Jump to content

JCSoong


Recommended Posts

Hi D-Fred-Brown

My apologies for interrupting the thread. I just created an account here and it wouldn't allow me to post a new thread. I have a redirect issue whenever I click on the link after I do a search on google. It wouldn't allow me to open the sites that I want, instead it redirects me to 95p.com. I am at a loss at what am I supposed to do and I think I will post my scan details here.

Farbar Service Scanner Version: 17-01-2012 00

Ran by Soong Jin Chang (administrator) on 18-01-2012 at 19:33:41

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

ComboFix 12-01-09.03 - Soong Jin Chang 18/01/2012 19:57:22.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4021.2218 [GMT 8:00]

Running from: c:\users\Soong Jin Chang\Downloads\ComboFix.exe

AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}

SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\00000001.@

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\iun6002.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))

.

.

2012-01-18 12:00 . 2012-01-18 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-18 07:36 . 2012-01-18 07:36 -------- d-----w- c:\users\Soong Jin Chang\AppData\Roaming\Malwarebytes

2012-01-18 07:36 . 2012-01-19 00:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-18 07:36 . 2012-01-18 07:36 -------- d-----w- c:\programdata\Malwarebytes

2012-01-14 10:08 . 2012-01-14 13:39 -------- d-----w- c:\users\Soong Jin Chang\AppData\Local\ElevatedDiagnostics

2012-01-14 09:57 . 2012-01-19 00:04 -------- d-----w- c:\program files (x86)\PC Tools Security

2012-01-14 09:57 . 2012-01-14 09:57 -------- d-----w- c:\users\Soong Jin Chang\AppData\Roaming\PC Tools

2012-01-14 09:55 . 2012-01-14 10:19 -------- d-----w- c:\programdata\PC Tools

2012-01-07 02:49 . 2012-01-15 02:49 -------- d-----w- c:\program files\iTunes

2012-01-07 02:49 . 2012-01-07 02:49 -------- d-----w- c:\program files\iPod

2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-13 11:37 . 2011-07-08 19:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52 . 2011-12-14 04:27 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-21 11:40 . 2011-12-09 07:12 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B745C200-8381-41BB-BC04-1A6CD21EB3CB}\mpengine.dll

2011-11-05 05:32 . 2011-12-14 04:27 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:26 . 2011-12-14 04:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-14 12:51 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-14 12:51 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-14 12:51 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-14 12:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-14 12:51 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-14 12:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-14 12:51 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-14 12:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 04:27 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-25 01:24 . 2010-06-04 13:27 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-10-24 04:29 . 2011-10-24 04:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 04:29 . 2011-10-24 04:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-14 3077528]

"PPS Accelerator"="d:\pps.tv\PPStream\PPSAP.exe" [2010-02-24 214408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-13 26192168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-09-01 75048]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-06-04 2429]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"S6000Mnt"="S6000Rmv.dll" [bU]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-01 59240]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-15 240992]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-25 273528]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-12-07 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-3 1080608]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-6-4 12862]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-6-4 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 135664]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Garena Messenger\Apps\BlackShot\BlackShot\System\GameGuard\dump_wmimmc.sys [x]

R3 Gun;Gun;c:\game\SoftnyxGame\GunBoundIS\Gun64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 135664]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]

R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2010-02-23 917768]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/06/04 06:29];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [x]

S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20fb741d-a729-11df-b0b7-1c4bd6108b29}]

\shell\AutoRun\command - "F:\WD SmartWare.exe" autoplay=true

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f86b79-1185-11e0-a1f7-1c4bd6108b29}]

\shell\AutoRun\command - F:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26f86b7d-1185-11e0-a1f7-1c4bd6108b29}]

\shell\AutoRun\command - F:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59538eba-22b5-11e0-b6dd-1c4bd6108b29}]

\shell\AutoRun\command - F:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59538eda-22b5-11e0-b6dd-1c4bd6108b29}]

\shell\AutoRun\command - F:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86452977-22b4-11e0-bb7a-1c4bd6108b29}]

\shell\AutoRun\command - F:\AutoRun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd3e93fd-d1ed-11e0-a6d7-485b398aa776}]

\shell\AutoRun\command - F:\Autorun.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3575d2c-22b6-11e0-a252-1c4bd6108b29}]

\shell\AutoRun\command - G:\AutoRun.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 13:44]

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-04 13:44]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-23 1022904]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-13 16413288]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-01-18 324608]

"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

mcontrol

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.sg/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

LSP: mswsock.dll

TCP: DhcpNameServer = 218.186.1.58 218.186.2.16 218.186.2.6

FF - ProfilePath - c:\users\Soong Jin Chang\AppData\Roaming\Mozilla\Firefox\Profiles\l3o22j97.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

c:\windows\WebCam\S6000\S6000Mnt.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\Skype\Plugin Manager\skypePM.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2012-01-18 20:13:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-18 12:13

.

