.dll
2014-05-17 00:41:33    5550016    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-05-17 00:41:32    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-17 00:41:32    538112    ----a-w-    C:\Windows\SysWow64\objsel.dll
2014-05-17 00:41:31    424960    ----a-w-    C:\Windows\System32\KernelBase.dll
2014-05-17 00:41:31    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2014-05-17 00:41:31    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-17 00:41:31    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-17 00:41:30    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-17 00:41:30    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-17 00:41:30    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-05-17 00:41:29    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-05-17 00:41:29    57344    ----a-w-    C:\Windows\System32\cngprovider.dll
2014-05-17 00:41:29    56832    ----a-w-    C:\Windows\System32\adprovider.dll
2014-05-17 00:41:29    53760    ----a-w-    C:\Windows\System32\capiprovider.dll
2014-05-17 00:41:29    52736    ----a-w-    C:\Windows\System32\dpapiprovider.dll
2014-05-17 00:41:29    51200    ----a-w-    C:\Windows\SysWow64\cngprovider.dll
2014-05-17 00:41:29    49664    ----a-w-    C:\Windows\SysWow64\adprovider.dll
2014-05-17 00:41:29    48128    ----a-w-    C:\Windows\SysWow64\capiprovider.dll
2014-05-17 00:41:29    47616    ----a-w-    C:\Windows\SysWow64\dpapiprovider.dll
2014-05-17 00:41:29    44544    ----a-w-    C:\Windows\System32\dimsroam.dll
2014-05-17 00:41:29    36864    ----a-w-    C:\Windows\SysWow64\dimsroam.dll
2014-05-17 00:41:29    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-17 00:41:28    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-05-17 00:41:27    39936    ----a-w-    C:\Windows\System32\wincredprovider.dll
2014-05-17 00:41:27    35328    ----a-w-    C:\Windows\SysWow64\wincredprovider.dll
2014-05-17 00:41:27    31232    ----a-w-    C:\Windows\System32\lsass.exe
2014-05-17 00:41:26    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-05-17 00:41:26    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-05-17 00:41:26    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-05-17 00:41:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-05-17 00:41:26    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-17 00:41:26    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-16 00:39:17    14175744    ----a-w-    C:\Windows\System32\shell32.dll
2014-05-16 00:39:16    12874240    ----a-w-    C:\Windows\SysWow64\shell32.dll
2014-05-16 00:30:31    --------    d-----w-    C:\Windows\SysWow64\dw蠉dwvideace
2014-05-16 00:29:15    84992    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-05-16 00:29:15    23544320    ----a-w-    C:\Windows\System32\mshtml.dll
2014-05-16 00:29:14    69632    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-05-16 00:29:14    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-05-16 00:29:14    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-05-16 00:29:14    17382912    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-05-16 00:28:29    --------    d-----w-    C:\Program Files (x86)\Common Files\DESIGNER
2014-05-16 00:23:30    477184    ----a-w-    C:\Windows\System32\aepdu.dll
2014-05-16 00:23:30    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-05-14 10:35:44    --------    d-----w-    C:\Windows\SysWow64\cw蠉cw﹏videace
2014-05-14 08:14:16    --------    d-----w-    C:\Windows\SysWow64\荑蠉荑videace
2014-05-13 11:46:55    --------    d-----w-    C:\Windows\SysWow64\蠉吒videace
2014-05-12 10:04:24    --------    d-----w-    C:\Windows\SysWow64\kw蠉kwvideace
2014-05-12 09:48:28    --------    d-----w-    C:\Windows\SysWow64\tw蠉twvideace
2014-05-12 09:44:38    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-12 01:27:12    --------    d-----w-    C:\Windows\SysWow64\燸蠉燸videace
2014-05-10 13:26:20    --------    d-----w-    C:\Windows\SysWow64\盱蠉盱videace
2014-05-09 04:22:11    --------    d-----w-    C:\Windows\SysWow64\揅蠉揅videace
2014-05-09 04:01:07    261056    ----a-w-    C:\Windows\System32\drivers\avchv.sys
2014-05-09 03:54:10    718840    ----a-w-    C:\Windows\System32\drivers\avc3.sys
2014-05-09 03:54:10    593144    ----a-w-    C:\Windows\System32\drivers\avckf.sys
2014-05-09 03:53:33    --------    d-----w-    C:\Program Files\Bitdefender
2014-05-09 03:53:17    382536    ----a-w-    C:\Windows\System32\drivers\trufos.sys
2014-05-09 03:53:17    148696    ----a-w-    C:\Windows\System32\drivers\gzflt.sys
2014-05-09 03:40:40    --------    d-----w-    C:\Windows\SysWow64\─蠉─videace
2014-05-09 02:56:12    --------    d-----w-    C:\Windows\SysWow64\$w蠉$w吭videace
2014-05-09 00:30:19    --------    d-----w-    C:\Windows\SysWow64\9w蠉9wvideace
2014-05-08 01:52:39    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-05-08 01:05:43    --------    d-----w-    C:\Windows\SysWow64\Lw蠉Lw﹏videace
2014-05-06 10:08:06    --------    d-----w-    C:\Windows\SysWow64\綩蠉綩坼videace
2014-05-05 13:55:16    --------    d-----w-    C:\Windows\SysWow64\jw蠉jwvideace
2014-04-30 03:59:41    --------    d-----w-    C:\Windows\SysWow64\黲蠉黲videace
2014-04-30 01:08:19    --------    d-----w-    C:\Windows\SysWow64\Dw蠉Dwvideace
2014-04-29 00:56:56    --------    d-----w-    C:\Windows\SysWow64\Jw蠉Jwvideace
2014-04-28 02:06:03    --------    d-----w-    C:\Windows\SysWow64\患蠉患videace
2014-04-28 01:38:29    --------    d-----w-    C:\Program Files (x86)\Skype
2014-04-28 01:38:29    --------    d-----w-    C:\Config.Msi
2014-04-28 01:37:21    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-26 23:36:36    --------    d-----w-    C:\Windows\SysWow64\aw蠉awvideace
2014-04-26 08:14:27    --------    d-----w-    C:\Windows\SysWow64\鰉蠉鰉videace
2014-04-25 22:12:54    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-25 09:16:53    --------    d-----w-    C:\Windows\SysWow64\吷蠉吷兝videace
2014-04-24 22:21:19    --------    d-----w-    C:\Windows\SysWow64\镽蠉镽videace
2014-04-24 08:20:38    --------    d-----w-    C:\Windows\SysWow64\蠉αvideace
2014-04-22 00:28:53    --------    d-----w-    C:\Windows\SysWow64\叱蠉叱俞videace
