Jump to content

Trojan.Agent.DL Reoccurance


Recommended Posts

Hi there, this trojan continues to pop up on my daily MBAM Pro scans. I would have MBAM remove it, restart my computer and delete the files in quaratine. However, it shows up again every 24 hrs or so and the cycle repeat. Please help me resolve this.

I have attached the DDS.txt, Attach.txt, and the latest MBAM log.

Thank you.

=============================================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Hai at 20:24:16 on 2013-02-05

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.11269 [GMT -8:00]

.

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe

C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Windows\system32\mfevtps.exe

C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

D:\Program Files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

D:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

D:\Program Files (x86)\Samsung\Kies\Kies\KiesTrayAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

D:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [KiesHelper] D:\Program Files (x86)\Samsung\Kies\Kies\KiesHelper.exe /s

uRun: [KiesAirMessage] D:\Program Files (x86)\Samsung\Kies\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{12374DEC-DD54-45AB-97A1-0113484FDCBB} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P

x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll

FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

FF - plugin: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

============= SERVICES / DRIVERS ===============

.

P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-1 8704]

R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-5-1 16152]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-5-5 469144]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-19 283200]

R1 SASDIFSV;SASDIFSV;D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;D:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;D:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-28 918448]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-2-2 951936]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-5-3 586880]

R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-5-3 1489024]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-1 23816]

R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-5-1 225280]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-1 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-5-1 178344]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-6 161560]

R2 MBAMScheduler;MBAMScheduler;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-15 398184]

R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-15 682344]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-22 19720]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]

R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-10-22 178920]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-10-22 66896]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-5-5 79504]

R2 Samsung Network Fax Server;Samsung Network Fax Server;C:\Windows\System32\spool\drivers\x64\3\NetFaxServer64.exe [2012-9-17 237056]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2012-2-15 11576]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-6 363800]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]

R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-5-1 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-5-1 786200]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-15 24176]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-5-5 119968]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-5-1 136896]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-5-3 160768]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-5-5 77104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-14 1255736]

.

=============== Created Last 30 ================

.

2013-02-02 18:42:10 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC857696-4E20-48A6-9F4E-FFCF1CB034E5}\offreg.dll

2013-02-02 07:18:21 -------- d-----w- C:\Users\Hai\AppData\Roaming\SUPERAntiSpyware.com

2013-02-02 07:17:54 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-02-01 17:30:25 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC857696-4E20-48A6-9F4E-FFCF1CB034E5}\mpengine.dll

2013-01-31 05:00:35 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2013-01-28 08:08:17 -------- d-----w- C:\ProgramData\id Software

2013-01-23 07:45:50 -------- d-----w- C:\Users\Hai\AppData\Local\4A Games

2013-01-20 17:33:08 -------- d-----w- C:\Users\Hai\AppData\Local\The Witcher 2

2013-01-18 03:52:50 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-18 03:51:56 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-18 03:51:55 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-01-18 03:51:55 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-01-18 03:51:55 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-18 03:51:55 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-18 03:51:54 68608 ----a-w- C:\Windows\System32\taskhost.exe

.

==================== Find3M ====================

.

2013-02-01 17:08:15 1048576 ----a-w- C:\Windows\PE_Rom.dll

2013-01-17 09:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2012-12-29 10:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-29 08:40:11 2923201 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll

2012-12-23 04:42:05 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-23 02:33:45 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-12-03 15:47:14 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-12-03 15:47:14 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-22 20:47:47 3123272 ----a-w- C:\Windows\SysWow64\pbsvc.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 20:24:34.77 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 5/1/2012 2:45:03 AM

System Uptime: 2/1/2013 9:06:06 AM (107 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-V PRO

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 224 GiB total, 142.231 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 334.592 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 2795 GiB total, 1758.115 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

3DMark 11

3DMark Vantage

7-Zip 9.20 (x64 edition)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin 64-bit

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.5

AI Suite II

AIDA64 Extreme Edition v2.00

Android SDK Tools

Asmedia ASM104x USB 3.0 Host Controller Driver

Asmedia ASM106x SATA Host Controller Driver

Assassin’s Creed® III

Common Desktop Agent

CPUID CPU-Z 1.60.1

CPUID HWMonitor 1.19

Curse Client

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex: Human Revolution

Dropbox

Folder Lock

Fraps

Free Video Joiner

Futuremark SystemInfo

Garmin Communicator Plugin x64

Garmin Lifetime Updater

Heaven DX11 Benchmark version 3.0

Hi-Rez Studios Authenticate and Update Service

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Management Engine Components

Intel® Network Connections 16.6.126.0

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

Intel® Watchdog Timer Driver (Intel® WDT)

Java 6 Update 21

Java 6 Update 21 (64-bit)

K-Lite Codec Pack 8.7.0 (Basic)

Logitech Gaming Software

Logitech Gaming Software 8.20

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Agent

McAfee VirusScan Enterprise

Media Player Classic - Home Cinema 1.6.1.4235 x64

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Premium 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 18.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.2.1