Pre-Run: 35,294,384,128 bytes free

Post-Run: 35,810,795,520 bytes free

.

- - End Of File - - A29988DAFCCA77AEDA552896E6C84E54

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: ASUSTeK Computer Inc.

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: ASUSTeK Computer Inc.

System Product Name: N82JQ

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 199):

0x0340F000 \SystemRoot\system32\ntoskrnl.exe

0x039F8000 \SystemRoot\system32\hal.dll

0x00BCA000 \SystemRoot\system32\kdcom.dll

0x00C2C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C7B000 \SystemRoot\system32\PSHED.dll

0x00C8F000 \SystemRoot\system32\CLFS.SYS

0x00CED000 \SystemRoot\system32\CI.dll

0x00E2E000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00ED2000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00EE1000 \SystemRoot\system32\drivers\ACPI.sys

0x00F38000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F41000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F4B000 \SystemRoot\system32\drivers\pci.sys

0x00F7E000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00F8B000 \SystemRoot\System32\drivers\partmgr.sys

0x00FA0000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00FA9000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00FB5000 \SystemRoot\system32\drivers\volmgr.sys

0x010C4000 \SystemRoot\System32\drivers\volmgrx.sys

0x01120000 \SystemRoot\system32\drivers\pciide.sys

0x01127000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x01137000 \SystemRoot\System32\drivers\mountmgr.sys

0x01217000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0141F000 \SystemRoot\system32\drivers\atapi.sys

0x01428000 \SystemRoot\system32\drivers\ataport.SYS

0x01452000 \SystemRoot\system32\drivers\msahci.sys

0x0145D000 \SystemRoot\system32\drivers\amdxata.sys

0x01468000 \SystemRoot\system32\drivers\fltmgr.sys

0x014B4000 \SystemRoot\system32\drivers\fileinfo.sys

0x01659000 \SystemRoot\System32\Drivers\Ntfs.sys

0x014C8000 \SystemRoot\System32\Drivers\msrpc.sys

0x01600000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01526000 \SystemRoot\System32\Drivers\cng.sys

0x0161B000 \SystemRoot\System32\drivers\pcw.sys

0x0162C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01801000 \SystemRoot\system32\drivers\ndis.sys

0x018F4000 \SystemRoot\system32\drivers\NETIO.SYS

0x01954000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01A64000 \SystemRoot\System32\drivers\tcpip.sys

0x01C68000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01CB2000 \SystemRoot\system32\drivers\volsnap.sys

0x01CFE000 \SystemRoot\System32\Drivers\spldr.sys

0x01D06000 \SystemRoot\System32\drivers\rdyboost.sys

0x01D40000 \SystemRoot\System32\Drivers\mup.sys

0x01D52000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01D5B000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01D95000 \SystemRoot\system32\DRIVERS\disk.sys

0x01DAB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x04288000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x042B2000 \SystemRoot\System32\Drivers\Null.SYS

0x042BB000 \SystemRoot\System32\Drivers\Beep.SYS

0x042C2000 \SystemRoot\System32\drivers\vga.sys

0x042D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x042F5000 \SystemRoot\System32\drivers\watchdog.sys

0x04305000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0430E000 \SystemRoot\system32\drivers\rdpencdd.sys

0x04317000 \SystemRoot\system32\drivers\rdprefmp.sys

0x04320000 \SystemRoot\System32\Drivers\Msfs.SYS

0x0432B000 \SystemRoot\System32\Drivers\Npfs.SYS

0x0433C000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0435E000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x0436B000 \SystemRoot\system32\drivers\afd.sys

0x04000000 \SystemRoot\System32\DRIVERS\netbt.sys

0x04045000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x04050000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x01A00000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01A26000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x04059000 \SystemRoot\system32\DRIVERS\netbios.sys

0x01A3C000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x0197F000 \SystemRoot\system32\DRIVERS\tmtdi.sys

0x01DE9000 \SystemRoot\system32\drivers\termdd.sys

0x0199C000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x043F4000 \SystemRoot\system32\drivers\nsiproxy.sys

0x01A57000 \SystemRoot\system32\drivers\mssmbios.sys

0x019ED000 \SystemRoot\System32\drivers\discache.sys

0x01636000 \SystemRoot\System32\Drivers\dfsc.sys

0x01598000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x015A9000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x05A32000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0655E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x0301F000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03113000 \SystemRoot\System32\drivers\dxgmms1.sys

0x03159000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0317D000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x0318E000 \SystemRoot\system32\drivers\usbehci.sys