2014-04-21 07:03:33    --------    d-----w-    C:\Windows\SysWow64\趴蠉趴videace
2014-04-20 13:33:38    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-20 13:33:38    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-20 13:33:38    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-20 13:06:24    119000    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-20 13:05:03    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-20 12:59:39    --------    d-----w-    C:\Windows\SysWow64\ow蠉owvideace
2014-04-19 23:03:27    --------    d-----w-    C:\Windows\SysWow64\敨蠉敨videace
2014-04-19 09:33:42    --------    d-----w-    C:\Windows\SysWow64\針蠉針videace
2014-04-19 06:49:28    --------    d-----w-    C:\Windows\SysWow64\蠉坼videace
2014-04-17 21:52:38    --------    d-----w-    C:\Windows\SysWow64\#w蠉#wvideace
2014-04-17 13:17:18    --------    d-----w-    C:\Users\ASUS\AppData\Local\AdTrustMedia
2014-04-17 12:59:42    --------    d-----w-    C:\Windows\SysWow64\Mw蠉Mwvideace
2014-04-17 11:33:59    --------    d-----w-    C:\Users\ASUS\AppData\Local\Comodo
2014-04-17 11:33:59    --------    d-----w-    C:\Users\ASUS\AppData\Local\Comodo
2014-04-17 11:33:51    57096    ----a-w-    C:\Windows\System32\certsentry.dll
2014-04-17 11:33:43    --------    d-----w-    C:\ProgramData\Comodo Downloader
2014-04-17 11:29:35    --------    d-----w-    C:\Windows\SysWow64\饘蠉饘videace
2014-04-17 06:21:07    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-17 06:01:46    --------    d-----w-    C:\Windows\SysWow64\Xw蠉Xwvideace
2014-04-17 02:36:34    --------    d-----w-    C:\Windows\SysWow64\ㄈ蠉ㄈvideace
2014-04-17 02:17:49    --------    d-----w-    C:\Windows\SysWow64\Mw蠉Mwvideace
2014-04-17 00:18:09    --------    d-----w-    C:\Windows\SysWow64\銤蠉銤淚videace
2014-04-16 00:15:45    --------    d-----w-    C:\Windows\SysWow64\喦蠉喦videace
2014-04-15 13:04:13    --------    d-----w-    C:\Program Files (x86)\EMET 4.1
2014-04-15 01:04:32    --------    d-----w-    C:\Windows\SysWow64\_w蠉_wvideace
2014-04-14 18:34:10    1070232    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-14 10:47:44    --------    d-----w-    C:\Windows\SysWow64\﹁蠉﹁videace
2014-04-14 01:34:35    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-13 00:13:59    --------    d-----w-    C:\Windows\SysWow64\蠉兝videace
2014-04-11 13:36:35    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-11 09:45:26    359936    ----a-w-    C:\Program Files\Internet Explorer\IEShims.dll
2014-04-11 09:45:26    257536    ----a-w-    C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-11 09:45:25    574976    ----a-w-    C:\Windows\System32\ieui.dll
2014-04-11 09:45:25    440832    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-04-11 09:45:20    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-04-11 09:45:20    482816    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2014-04-11 09:45:20    470016    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-04-11 09:45:20    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-04-11 09:45:20    293072    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
2014-04-11 09:45:20    235216    ----a-w-    C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2014-04-11 09:45:20    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2014-04-11 09:45:20    222720    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-04-11 09:45:19    722432    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2014-04-11 09:45:19    271360    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2014-04-11 09:45:17    586240    ----a-w-    C:\Windows\System32\ie4uinit.exe
2014-04-11 09:45:17    48128    ----a-w-    C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll
2014-04-11 09:45:17    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-04-11 09:45:17    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-11 09:45:17    33792    ----a-w-    C:\Windows\System32\iernonce.dll
2014-04-11 09:45:16    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-04-11 09:45:15    628736    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-04-11 09:45:15    524288    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-04-11 09:45:15    51200    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-04-11 09:45:15    453120    ----a-w-    C:\Windows\System32\dxtmsft.dll
2014-04-11 09:45:15    43008    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-04-11 09:45:15    367616    ----a-w-    C:\Windows\SysWow64\dxtmsft.dll
2014-04-11 09:45:15    296960    ----a-w-    C:\Windows\System32\dxtrans.dll
2014-04-11 09:45:15    244224    ----a-w-    C:\Windows\SysWow64\dxtrans.dll
2014-04-11 09:45:15    195584    ----a-w-    C:\Windows\System32\msrating.dll
2014-04-11 09:45:15    164864    ----a-w-    C:\Windows\SysWow64\msrating.dll
2014-04-11 09:45:14    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-04-11 09:45:14    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-04-11 09:45:14    32768    ----a-w-    C:\Windows\SysWow64\iernonce.dll
2014-04-11 09:45:14    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-04-11 09:45:14    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-04-11 09:45:14    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-04-11 09:45:13    8011776    ----a-w-    C:\Program Files\Internet Explorer\F12Resources.dll
2014-04-11 09:45:12    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-11 09:45:12    846336    ----a-w-    C:\Windows\System32\ieapfltr.dll
2014-04-11 09:45:12    704512    ----a-w-    C:\Windows\SysWow64\ieapfltr.dll
2014-04-11 09:45:12    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-04-11 09:45:12    570368    ----a-w-    C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll
2014-04-11 09:45:12    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-04-11 09:45:12    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-04-11 09:45:12    326144    ----a-w-    C:\Program Files\Internet Explorer\F12Tools.dll
2014-04-11 09:45:12    255488    ----a-w-    C:\Program Files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-04-11 09:45:12    227840    ----a-w-    C:\Program Files (x86)\Internet Explorer\F12Tools.dll