NEC Electronics USB 3.0 Host Controller Driver

Nexus Mod Manager

NVIDIA 3D Vision Controller Driver 310.90

NVIDIA 3D Vision Driver 310.90

NVIDIA A New Dawn demo

NVIDIA Control Panel 310.90

NVIDIA Graphics Driver 310.90

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

OpenAL

Origin

Package: Google Nexus 7 ToolKit

Pando Media Booster

PCSX2 - Playstation 2 Emulator

Portal

Portal 2

PS3 Media Server

Quake Live Mozilla Plugin

Realtek High Definition Audio Driver

Samsung CLX-3300 Series

Samsung Easy Document Creator

Samsung Easy Printer Manager

Samsung Kies

Samsung Network PC Fax

Samsung Printer Live Update

Samsung Scan Process Machine

SAMSUNG USB Driver for Mobile Phones

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

SNS Upload for Easy Document Creator

Steam

SUPERAntiSpyware

The Elder Scrolls V: Skyrim

The Witcher 2 - Assassins of Kings Enhanced Edition

Torchlight II

Tribes Ascend

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Uplay

Ventrilo Client for Windows x64

Vpskeys 4.3

Winamp

Winamp Detector Plug-in

Winamp Essentials Pack

Windows Media Player Firefox Plugin

WinPcap 4.1.2

WinRAR 4.11 (64-bit)

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

2/1/2013 9:06:07 AM, Error: Service Control Manager [7000] - The NEWDRIVER service failed to start due to the following error: The system cannot find the file specified.

2/1/2013 9:06:03 AM, Error: volmgr [46] - Crash dump initialization failed!

1/30/2013 8:46:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

1/30/2013 8:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/30/2013 8:19:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/30/2013 8:19:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/30/2013 8:19:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/30/2013 8:19:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/30/2013 8:19:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/30/2013 8:19:01 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.05.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hai :: HAI-HPC [administrator]

Protection: Enabled

2/5/2013 8:18:27 PM

mbam-log-2013-02-05 (20-18-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218243

Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Thanks for the help!

Here is the ComboFix log:

ComboFix 13-02-03.03 - Hai 02/05/2013 22:24:01.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.13002 [GMT -8:00]

Running from: c:\users\Hai\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Hai\AppData\Local\assembly\tmp

c:\users\Hai\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\users\Hai\AppData\Local\Temp\jna5651868086806060932.dll

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

F:\Autorun.inf

F:\install.exe

F:\Setup.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NEWDRIVER

-------\Service_NEWDRIVER

.

.

((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))

.

.

2013-02-02 07:18 . 2013-02-02 07:18 -------- d-----w- c:\users\Hai\AppData\Roaming\SUPERAntiSpyware.com

2013-02-02 07:17 . 2013-02-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-02-01 17:30 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC857696-4E20-48A6-9F4E-FFCF1CB034E5}\mpengine.dll

2013-01-31 05:00 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2013-01-28 08:08 . 2013-01-28 08:08 -------- d-----w- c:\programdata\id Software

2013-01-23 07:45 . 2013-01-23 07:45 -------- d-----w- c:\users\Hai\AppData\Local\4A Games

2013-01-20 17:33 . 2013-01-20 17:33 -------- d-----w- c:\users\Hai\AppData\Local\The Witcher 2

2013-01-18 03:51 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-18 03:51 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-18 03:51 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-18 03:51 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-18 03:51 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-18 03:51 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-01 17:08 . 2012-05-04 04:11 1048576 ----a-w- c:\windows\PE_Rom.dll

2013-01-18 03:55 . 2012-05-01 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-17 09:28 . 2012-05-01 10:10 273840 ------w- c:\windows\system32\MpSigStub.exe

2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-29 10:34 . 2013-01-05 22:24 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-01-05 22:24 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-01-05 22:24 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-01-05 22:24 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-01-05 22:24 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-01-05 22:24 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 10:34 . 2013-01-05 22:24 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-12-29 10:34 . 2013-01-05 22:24 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-01-05 22:24 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-12-29 10:34 . 2013-01-05 22:24 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 10:34 . 2013-01-05 22:24 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-01-05 22:24 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-01-05 22:24 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2012-12-29 10:34 . 2013-01-05 22:24 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-01-05 22:24 246024 ----a-w- c:\windows\system32\nvinitx.dll

2012-12-29 10:34 . 2013-01-05 22:24 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-05 22:24 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-01-05 22:24 201728 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-12-29 10:34 . 2013-01-05 22:24 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-05 22:24 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-01-05 22:24 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2012-12-29 10:34 . 2013-01-05 22:24 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-01-05 22:24 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2013-01-05 22:24 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-01-05 22:24 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-01-05 22:24 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-01-05 22:24 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 08:40 . 2013-01-05 22:24 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2013-01-05 22:24 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2013-01-05 22:24 2923201 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-29 08:40 . 2013-01-05 22:24 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2013-01-05 22:24 63928 ----a-w- c:\windows\system32\nvshext.dll

2012-12-29 08:40 . 2013-01-05 22:24 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-23 04:42 . 2012-05-21 03:29 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-23 02:33 . 2012-05-21 03:27 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-16 17:11 . 2012-12-29 04:34 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-29 04:34 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-29 04:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-29 04:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-15 00:49 . 2012-09-15 08:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-03 15:47 . 2013-01-04 05:53 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-03 15:47 . 2013-01-04 05:53 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-30 04:45 . 2013-01-18 03:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-22 20:47 . 2012-11-22 22:22 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-11-14 07:06 . 2012-12-13 05:53 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 05:53 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 05:53 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 05:53 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 05:53 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 05:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 05:53 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 05:53 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 05:53 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 05:53 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 05:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 05:53 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 05:53 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 05:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 05:53 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 05:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 05:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 05:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 05:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 05:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 05:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 05:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 05:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-12 969104]