0x0319F000 \SystemRoot\system32\drivers\USBPORT.SYS

0x04E38000 \SystemRoot\system32\DRIVERS\athrx.sys

0x04FB5000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x04FC2000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x04FF2000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x04E13000 \SystemRoot\system32\drivers\i8042prt.sys

0x06560000 \SystemRoot\system32\DRIVERS\ETD.sys

0x03000000 \SystemRoot\system32\drivers\mouclass.sys

0x04FF4000 \SystemRoot\system32\DRIVERS\kbfiltr.sys

0x0300F000 \SystemRoot\system32\drivers\kbdclass.sys

0x06585000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04E31000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x06592000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x031F5000 \SystemRoot\system32\DRIVERS\ATK64AMD.sys

0x065A8000 \SystemRoot\system32\drivers\CompositeBus.sys

0x065B8000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x065CE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x065F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x015CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x01151000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x01172000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04E36000 \SystemRoot\system32\drivers\swenum.sys

0x0118C000 \SystemRoot\system32\drivers\ks.sys

0x015EA000 \SystemRoot\system32\drivers\umbus.sys

0x01000000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0105A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x01200000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x01072000 \SystemRoot\system32\drivers\nvhda64v.sys

0x00DAD000 \SystemRoot\system32\drivers\portcls.sys

0x0108B000 \SystemRoot\system32\drivers\drmk.sys

0x010AD000 \SystemRoot\system32\drivers\ksthunk.sys

0x06884000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x06AA6000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x00060000 \SystemRoot\System32\win32k.sys

0x06AC3000 \SystemRoot\System32\drivers\Dxapi.sys

0x06ACF000 \SystemRoot\System32\Drivers\crashdmp.sys

0x04068000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x06ADD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x06AF0000 \SystemRoot\system32\DRIVERS\monitor.sys

0x004C0000 \SystemRoot\System32\TSDDD.dll

0x06AFE000 \SystemRoot\system32\drivers\hidusb.sys

0x06B0C000 \SystemRoot\system32\drivers\HIDCLASS.SYS

0x06B25000 \SystemRoot\system32\drivers\HIDPARSE.SYS

0x06B2E000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x06B3B000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x00770000 \SystemRoot\System32\cdd.dll

0x06B58000 \SystemRoot\System32\Drivers\S6000KNT.sys

0x06B85000 \SystemRoot\system32\drivers\luafv.sys

0x06BA8000 \SystemRoot\system32\DRIVERS\tmpreflt.sys

0x02C11000 \SystemRoot\system32\DRIVERS\vsapint.sys

0x06800000 \SystemRoot\system32\DRIVERS\tmxpflt.sys

0x0685F000 \SystemRoot\system32\drivers\WudfPf.sys

0x06BB7000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x0449B000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x044EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x04501000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x04519000 \SystemRoot\system32\DRIVERS\TurboB.sys

0x04520000 \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

0x04528000 \SystemRoot\system32\drivers\HTTP.sys

0x04400000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x04431000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0444F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x05851000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x0589F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x058C3000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0592C000 \SystemRoot\System32\DRIVERS\srv.sys

0x059C4000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x06EAA000 \SystemRoot\system32\drivers\peauth.sys

0x06F50000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06F5B000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06F6D000 \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl

0x06F98000 \SystemRoot\System32\Drivers\fastfat.SYS

0x06E71000 \SystemRoot\system32\DRIVERS\L1C62x64.sys

0x06E84000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x76E00000 \Windows\System32\ntdll.dll