2014-04-11 09:45:12    209408    ----a-w-    C:\Program Files\Internet Explorer\DiagnosticsTap.dll
2014-04-11 09:45:12    1850880    ----a-w-    C:\Program Files\Internet Explorer\MemoryAnalyzer.dll
2014-04-11 09:45:12    151552    ----a-w-    C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll
2014-04-11 09:45:12    146432    ----a-w-    C:\Program Files\Internet Explorer\Timeline_is.dll
2014-04-11 09:45:12    145920    ----a-w-    C:\Program Files\Internet Explorer\Timeline.dll
2014-04-11 09:45:12    1191936    ----a-w-    C:\Program Files\Internet Explorer\networkinspection.dll
2014-04-11 09:45:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-04-11 09:45:12    1064960    ----a-w-    C:\Program Files (x86)\Internet Explorer\networkinspection.dll
2014-04-11 09:45:11    2767360    ----a-w-    C:\Windows\System32\iertutil.dll
2014-04-11 09:45:11    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-04-11 09:45:11    2178048    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-04-11 09:45:11    1796608    ----a-w-    C:\Program Files\Internet Explorer\F12.dll
2014-04-11 09:45:11    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-04-11 09:45:11    1143808    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-04-11 09:45:10    811728    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-04-11 09:45:10    809680    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-04-11 09:45:10    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-04-11 09:45:10    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-04-11 09:45:10    1400832    ----a-w-    C:\Windows\System32\urlmon.dll
2014-04-11 09:45:10    13551104    ----a-w-    C:\Windows\System32\ieframe.dll
2014-04-11 09:45:09    11745792    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-04-11 09:45:08    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-04-11 09:45:08    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-04-10 00:28:32    --------    d-----w-    C:\Windows\SysWow64\,w蠉,wvideace
2014-04-09 08:19:42    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-04-09 08:19:42    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-04-09 08:19:42    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-04-09 08:19:42    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-04-09 08:19:42    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-04-09 08:19:40    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-04-09 08:19:40    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-04-09 08:19:40    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-04-09 08:19:40    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-04-09 08:19:40    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-04-09 08:19:40    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 08:19:40    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-04-09 08:19:40    1163264    ----a-w-    C:\Windows\System32\kernel32.dll
2014-04-09 08:19:40    1114112    ----a-w-    C:\Windows\SysWow64\kernel32.dll
2014-04-09 08:19:39    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-04-09 08:19:39    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-04-09 08:19:37    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-04-09 00:35:03    --------    d-----w-    C:\Windows\SysWow64\Ow蠉Owvideace
2014-04-07 09:02:39    --------    d-----w-    C:\Windows\SysWow64\[w蠉[wvideace
2014-04-07 02:20:07    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-06 05:31:33    --------    d-----w-    C:\Windows\SysWow64\肓蠉肓沔videace
2014-04-05 23:33:29    --------    d-----w-    C:\Windows\SysWow64\徲蠉徲videace
2014-04-05 11:09:04    --------    d-----w-    C:\Windows\SysWow64\憨蠉憨苒videace
2014-04-04 23:44:36    --------    d-----w-    C:\Windows\SysWow64\蠉videace
2014-04-04 07:28:38    --------    d-----w-    C:\Windows\SysWow64\蠉歿videace
2014-03-31 21:12:28    2127040    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL
2014-03-31 10:28:46    --------    d-----w-    C:\Windows\SysWow64\瞝蠉瞝videace
2014-03-31 01:30:42    --------    d-----w-    C:\Windows\SysWow64\.w蠉.wvideace
2014-03-30 07:06:31    --------    d-----w-    C:\Windows\SysWow64\鋍蠉鋍吒videace
2014-03-29 23:41:17    --------    d-----w-    C:\Windows\SysWow64\黲蠉黲愧videace
2014-03-29 12:06:34    --------    d-----w-    C:\Windows\SysWow64\(w蠉(wαvideace
2014-03-29 00:12:13    --------    d-----w-    C:\Windows\SysWow64\#w蠉#wvideace
2014-03-27 01:08:31    --------    d-----w-    C:\Windows\SysWow64\蠉吒videace
2014-03-25 12:22:52    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2014-03-25 12:22:52    105552    ----a-w-    C:\Windows\System32\drivers\inspect.sys
2014-03-25 12:22:50    738472    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2014-03-25 12:22:50    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2014-03-25 12:22:38    43216    ----a-w-    C:\Windows\System32\cmdcsr.dll
2014-03-25 12:22:38    363504    ----a-w-    C:\Windows\SysWow64\guard32.dll
2014-03-25 12:22:36    453680    ----a-w-    C:\Windows\System32\guard64.dll
2014-03-25 12:22:30    45784    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2014-03-25 12:22:30    352984    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2014-03-25 12:22:26    284888    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2014-03-25 12:22:24    40664    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
.
==================== Find6M  ====================
.
2014-05-23 12:35:23    45056    ----a-w-    C:\Windows\SysWow64\acovcnt.exe
2014-05-16 00:25:10    93223848    ----a-w-    C:\Windows\System32\MRT.exe
2014-03-12 13:41:10    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 13:41:10    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-02-19 07:20:52    181064    ----a-w-    C:\Windows\PSEXESVC.EXE
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-01-29 02:06:47    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-17 22:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2013-11-26 08:16:50    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
.
============= FINISH: 20:42:02.25 ===============
 