"KiesHelper"="d:\program files (x86)\Samsung\Kies\Kies\KiesHelper.exe" [2012-06-08 958392]

"KiesPDLR"="d:\program files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-17 273408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800]

R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200]

S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]

S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\

FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-KiesAirMessage - d:\program files (x86)\Samsung\Kies\Kies\KiesAirMessage.exe

SafeBoot-WinFLAdrv.sys

AddRemove-FolderLock6 - c:\program files\Folder Lock\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1761019082-4143762969-2227933991-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF577475-BED0-5B63-EAEC-3280EE4F315B}*]

"oaebnhjlemjdbpageidfdmcdlhcbgg"=hex:64,61,68,6c,6b,6a,66,64,00,fc

"oaiggdiflifmdieobmjdgeillfncgb"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,

69,69,62,6a,70,70,00,fa

"nachlaehmebbhbplkkafdcgfboal"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,

69,69,62,6a,70,70,00,ff

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe

c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe

c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-02-05 22:30:11 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-06 06:30

.

Pre-Run: 152,579,571,712 bytes free

Post-Run: 154,650,439,680 bytes free

.

- - End Of File - - EC8038343233B522A982A00B0ED72D00

Link to post
Share on other sites

Good evening Jedarius,

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    Registry::
    [HKEY_USERS\S-1-5-21-1761019082-4143762969-2227933991-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF577475-BED0-5B63-EAEC-3280EE4F315B}*]
    "oaebnhjlemjdbpageidfdmcdlhcbgg"=hex:64,61,68,6c,6b,6a,66,64,00,fc
    "oaiggdiflifmdieobmjdgeillfncgb"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,
    69,69,62,6a,70,70,00,fa
    "nachlaehmebbhbplkkafdcgfboal"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,
    69,69,62,6a,70,70,00,ff
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

=====

Also, please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

=====

In your reply please provide the following:

  • ComboFix.txt.
  • RogueKiller log.

Link to post
Share on other sites

Thank you for your help!

:)

Here's the new log:

ComboFix 13-02-03.03 - Hai 02/05/2013 23:04:34.2.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.14400 [GMT -8:00]

Running from: c:\users\Hai\Desktop\ComboFix.exe

Command switches used :: c:\users\Hai\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Hai\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))

.

.

2013-02-06 07:06 . 2013-02-06 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-06 06:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4326CDFA-7DE5-4A98-8004-087A3FB46E4C}\mpengine.dll

2013-02-02 07:18 . 2013-02-02 07:18 -------- d-----w- c:\users\Hai\AppData\Roaming\SUPERAntiSpyware.com

2013-02-02 07:17 . 2013-02-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-01-31 05:00 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2013-01-28 08:08 . 2013-01-28 08:08 -------- d-----w- c:\programdata\id Software

2013-01-23 07:45 . 2013-01-23 07:45 -------- d-----w- c:\users\Hai\AppData\Local\4A Games

2013-01-20 17:33 . 2013-01-20 17:33 -------- d-----w- c:\users\Hai\AppData\Local\The Witcher 2

2013-01-18 03:51 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-18 03:51 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-18 03:51 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-18 03:51 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-18 03:51 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-18 03:51 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-06 06:42 . 2012-05-04 04:11 1048576 ----a-w- c:\windows\PE_Rom.dll

2013-01-18 03:55 . 2012-05-01 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-17 09:28 . 2012-05-01 10:10 273840 ------w- c:\windows\system32\MpSigStub.exe

2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-29 10:34 . 2013-01-05 22:24 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-01-05 22:24 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-01-05 22:24 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-01-05 22:24 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-01-05 22:24 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-01-05 22:24 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 10:34 . 2013-01-05 22:24 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-12-29 10:34 . 2013-01-05 22:24 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-01-05 22:24 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-12-29 10:34 . 2013-01-05 22:24 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 10:34 . 2013-01-05 22:24 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-01-05 22:24 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-01-05 22:24 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2012-12-29 10:34 . 2013-01-05 22:24 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-01-05 22:24 246024 ----a-w- c:\windows\system32\nvinitx.dll

2012-12-29 10:34 . 2013-01-05 22:24 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-05 22:24 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-01-05 22:24 201728 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-12-29 10:34 . 2013-01-05 22:24 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-05 22:24 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-01-05 22:24 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2012-12-29 10:34 . 2013-01-05 22:24 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-01-05 22:24 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2013-01-05 22:24 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-01-05 22:24 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-01-05 22:24 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-01-05 22:24 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 08:40 . 2013-01-05 22:24 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2013-01-05 22:24 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2013-01-05 22:24 2923201 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-29 08:40 . 2013-01-05 22:24 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2013-01-05 22:24 63928 ----a-w- c:\windows\system32\nvshext.dll

2012-12-29 08:40 . 2013-01-05 22:24 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-23 04:42 . 2012-05-21 03:29 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-23 02:33 . 2012-05-21 03:27 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-16 17:11 . 2012-12-29 04:34 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-29 04:34 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-29 04:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-29 04:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-15 00:49 . 2012-09-15 08:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-03 15:47 . 2013-01-04 05:53 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-03 15:47 . 2013-01-04 05:53 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-30 04:45 . 2013-01-18 03:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-22 20:47 . 2012-11-22 22:22 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-11-14 07:06 . 2012-12-13 05:53 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 05:53 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 05:53 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 05:53 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 05:53 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 05:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 05:53 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 05:53 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 05:53 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 05:53 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 05:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 05:53 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 05:53 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 05:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 05:53 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 05:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 05:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 05:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 05:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 05:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 05:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 05:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 05:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-12 969104]