0x47730000 \Windows\System32\smss.exe

0xFF120000 \Windows\System32\apisetschema.dll

0xFF990000 \Windows\System32\autochk.exe

0xFEF30000 \Windows\System32\setupapi.dll

0xFEF20000 \Windows\System32\nsi.dll

0x76FD0000 \Windows\System32\normaliz.dll

0xFEE80000 \Windows\System32\msvcrt.dll

0xFEE00000 \Windows\System32\shlwapi.dll

0x76BF0000 \Windows\System32\iertutil.dll

0xFED20000 \Windows\System32\advapi32.dll

0x76AF0000 \Windows\System32\user32.dll

0xFECC0000 \Windows\System32\Wldap32.dll

0xFDF30000 \Windows\System32\shell32.dll

0xFDF10000 \Windows\System32\sechost.dll

0xFDEC0000 \Windows\System32\ws2_32.dll

0xFDE90000 \Windows\System32\imm32.dll

0xFDC80000 \Windows\System32\ole32.dll

0xFDC00000 \Windows\System32\difxapi.dll

0xFDB30000 \Windows\System32\usp10.dll

0xFDB10000 \Windows\System32\imagehlp.dll

0x769A0000 \Windows\System32\urlmon.dll

0xFDA70000 \Windows\System32\comdlg32.dll

0xFD990000 \Windows\System32\oleaut32.dll

0xFD880000 \Windows\System32\msctf.dll

0x76FC0000 \Windows\System32\psapi.dll

0xFD810000 \Windows\System32\gdi32.dll

0xFD6E0000 \Windows\System32\rpcrt4.dll

0x76840000 \Windows\System32\wininet.dll

0xFD640000 \Windows\System32\clbcatq.dll

0x76720000 \Windows\System32\kernel32.dll

0xFD630000 \Windows\System32\lpk.dll

0xFD610000 \Windows\System32\devobj.dll

0xFD5D0000 \Windows\System32\wintrust.dll

0xFD460000 \Windows\System32\crypt32.dll

0xFD420000 \Windows\System32\cfgmgr32.dll

0xFD380000 \Windows\System32\comctl32.dll

0xFD310000 \Windows\System32\KernelBase.dll

0xFD300000 \Windows\System32\msasn1.dll

Processes (total 104):

0 System Idle Process

4 System

360 C:\Windows\System32\smss.exe

500 csrss.exe

588 C:\Windows\System32\wininit.exe

628 csrss.exe

640 C:\Windows\System32\services.exe

656 C:\Windows\System32\lsass.exe

668 C:\Windows\System32\lsm.exe

760 C:\Windows\System32\winlogon.exe

820 C:\Windows\System32\svchost.exe

912 C:\Windows\System32\nvvsvc.exe

952 C:\Windows\System32\svchost.exe

332 C:\Windows\System32\svchost.exe

512 C:\Windows\System32\svchost.exe

724 C:\Windows\System32\svchost.exe

1064 C:\Windows\System32\svchost.exe

1152 C:\Windows\System32\svchost.exe

1252 C:\Windows\System32\nvvsvc.exe

1392 C:\Windows\System32\FBAgent.exe

1416 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

1476 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

1556 C:\Windows\System32\spoolsv.exe

1604 C:\Windows\System32\svchost.exe

1860 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1964 C:\Program Files\Bonjour\mDNSResponder.exe

1996 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

2028 C:\Windows\SysWOW64\svchost.exe

1628 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

1668 C:\Windows\System32\svchost.exe

2068 C:\Windows\System32\svchost.exe

2200 C:\Windows\System32\svchost.exe

2220 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

2320 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

2352 C:\Windows\System32\svchost.exe

2476 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2584 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2864 C:\Windows\System32\taskeng.exe

2916 C:\Program Files\P4G\BatteryLife.exe

2924 C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

2940 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

3020 C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

3044 C:\Windows\SysWOW64\ACEngSvr.exe

1332 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

1296 C:\Windows\System32\taskhost.exe

2108 C:\Windows\System32\dwm.exe

1364 C:\Windows\explorer.exe

2464 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

2964 C:\Windows\System32\svchost.exe

3096 WmiPrvSE.exe

3672 WmiPrvSE.exe

3736 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

3812 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

3836 C:\Windows\AsScrPro.exe

3912 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

4016 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

3252 C:\Windows\System32\svchost.exe

1920 C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

1224 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

2708 C:\Program Files\Elantech\ETDCtrl.exe

3268 C:\Windows\WindowsMobile\wmdc.exe

1368 C:\Program Files\Windows Sidebar\sidebar.exe

3828 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

3136 D:\PPS.tv\PPStream\PPSAP.exe

3120 C:\Windows\System32\svchost.exe

1688 C:\Program Files (x86)\Skype\Phone\Skype.exe

4112 C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

4368 C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

4388 C:\Program Files (x86)\CyberLink\Shared files\brs.exe

4568 C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

4580 C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe

4604 C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

4612 C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

4768 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

4792 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

4884 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

4916 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

4924 C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe

4940 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

4948 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

4136 D:\iTunes\iTunesHelper.exe

4128 C:\Program Files\Elantech\ETDCtrlHelper.exe

4408 C:\Windows\WebCam\S6000\S6000Mnt.exe

4528 C:\Program Files\iPod\bin\iPodService.exe

3244 C:\Windows\System32\SearchIndexer.exe

4848 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

4892 C:\Program Files\Windows Media Player\wmpnetwk.exe

4956 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

5320 C:\Program Files\Intel\TurboBoost\TurboBoost.exe

5468 C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

5788 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

5580 C:\Windows\System32\svchost.exe

6136 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

2612 C:\Windows\System32\svchost.exe

5136 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

4812 C:\Windows\System32\notepad.exe

4552 C:\Windows\System32\svchost.exe

5144 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2844 C:\Windows\System32\audiodg.exe

3168 C:\Windows\System32\dllhost.exe

3728 dllhost.exe

3328 dllhost.exe

5492 C:\Users\Soong Jin Chang\Downloads\MBRCheck.exe

3016 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000021`fe400000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003SDM1

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.