 

attache

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 12 Plugin
Akamai NetSession Interface
Alcor Micro USB Card Reader
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS RT-N12 Wireless Router Utilities
ASUS RT-N12C1 Wireless Router Utilities
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
Atheros Client Installation Program
ATK Package
Bitdefender Antivirus Free Edition
Bluetooth Win7 Suite (64)
CCleaner
COMODO Internet Security Premium
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX Windows Live Mesh pour connexions a distance
Controlo ActiveX do Windows Live Mesh para Ligacoes Remotas
CutePDF Writer 2.8
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EMET 4.1
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.5.3_WHQL
ExpressGateCloud
Fast Boot
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galeria fotografica de Windows Live
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Processor Graphics
Intel® Turbo Boost Technology Monitor
Junk Mail filter update
LINE
Malwarebytes Anti-Malware 版本 2.0.1.1004
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (Chinese (Traditional)) 2010
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 zh-TW)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
NVIDIA Control Panel 268.83
NVIDIA Graphics Driver 268.83
NVIDIA Install Application
NVIDIA Optimus 1.0.23
NVIDIA Update Components
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687413) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
SonicMaster
swMSM
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
USB2.0 UVC 2M WebCam
Windows Live
Windows Live ?件包
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 照片?
Windows Live 影像中心
Windows Media Player Firefox Plugin
WinFlash
Wireless Console 3
用于?程?接的 Windows Live Mesh ActiveX 控件(?体中文)
適用遠端連線的 Windows Live Mesh ActiveX 控制項
.
==== Event Viewer Messages From Past Week ========
.
.
==== End Of File ===========================