"KiesHelper"="d:\program files (x86)\Samsung\Kies\Kies\KiesHelper.exe" [2012-06-08 958392]

"KiesPDLR"="d:\program files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-17 273408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200]

S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]

S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800]

S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\

FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1761019082-4143762969-2227933991-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF577475-BED0-5B63-EAEC-3280EE4F315B}*]

"oaebnhjlemjdbpageidfdmcdlhcbgg"=hex:64,61,68,6c,6b,6a,66,64,00,fc

"oaiggdiflifmdieobmjdgeillfncgb"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,

69,69,62,6a,70,70,00,fa

"nachlaehmebbhbplkkafdcgfboal"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,

69,69,62,6a,70,70,00,ff

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-02-05 23:10:56 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-06 07:10

ComboFix2.txt 2013-02-06 06:30

.

Pre-Run: 154,692,816,896 bytes free

Post-Run: 154,702,856,192 bytes free

.

- - End Of File - - 8173551D77A2C5B5BCC68BD7AB61E536

Link to post
Share on other sites

Hey Jedarius,

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    RegNull::
    [HKEY_USERS\S-1-5-21-1761019082-4143762969-2227933991-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DF577475-BED0-5B63-EAEC-3280EE4F315B}*]
    "oaebnhjlemjdbpageidfdmcdlhcbgg"=hex:64,61,68,6c,6b,6a,66,64,00,fc
    "oaiggdiflifmdieobmjdgeillfncgb"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,
    69,69,62,6a,70,70,00,fa
    "nachlaehmebbhbplkkafdcgfboal"=hex:6a,61,65,6c,6a,6a,67,68,66,70,63,6c,68,6e,
    69,69,62,6a,70,70,00,ff
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

Link to post
Share on other sites

Thank you for your help!

Here's the latest ComboFix log:

ComboFix 13-02-03.03 - Hai 02/06/2013 7:22.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16339.14255 [GMT -8:00]

Running from: c:\users\Hai\Desktop\ComboFix.exe

Command switches used :: c:\users\Hai\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-01-06 to 2013-02-06 )))))))))))))))))))))))))))))))

.

.

2013-02-06 15:24 . 2013-02-06 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-06 07:12 . 2013-02-06 07:12 -------- d-----w- c:\users\Hai\AppData\Local\Futuremark

2013-02-06 06:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4326CDFA-7DE5-4A98-8004-087A3FB46E4C}\mpengine.dll

2013-02-02 07:18 . 2013-02-02 07:18 -------- d-----w- c:\users\Hai\AppData\Roaming\SUPERAntiSpyware.com

2013-02-02 07:17 . 2013-02-02 07:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-01-31 05:00 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2013-01-28 08:08 . 2013-01-28 08:08 -------- d-----w- c:\programdata\id Software

2013-01-23 07:45 . 2013-01-23 07:45 -------- d-----w- c:\users\Hai\AppData\Local\4A Games

2013-01-20 17:33 . 2013-01-20 17:33 -------- d-----w- c:\users\Hai\AppData\Local\The Witcher 2

2013-01-18 03:51 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2013-01-18 03:51 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2013-01-18 03:51 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll

2013-01-18 03:51 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll

2013-01-18 03:51 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2013-01-18 03:51 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-06 06:42 . 2012-05-04 04:11 1048576 ----a-w- c:\windows\PE_Rom.dll

2013-01-18 03:55 . 2012-05-01 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe

2013-01-17 09:28 . 2012-05-01 10:10 273840 ------w- c:\windows\system32\MpSigStub.exe

2012-12-29 10:54 . 2012-12-29 10:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-12-29 10:34 . 2013-01-05 22:24 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-01-05 22:24 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-01-05 22:24 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-01-05 22:24 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-01-05 22:24 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-01-05 22:24 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 10:34 . 2013-01-05 22:24 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-12-29 10:34 . 2013-01-05 22:24 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-01-05 22:24 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-12-29 10:34 . 2013-01-05 22:24 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 10:34 . 2013-01-05 22:24 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-01-05 22:24 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-01-05 22:24 364984 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2012-12-29 10:34 . 2013-01-05 22:24 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-01-05 22:24 246024 ----a-w- c:\windows\system32\nvinitx.dll

2012-12-29 10:34 . 2013-01-05 22:24 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-05 22:24 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-01-05 22:24 201728 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-12-29 10:34 . 2013-01-05 22:24 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-01-05 22:24 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-01-05 22:24 420280 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2012-12-29 10:34 . 2013-01-05 22:24 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-01-05 22:24 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2013-01-05 22:24 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-01-05 22:24 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-01-05 22:24 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-01-05 22:24 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 08:40 . 2013-01-05 22:24 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2013-01-05 22:24 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2013-01-05 22:24 2923201 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-29 08:40 . 2013-01-05 22:24 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2013-01-05 22:24 63928 ----a-w- c:\windows\system32\nvshext.dll

2012-12-29 08:40 . 2013-01-05 22:24 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-23 04:42 . 2012-05-21 03:29 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-12-23 02:33 . 2012-05-21 03:27 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-16 17:11 . 2012-12-29 04:34 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-29 04:34 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-29 04:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-29 04:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-15 00:49 . 2012-09-15 08:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-03 15:47 . 2013-01-04 05:53 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-03 15:47 . 2013-01-04 05:53 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-11-30 04:45 . 2013-01-18 03:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-22 20:47 . 2012-11-22 22:22 3123272 ----a-w- c:\windows\SysWow64\pbsvc.exe