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 AM

Posted 28 May 2014 - 03:20 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:48 AM

Posted 03 June 2014 - 03:10 PM

Hello, my name is Elise and I'll assist you with this issue.

 

First of all, what are the usernames you don't recognize (in the TFC log in post #1)?

 

Second, you have two antivirus programs installed, comodo and bitdefender. Doing this can lead to a variety of problems, therefore I recommend you to uninstall either Comodo or BitDefender and keep only one AV.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 03 June 2014 - 08:56 PM

Dear Miss Elise,

 

Thank you very much for you help.

 

There are 3 users that I can not recognize in TFC log. They are

User: Public

User: UpdatusUser
User: V.I.P.O R

 

I have only one Antivirus software: bitdefender.

And firewall is: comodo firewall.

 

Regards,

 

 

WinBMY

 

note: TFC log today:

Emptying Temp folders.
 
 
User: All Users
 
User: ASUS
->Temp folder emptied: 2608005 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: V.I.P.O R
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21547 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 564 bytes
Process complete!
 
Total Files Cleaned = 3.00 mb
 



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:48 AM

Posted 04 June 2014 - 03:49 AM

Please click Start > Control Panel and click User Accounts.

 

Click "Manage another account"

 

Are the unknown accounts listed here? If so, you can attempt to delete them.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#8 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 04 June 2014 - 09:20 AM

I had done this before. But the unknow user names are not there.



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:48 AM

Posted 04 June 2014 - 09:38 AM

When you start the computer, do you have the option to select different userprofiles?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 05 June 2014 - 12:05 AM

No.

Direct sign in. No password protection.
Without any selection.

If no solution for my situation, I will plan to reinstall to original setting that shipped from the computer company.



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:48 AM

Posted 05 June 2014 - 02:33 AM

TFC simply looks for the folders under c:\users. That doesn't necessarily mean there is a registered userprofile. Can you look under c:\users and see if you see the folders?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 05 June 2014 - 08:11 PM

Yes. There are the folders.

I don't have the right to access V.I.P. OR and UpdateUser folder.



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:48 AM

Posted 06 June 2014 - 02:39 AM

Okay, then lets have a look inside them. :)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    c:\users\UpdatusUser
    c:\users\V.I.P.O R
    
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#14 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 176 posts
  • OFFLINE
  •  
  • Local time:12:48 AM

Posted 06 June 2014 - 06:42 AM

Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:40 on 06/06/2014 by ASUS
Administrator - Elevation successful

========== dir ==========

c:\users\UpdatusUser - Parameters: "(none)"

---Files---
ntuser.dat    --a-s-- 786432 bytes    [20:50 06/11/2012]    [11:28 06/06/2014]
ntuser.dat.LOG1    --a-s-- 447488 bytes    [20:50 06/11/2012]    [11:28 06/06/2014]
ntuser.dat.LOG2    --a-s-- 0 bytes    [20:50 06/11/2012]    [20:50 06/11/2012]
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf    --a-s-- 65536 bytes    [20:50 06/11/2012]    [20:50 06/11/2012]
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [20:50 06/11/2012]    [20:50 06/11/2012]
NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [20:50 06/11/2012]    [20:50 06/11/2012]
ntuser.dat{1c5f553c-c4a0-11e3-ac08-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [13:19 15/04/2014]    [13:53 15/04/2014]
ntuser.dat{1c5f553c-c4a0-11e3-ac08-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [13:19 15/04/2014]    [13:53 15/04/2014]
ntuser.dat{1c5f553c-c4a0-11e3-ac08-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [13:19 15/04/2014]    [13:53 15/04/2014]
NTUSER.DAT{29906356-218a-11e2-859d-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [05:36 29/10/2012]    [05:36 29/10/2012]
NTUSER.DAT{29906356-218a-11e2-859d-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [05:36 29/10/2012]    [05:36 29/10/2012]
NTUSER.DAT{29906356-218a-11e2-859d-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [05:36 29/10/2012]    [05:36 29/10/2012]
ntuser.dat{364feed9-4e5d-11e3-bb9c-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [01:20 16/11/2013]    [01:20 16/11/2013]
ntuser.dat{364feed9-4e5d-11e3-bb9c-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [01:20 16/11/2013]    [01:20 16/11/2013]
ntuser.dat{364feed9-4e5d-11e3-bb9c-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [01:20 16/11/2013]    [01:20 16/11/2013]
ntuser.dat{3d60b59c-de1e-11e3-bcb1-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [23:55 17/05/2014]    [00:29 18/05/2014]
ntuser.dat{3d60b59c-de1e-11e3-bcb1-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [23:55 17/05/2014]    [00:29 18/05/2014]
ntuser.dat{3d60b59c-de1e-11e3-bcb1-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [23:55 17/05/2014]    [00:29 18/05/2014]
NTUSER.DAT{47726140-135e-11e2-85e3-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [04:46 11/10/2012]    [04:46 11/10/2012]
NTUSER.DAT{47726140-135e-11e2-85e3-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [04:46 11/10/2012]    [04:46 11/10/2012]
NTUSER.DAT{47726140-135e-11e2-85e3-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [04:46 11/10/2012]    [04:46 11/10/2012]
ntuser.dat{4c457cfe-b846-11e2-b466-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [01:20 09/05/2013]    [03:21 09/05/2013]
ntuser.dat{4c457cfe-b846-11e2-b466-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [01:20 09/05/2013]    [03:21 09/05/2013]
ntuser.dat{4c457cfe-b846-11e2-b466-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [01:20 09/05/2013]    [03:21 09/05/2013]
ntuser.dat{4fc37db7-5b93-11e2-ab19-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [02:08 11/01/2013]    [02:43 13/01/2013]
ntuser.dat{4fc37db7-5b93-11e2-ab19-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [02:08 11/01/2013]    [02:43 13/01/2013]
ntuser.dat{4fc37db7-5b93-11e2-ab19-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [02:08 11/01/2013]    [02:43 13/01/2013]
ntuser.dat{60158478-7645-11e2-a1cb-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [01:28 14/02/2013]    [05:12 15/02/2013]
ntuser.dat{60158478-7645-11e2-a1cb-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [01:28 14/02/2013]    [05:12 15/02/2013]
ntuser.dat{60158478-7645-11e2-a1cb-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [01:28 14/02/2013]    [05:12 15/02/2013]
NTUSER.DAT{6cea4da6-1342-11e2-a65f-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [01:27 11/10/2012]    [01:27 11/10/2012]
NTUSER.DAT{6cea4da6-1342-11e2-a65f-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [01:27 11/10/2012]    [01:27 11/10/2012]
NTUSER.DAT{6cea4da6-1342-11e2-a65f-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [01:27 11/10/2012]    [01:27 11/10/2012]
NTUSER.DAT{6fa03461-1347-11e2-bd29-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [02:04 11/10/2012]    [02:04 11/10/2012]
NTUSER.DAT{6fa03461-1347-11e2-bd29-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [02:04 11/10/2012]    [02:04 11/10/2012]
NTUSER.DAT{6fa03461-1347-11e2-bd29-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [02:04 11/10/2012]    [02:04 11/10/2012]
ntuser.dat{71df84f3-9ec5-11e2-9a29-f46d0489e683}.TM.blf    --a-s-- 65536 bytes    [14:25 06/04/2013]    [23:11 06/04/2013]
ntuser.dat{71df84f3-9ec5-11e2-9a29-f46d0489e683}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [14:25 06/04/2013]    [23:11 06/04/2013]
ntuser.dat{71df84f3-9ec5-11e2-9a29-f46d0489e683}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [14:25 06/04/2013]    [23:11 06/04/2013]
ntuser.dat{7f675946-d7b5-11e2-a233-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [01:25 18/06/2013]    [01:26 18/06/2013]
ntuser.dat{7f675946-d7b5-11e2-a233-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [01:25 18/06/2013]    [01:26 18/06/2013]
ntuser.dat{7f675946-d7b5-11e2-a233-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [01:25 18/06/2013]    [01:26 18/06/2013]