2012-11-14 07:06 . 2012-12-13 05:53 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 05:53 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 05:53 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 05:53 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 05:53 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 05:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 05:53 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 05:53 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 05:53 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 05:53 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 05:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 05:53 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 05:53 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 05:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 05:53 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 05:53 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 05:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 05:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 05:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 05:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 05:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-13 05:52 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-13 05:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-12 969104]

"KiesHelper"="d:\program files (x86)\Samsung\Kies\Kies\KiesHelper.exe" [2012-06-08 958392]

"KiesPDLR"="d:\program files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2012-9-17 273408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys [x]

R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-23 77104]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-20 283200]

S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]

S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe [2012-02-01 1489024]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2012-03-09 23816]

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2011-08-05 225280]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-08-16 178344]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]

S2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]

S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-23 79504]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-26 237056]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-20 363800]

S2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 18:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Hai\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-28 6457960]

"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\

FF - ExtSQL: !HIDDEN! 2012-05-07 18:22; hotfix@mozilla.org; c:\users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-02-06 07:29:13 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-06 15:29

ComboFix2.txt 2013-02-06 07:10

ComboFix3.txt 2013-02-06 06:30

.

Pre-Run: 154,760,146,944 bytes free

Post-Run: 154,703,331,328 bytes free

.

- - End Of File - - D4D9805C65658C6113593E10AE60BCFF

Link to post
Share on other sites

Hi,

Looks like it's still there. Thanks for the help.

--------

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hai :: HAI-HPC [administrator]

Protection: Enabled

2/6/2013 9:30:50 PM

mbam-log-2013-02-06 (21-30-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215435

Time elapsed: 1 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Good afternoon Jedarius,

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

Here is the report, thanks!

-------------

RogueKiller V8.4.4 _x64_ [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Hai [Admin rights]

Mode : Scan -- Date : 02/06/2013 21:52:35

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++

--- User ---

[MBR] a84a3071fd3074408f5495acf01b6006

[bSP] f6869d97edfc0a9223271ed1665b78f8 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: MKNSSDCR240GB-DX ATA Device +++++

--- User ---

[MBR] cc946a1e656ddbdaf3826ee05cb4aa7d

[bSP] e068673aed98b75bcd56a6fe2c6f7508 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228934 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02062013_02d2152.txt >>

RKreport[1]_S_02062013_02d2152.txt

Link to post
Share on other sites

Hey Jedarius,

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.

=====

Now try MBAM and see what it finds please.

=====

In your reply please provide the contents of the logs from MBAM and RogueKiller.

Link to post
Share on other sites

Here's the RogueKiller log:

RogueKiller V8.4.4 _x64_ [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Hai [Admin rights]

Mode : Remove -- Date : 02/06/2013 23:07:44

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++

--- User ---

[MBR] a84a3071fd3074408f5495acf01b6006

[bSP] f6869d97edfc0a9223271ed1665b78f8 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: MKNSSDCR240GB-DX ATA Device +++++

--- User ---

[MBR] cc946a1e656ddbdaf3826ee05cb4aa7d

[bSP] e068673aed98b75bcd56a6fe2c6f7508 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228934 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_02062013_02d2307.txt >>

RKreport[1]_S_02062013_02d2152.txt ; RKreport[2]_D_02062013_02d2307.txt

----------------------------------------

Looks like the trojan is still there.

:(

----------------------------------------

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.06.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hai :: HAI-HPC [administrator]

Protection: Enabled

2/7/2013 8:38:29 PM

mbam-log-2013-02-07 (20-38-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215279

Time elapsed: 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Good afternoon Jedarius,

OK.

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Link to post
Share on other sites

Thank you for your continued help.

Here is the AdwCleaner log:

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 22:44:26

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Hai - HAI-HPC

# Boot Mode : Normal

# Running from : C:\Users\Hai\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1120 octets] - [08/02/2013 22:44:26]

########## EOF - C:\AdwCleaner[R1].txt - [1180 octets] ##########

Link to post
Share on other sites

Hey Jedarius,

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

Please give MBAM a fresh run and see what it finds.

Link to post
Share on other sites

Thank you for your continued help.

Here is the RogueKiller report:

RogueKiller V8.5.0 _x64_ [Feb 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Hai [Admin rights]

Mode : Remove -- Date : 02/09/2013 13:32:26

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-00UU3A0 ATA Device +++++

--- User ---

[MBR] a84a3071fd3074408f5495acf01b6006

[bSP] f6869d97edfc0a9223271ed1665b78f8 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: MKNSSDCR240GB-DX ATA Device +++++

--- User ---

[MBR] cc946a1e656ddbdaf3826ee05cb4aa7d

[bSP] e068673aed98b75bcd56a6fe2c6f7508 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 228934 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_02092013_02d1332.txt >>

RKreport[1]_S_02092013_02d1331.txt ; RKreport[2]_D_02092013_02d1332.txt

------------

MBAM shows a clean log, I will run another one tonight to see if the trojan re-emerges.

Thanks.

Link to post
Share on other sites

Looks like it's back, every 24 hr, without fail.

:(

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.09.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hai :: HAI-HPC [administrator]

Protection: Enabled

2/9/2013 10:39:40 PM

mbam-log-2013-02-09 (22-39-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215530

Time elapsed: 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Hey Jedarius,

Time to try something else.

Please download TFC to your Desktop.

  • Open the file and close any other windows.
  • It will close all programs itself when run; make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job.
  • Once its finished it should reboot your machine; if not, do this yourself to ensure a complete clean.

=====

Now please give MBAM another run and see what it finds.

Link to post
Share on other sites

I've ran TFC and rebooted...but it looks like the trojan came back after 24 hrs.

:(

Here's my latest MBAM log:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.10.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hai :: HAI-HPC [administrator]

Protection: Enabled

2/10/2013 11:26:19 PM

mbam-log-2013-02-10 (23-26-19).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215420

Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Hey Jedarius,

Please download Windows Repair from here.

  • Extract and launch Repair_Windows.exe.
  • on the Start repairs tab and then click on Start.
  • Check mark the following options:
    Reset Registry Permissions
    Reset File Permissions
    Repair WMI
    Remove Policies Set By Infections
  • Checkmark the Restart System When Finished option.
  • Click the Start button.
  • Restart your computer when it is has finished.

=====

Then run MBAM and see what it finds. Please post the new log in your reply.

Link to post
Share on other sites

I've ran Repair_Windows.exe with the above options and it looks like the Trojan is still at large.

It seems that it always reappears at exactly 11:30pm PST.

Here's the latest MBAM log:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.11.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Hai :: HAI-HPC [administrator]

Protection: Enabled

2/11/2013 11:31:58 PM

mbam-log-2013-02-11 (23-31-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215482

Time elapsed: 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|WindowsLiveUpdate (Trojan.Agent.DL) -> Data: C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hai\AppData\Roaming\MCommon\WindowsLiveUpdate.exe (Trojan.Agent.DL) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Hey Jedarius,

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

Thanks for the continual help!

Here's the OTL.txt log:

OTL logfile created on: 2/12/2013 8:11:54 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hai\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 13.96 Gb Available Physical Memory | 87.52% Memory free

15.95 Gb Paging File | 14.08 Gb Available in Paging File | 88.24% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 223.57 Gb Total Space | 144.36 Gb Free Space | 64.57% Space Free | Partition Type: NTFS

Drive D: | 465.66 Gb Total Space | 341.65 Gb Free Space | 73.37% Space Free | Partition Type: NTFS

Drive F: | 2794.51 Gb Total Space | 1758.01 Gb Free Space | 62.91% Space Free | Partition Type: NTFS

Computer Name: HAI-HPC | User Name: Hai | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/12 20:11:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hai\Desktop\OTL.exe

PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/11 21:39:06 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2012/06/08 03:02:10 | 000,021,432 | ---- | M] () -- D:\Program Files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/02 01:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

PRC - [2012/02/01 01:16:33 | 001,489,024 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe

PRC - [2012/01/20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/01/20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/01/20 10:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/01/10 08:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

PRC - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/10/28 17:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe

PRC - [2011/09/08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

PRC - [2010/11/26 20:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

PRC - [2010/10/21 01:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

PRC - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/10 10:05:29 | 000,115,137 | ---- | M] () -- C:\Users\Hai\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2013/01/17 20:57:53 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll

MOD - [2013/01/17 20:56:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll

MOD - [2013/01/17 20:56:38 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll

MOD - [2013/01/17 19:58:52 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll

MOD - [2013/01/17 19:58:46 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll

MOD - [2013/01/17 19:58:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll

MOD - [2013/01/17 19:58:44 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll

MOD - [2013/01/17 19:58:43 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll

MOD - [2013/01/17 19:58:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll

MOD - [2013/01/17 19:58:40 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll

MOD - [2013/01/17 19:58:40 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll

MOD - [2013/01/17 19:58:39 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll

MOD - [2013/01/17 19:58:36 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll

MOD - [2012/06/08 03:02:10 | 000,021,432 | ---- | M] () -- D:\Program Files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012/01/19 08:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll

MOD - [2011/12/28 10:18:44 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll

MOD - [2011/10/14 19:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll

MOD - [2011/09/26 17:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll

MOD - [2011/09/20 17:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll

MOD - [2011/09/19 19:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll

MOD - [2011/07/21 08:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll

MOD - [2011/07/12 18:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll

MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll

MOD - [2010/10/05 07:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll

MOD - [2009/08/12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/26 00:10:00 | 000,237,056 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)

SRV:64bit: - [2012/01/10 20:01:52 | 000,627,936 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2011/08/15 16:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®

SRV:64bit: - [2011/08/05 09:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)

SRV:64bit: - [2009/10/22 19:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/02/05 21:49:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/18 22:33:45 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/12/17 15:46:50 | 000,137,488 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/11 10:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV - [2012/05/01 10:54:29 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/26 00:10:00 | 000,237,056 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server)

SRV - [2012/04/05 14:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)

SRV - [2012/04/03 21:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/02/02 01:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)

SRV - [2012/02/01 01:16:33 | 001,489,024 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.24\AsusFanControlService.exe -- (AsusFanControlService)

SRV - [2012/01/20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/01/20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/01/20 10:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2011/10/28 17:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)

SRV - [2011/05/27 10:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)

SRV - [2010/10/21 01:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)

SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/10/22 19:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)

SRV - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2009/10/22 19:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)

SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/10/19 20:32:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/06 15:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/07/03 07:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/03/09 09:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 05:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)