ntuser.dat{88d90b12-abe8-11e2-abc7-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [07:39 23/04/2013]    [07:42 23/04/2013]
ntuser.dat{88d90b12-abe8-11e2-abc7-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [07:39 23/04/2013]    [07:42 23/04/2013]
ntuser.dat{88d90b12-abe8-11e2-abc7-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [07:39 23/04/2013]    [07:42 23/04/2013]
NTUSER.DAT{8cb5b4cb-2027-11e2-abea-f46d0489e683}.TM.blf    --a-s-- 65536 bytes    [11:18 27/10/2012]    [12:00 27/10/2012]
NTUSER.DAT{8cb5b4cb-2027-11e2-abea-f46d0489e683}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [11:18 27/10/2012]    [12:00 27/10/2012]
NTUSER.DAT{8cb5b4cb-2027-11e2-abea-f46d0489e683}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [11:18 27/10/2012]    [12:00 27/10/2012]
ntuser.dat{97e965d5-5d70-11e2-a2f4-f46d0489e683}.TM.blf    --a-s-- 65536 bytes    [11:04 13/01/2013]    [01:13 14/01/2013]
ntuser.dat{97e965d5-5d70-11e2-a2f4-f46d0489e683}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [11:04 13/01/2013]    [01:13 14/01/2013]
ntuser.dat{97e965d5-5d70-11e2-a2f4-f46d0489e683}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [11:04 13/01/2013]    [01:13 14/01/2013]
NTUSER.DAT{9d2abfe3-28aa-11e2-a364-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [07:15 07/11/2012]    [07:37 07/11/2012]
NTUSER.DAT{9d2abfe3-28aa-11e2-a364-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [07:15 07/11/2012]    [07:37 07/11/2012]
NTUSER.DAT{9d2abfe3-28aa-11e2-a364-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [07:15 07/11/2012]    [07:37 07/11/2012]
ntuser.dat{a6f316b8-bdc5-11e2-8503-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [01:15 16/05/2013]    [10:25 16/05/2013]
ntuser.dat{a6f316b8-bdc5-11e2-8503-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [01:15 16/05/2013]    [10:25 16/05/2013]
ntuser.dat{a6f316b8-bdc5-11e2-8503-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [01:15 16/05/2013]    [10:25 16/05/2013]
ntuser.dat{a83b8887-c5f5-11e3-9768-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [06:02 17/04/2014]    [06:11 17/04/2014]
ntuser.dat{a83b8887-c5f5-11e3-9768-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [06:02 17/04/2014]    [06:11 17/04/2014]
ntuser.dat{a83b8887-c5f5-11e3-9768-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [06:02 17/04/2014]    [06:11 17/04/2014]
ntuser.dat{b48f6c4e-a85a-11e3-abe0-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [13:51 10/03/2014]    [14:11 10/03/2014]
ntuser.dat{b48f6c4e-a85a-11e3-abe0-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [13:51 10/03/2014]    [14:11 10/03/2014]
ntuser.dat{b48f6c4e-a85a-11e3-abe0-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [13:51 10/03/2014]    [14:11 10/03/2014]
ntuser.dat{b7cbc241-9956-11e3-85ac-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [11:15 19/02/2014]    [11:15 19/02/2014]
ntuser.dat{b7cbc241-9956-11e3-85ac-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [11:15 19/02/2014]    [11:15 19/02/2014]
ntuser.dat{b7cbc241-9956-11e3-85ac-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [11:15 19/02/2014]    [11:15 19/02/2014]
ntuser.dat{c2025aef-3e89-11e2-a2e4-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [03:16 05/12/2012]    [03:38 05/12/2012]
ntuser.dat{c2025aef-3e89-11e2-a2e4-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [03:16 05/12/2012]    [03:38 05/12/2012]
ntuser.dat{c2025aef-3e89-11e2-a2e4-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [03:16 05/12/2012]    [03:38 05/12/2012]
ntuser.dat{d45371b6-9695-11e2-abfd-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [04:24 27/03/2013]    [13:21 27/03/2013]
ntuser.dat{d45371b6-9695-11e2-abfd-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [04:24 27/03/2013]    [13:21 27/03/2013]
ntuser.dat{d45371b6-9695-11e2-abfd-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [04:24 27/03/2013]    [13:21 27/03/2013]
ntuser.dat{d9cac071-4760-11e2-a202-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [09:16 16/12/2012]    [09:22 16/12/2012]
ntuser.dat{d9cac071-4760-11e2-a202-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [09:16 16/12/2012]    [09:22 16/12/2012]
ntuser.dat{d9cac071-4760-11e2-a202-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [09:16 16/12/2012]    [09:22 16/12/2012]
ntuser.dat{e24258a1-90a1-11e3-b408-e0b9a5453a43}.TM.blf    --ahs-- 65536 bytes    [09:20 08/02/2014]    [09:22 08/02/2014]
ntuser.dat{e24258a1-90a1-11e3-b408-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [09:20 08/02/2014]    [09:22 08/02/2014]
ntuser.dat{e24258a1-90a1-11e3-b408-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [09:20 08/02/2014]    [09:22 08/02/2014]
NTUSER.DAT{fe5182f2-2182-11e2-b38f-e0b9a5453a43}.TM.blf    --a-s-- 65536 bytes    [04:44 29/10/2012]    [04:44 29/10/2012]
NTUSER.DAT{fe5182f2-2182-11e2-b38f-e0b9a5453a43}.TMContainer00000000000000000001.regtrans-ms    --a-s-- 524288 bytes    [04:44 29/10/2012]    [04:44 29/10/2012]
NTUSER.DAT{fe5182f2-2182-11e2-b38f-e0b9a5453a43}.TMContainer00000000000000000002.regtrans-ms    --a-s-- 524288 bytes    [04:44 29/10/2012]    [04:44 29/10/2012]
ntuser.ini    ---hs-- 20 bytes    [20:50 06/11/2012]    [20:50 06/11/2012]