DRV:64bit: - [2012/01/06 09:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)

DRV:64bit: - [2012/01/04 11:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/04 11:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/01/04 11:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/11/03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/11/03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2011/07/19 17:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)

DRV:64bit: - [2011/04/11 12:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)

DRV:64bit: - [2011/04/11 12:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/08/17 09:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)

DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009/10/22 19:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2009/10/22 19:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2009/10/22 19:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2009/10/22 19:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)

DRV:64bit: - [2009/10/22 19:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 60 2C 8F 73 C4 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4

FF - prefs.js..extensions.enabledAddons: %7Bea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99%7D:0.3.8.1

FF - prefs.js..extensions.enabledAddons: hotfix%40mozilla.org:2.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013/01/30 21:34:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 21:49:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 22:16:48 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2013/01/30 21:34:09 | 000,000,000 | ---D | M]

[2012/05/01 10:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hai\AppData\Roaming\Mozilla\Extensions

[2012/05/01 11:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions

[2013/01/30 21:34:09 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

[2012/11/29 21:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\extensions

[2012/11/29 21:13:57 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/08/29 22:39:40 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\Hai\AppData\Roaming\Mozilla\Firefox\Profiles\c4g4sdlg.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi

[2013/01/18 22:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/02/05 21:49:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009/10/22 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

[2012/06/28 07:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012/08/28 22:58:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/12 13:15:34 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/06 07:28:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [KiesHelper] D:\Program Files (x86)\Samsung\Kies\Kies\KiesHelper.exe (Samsung)

O4 - HKCU..\Run: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12374DEC-DD54-45AB-97A1-0113484FDCBB}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 20:11:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hai\Desktop\OTL.exe

[2013/02/11 23:05:39 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2013/02/11 23:03:24 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs

[2013/02/10 21:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/02/10 21:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/02/10 09:50:05 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Hai\Desktop\TFC.exe

[2013/02/06 07:29:15 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/02/06 07:28:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013/02/05 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\Hai\AppData\Local\Futuremark

[2013/02/05 23:12:43 | 000,000,000 | ---D | C] -- C:\Users\Hai\Documents\3DMark

[2013/02/05 22:22:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/02/05 22:22:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/02/05 22:22:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/02/05 22:22:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/02/05 22:22:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/02/01 23:18:21 | 000,000,000 | ---D | C] -- C:\Users\Hai\AppData\Roaming\SUPERAntiSpyware.com

[2013/02/01 23:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/02/01 23:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/01/30 21:00:35 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

[2013/01/28 00:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software

[2013/01/28 00:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software

[2013/01/23 01:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner

[2013/01/22 23:49:01 | 000,000,000 | ---D | C] -- C:\Users\Hai\Documents\4A Games

[2013/01/22 23:45:50 | 000,000,000 | ---D | C] -- C:\Users\Hai\AppData\Local\4A Games

[2013/01/20 09:33:08 | 000,000,000 | ---D | C] -- C:\Users\Hai\Documents\Witcher 2

[2013/01/20 09:33:08 | 000,000,000 | ---D | C] -- C:\Users\Hai\AppData\Local\The Witcher 2

[2013/01/20 09:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com

[2013/01/18 22:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/17 19:52:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/01/17 19:52:49 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/01/17 19:52:48 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs

[2013/01/17 19:52:48 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs

[2013/01/17 19:52:48 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs

[2013/01/17 19:52:48 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs

[2013/01/17 19:52:48 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs

[2013/01/17 19:52:48 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs

[2013/01/17 19:52:48 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs

[2013/01/17 19:52:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs

[2013/01/17 19:52:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs

[2013/01/17 19:52:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs

[2013/01/17 19:52:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs

[2013/01/17 19:52:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs

[2013/01/17 19:52:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs

[2013/01/17 19:52:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs

[2013/01/17 19:52:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs

[2013/01/17 19:52:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs

[2013/01/17 19:52:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs

[2013/01/17 19:52:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs

[2013/01/17 19:52:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs

[2013/01/17 19:52:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs

[2013/01/17 19:52:46 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll

[2013/01/17 19:52:46 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll

[2013/01/17 19:52:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll

[2013/01/17 19:52:46 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll

[2013/01/17 19:52:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs

[2013/01/17 19:52:44 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs

[2013/01/17 19:52:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs

[2013/01/17 19:52:44 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs

[2013/01/17 19:52:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs

[2013/01/17 19:52:44 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs

[2013/01/17 19:52:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs

[2013/01/17 19:52:44 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs

[2013/01/17 19:52:35 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013/01/17 19:52:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013/01/17 19:52:33 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013/01/17 19:52:33 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013/01/17 19:52:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013/01/17 19:52:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013/01/17 19:52:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013/01/17 19:52:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013/01/17 19:52:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013/01/17 19:52:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013/01/17 19:52:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/17 19:52:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/17 19:52:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/17 19:52:31 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/17 19:52:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/17 19:52:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/17 19:52:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/17 19:52:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/17 19:52:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/17 19:52:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/17 19:52:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/17 19:52:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/17 19:52:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/17 19:52:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/17 19:52:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/17 19:52:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/17 19:52:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013/01/17 19:52:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013/01/17 19:52:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/17 19:52:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/17 19:52:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/17 19:52:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/17 19:52:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/17 19:52:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/17 19:52:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/17 19:52:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013/01/17 19:51:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2013/01/17 19:51:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2013/01/17 19:51:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe

========== Files - Modified Within 30 Days ==========

[2013/02/12 20:11:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hai\Desktop\OTL.exe

[2013/02/12 19:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/12 14:42:14 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/12 14:42:14 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/12 14:40:16 | 000,797,386 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/12 14:40:16 | 000,672,374 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/12 14:40:16 | 000,126,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/12 14:35:47 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll

[2013/02/12 14:35:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/11 23:19:14 | 000,424,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/11 23:17:14 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE

[2013/02/11 23:16:55 | 000,797,386 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/02/10 21:43:37 | 000,124,472 | ---- | M] () -- C:\Users\Hai\Documents\cc_20130210_214333.reg

[2013/02/10 09:50:05 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Hai\Desktop\TFC.exe

[2013/02/09 13:30:46 | 000,768,512 | ---- | M] () -- C:\Users\Hai\Desktop\RogueKillerX64.exe

[2013/02/06 07:28:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/01/30 21:36:56 | 000,186,937 | ---- | M] () -- C:\Users\Hai\AppData\Local\census.cache

[2013/01/30 21:36:56 | 000,103,151 | ---- | M] () -- C:\Users\Hai\AppData\Local\ars.cache

[2013/01/30 20:59:17 | 000,000,036 | ---- | M] () -- C:\Users\Hai\AppData\Local\housecall.guid.cache

[2013/01/20 09:26:41 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk

[2013/01/20 00:19:42 | 057,820,472 | ---- | M] () -- C:\Users\Hai\Desktop\Okami Guide.pdf

========== Files Created - No Company Name ==========

[2013/02/10 21:43:35 | 000,124,472 | ---- | C] () -- C:\Users\Hai\Documents\cc_20130210_214333.reg

[2013/02/09 13:30:45 | 000,768,512 | ---- | C] () -- C:\Users\Hai\Desktop\RogueKillerX64.exe

[2013/02/05 22:22:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/02/05 22:22:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/02/05 22:22:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/02/05 22:22:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/02/05 22:22:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/30 21:34:10 | 000,186,937 | ---- | C] () -- C:\Users\Hai\AppData\Local\census.cache

[2013/01/30 21:03:24 | 000,103,151 | ---- | C] () -- C:\Users\Hai\AppData\Local\ars.cache

[2013/01/30 20:59:17 | 000,000,036 | ---- | C] () -- C:\Users\Hai\AppData\Local\housecall.guid.cache

[2013/01/20 09:26:41 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 - Assassins of Kings Enhanced Edition.lnk

[2013/01/04 16:21:34 | 000,003,403 | ---- | C] () -- C:\Users\Hai\unigine_20130104_1621.html

[2012/11/22 14:22:42 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2012/10/20 18:53:57 | 000,011,264 | ---- | C] () -- C:\Users\Hai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/09/24 14:48:30 | 000,000,091 | ---- | C] () -- C:\Users\Hai\AppData\Local\fusioncache.dat

[2012/09/17 17:52:08 | 000,150,904 | ---- | C] () -- C:\Windows\Wiainst64.exe

[2012/09/06 23:57:24 | 000,003,402 | ---- | C] () -- C:\Users\Hai\unigine_20120907_0057.html

[2012/05/26 21:59:55 | 000,003,402 | ---- | C] () -- C:\Users\Hai\unigine_20120526_2259.html

[2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2012/05/22 23:13:38 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2012/05/22 23:05:57 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll

[2012/05/22 23:05:57 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll

[2012/05/15 23:33:46 | 000,003,400 | ---- | C] () -- C:\Users\Hai\unigine_20120516_0033.html

[2012/05/06 20:08:28 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys

[2012/05/06 20:08:28 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe

[2012/05/05 19:51:53 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini

[2012/05/03 22:09:27 | 004,931,616 | ---- | C] () -- C:\Windows\PE_File.dll

[2012/05/03 20:11:54 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll

[2012/05/03 20:06:09 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys

[2012/05/03 20:06:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys

[2012/05/03 18:03:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012/05/01 09:43:04 | 000,003,072 | ---- | C] () -- C:\Users\Hai\AppData\Local\file__0.localstorage

[2012/05/01 03:52:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/05/01 01:50:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/05/01 01:50:14 | 000,038,636 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2012/05/01 01:44:30 | 000,797,386 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/01 01:42:54 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll

[2012/05/01 01:42:54 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll

[2012/05/01 01:42:54 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll

[2012/05/01 01:42:54 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe

[2012/05/01 01:42:54 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe

[2012/05/01 01:42:54 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe

[2012/05/01 01:42:54 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe

[2012/01/10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/19 05:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2013/02/08 22:44:29 | 000,001,247 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013/02/08 22:44:43 | 000,001,307 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2013/02/08 22:49:34 | 000,000,965 | ---- | M] () -- C:\AdwCleaner[R3].txt

[2013/02/09 07:00:35 | 000,001,024 | ---- | M] () -- C:\AdwCleaner[R4].txt

[2013/02/08 22:45:43 | 000,001,377 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2013/02/06 07:29:14 | 000,025,166 | ---- | M] () -- C:\ComboFix.txt

[2012/11/02 23:21:41 | 000,000,461 | ---- | M] () -- C:\Sys_LogWin.log

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys

@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys

@Alternate Data Stream - 1536 bytes -> C:\Users\Hai\Documents\desktop.ini:gs5sys

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:553CA6CA

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.