---Folders---
AppData    d------    [20:50 06/11/2012]
Application Data    d--hs--    [20:50 06/11/2012]
Contacts    d------    [20:50 06/11/2012]
Cookies    d--hs--    [20:50 06/11/2012]
Desktop    dr-----    [20:50 06/11/2012]
Documents    dr-----    [20:50 06/11/2012]
Downloads    dr-----    [20:50 06/11/2012]
Favorites    dr-----    [20:50 06/11/2012]
Links    dr-----    [20:50 06/11/2012]
Local Settings    d--hs--    [20:50 06/11/2012]
Music    dr-----    [20:50 06/11/2012]
My Documents    d--hs--    [20:50 06/11/2012]
NetHood    d--hs--    [20:50 06/11/2012]
Pictures    dr-----    [20:50 06/11/2012]
PrintHood    d--hs--    [20:50 06/11/2012]
Recent    d--hs--    [20:50 06/11/2012]
Saved Games    d------    [20:50 06/11/2012]
Searches    d------    [20:50 06/11/2012]
SendTo    d--hs--    [20:50 06/11/2012]
Start Menu    d--hs--    [20:50 06/11/2012]
Templates    d--hs--    [20:50 06/11/2012]
Videos    dr-----    [20:50 06/11/2012]

c:\users\V.I.P.O R - Unable to find folder.

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]
"ProfilesDirectory"="%SystemDrive%\Users"
"Default"="%SystemDrive%\Users\Default"
"Public"="%SystemDrive%\Users\Public"
"ProgramData"="%SystemDrive%\ProgramData"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags"= 0x000000000c (12)
"State"= 0x0000000000 (0)
"RefCount"= 0x0000000001 (1)
"Sid"=01 01 00 00 00 00 00 05 12 00 00 00  (REG_BINARY)
"ProfileImagePath"="%systemroot%\system32\config\systemprofile"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath"="C:\Windows\ServiceProfiles\LocalService"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath"="C:\Windows\ServiceProfiles\NetworkService"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4001696799-3722537429-2969441357-1000]
"ProfileImagePath"="C:\Users\UpdatusUser"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)
"Sid"=01 05 00 00 00 00 00 05 15 00 00 00 1f 0c 85 ee d5 69 e1 dd 4d 14 fe b0 e8 03 00 00  (REG_BINARY)
"ProfileLoadTimeLow"= 0x0000000000 (0)
"ProfileLoadTimeHigh"= 0x0000000000 (0)
"RefCount"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4001696799-3722537429-2969441357-1001]
"ProfileImagePath"="C:\Users\ASUS"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)
"Sid"=01 05 00 00 00 00 00 05 15 00 00 00 1f 0c 85 ee d5 69 e1 dd 4d 14 fe b0 e9 03 00 00  (REG_BINARY)
"ProfileLoadTimeLow"= 0x0000000000 (0)
"ProfileLoadTimeHigh"= 0x0000000000 (0)
"RefCount"= 0x0000000002 (2)
"RunLogonScriptSync"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-4001696799-3722537429-2969441357-1002]
"ProfileImagePath"="C:\Users\V.I.P.O ®"
"Flags"= 0x0000000000 (0)
"State"= 0x0000000000 (0)
"Sid"=01 05 00 00 00 00 00 05 15 00 00 00 1f 0c 85 ee d5 69 e1 dd 4d 14 fe b0 ea 03 00 00  (REG_BINARY)
"ProfileLoadTimeLow"= 0x0000000000 (0)
"ProfileLoadTimeHigh"= 0x0000000000 (0)
"RefCount"= 0x0000000000 (0)


-= EOF =-



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,434 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:48 AM

Posted 06 June 2014 - 08:36 AM

Please click Start and right click on Computer. Select Manage (you may be prompted for an administrator password).

Click in the left panel on Local Users and Groups
In the right panel, double click on Users. Let me know what is listed there.

If you see the two unknown accounts in the list there, please right click the user name and select Delete. Do this only for the two userprofiles you want to delete.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users