TechSpot

Win64/Agent.BA trojan Win64/Conedex.B trojan found

By aywen89
Oct 13, 2012
  1. Here is the log found by my Eset Nod32 SM5

    10/14/2012 11:50:43 AMStartup scannerfileOperating memory » C:\Windows\assembly\GAC_32\Desktop.inia variant of Win32/Sirefef.EZ trojandeleted (after the next restart)AyWen-PC\Ay Wen
    10/14/2012 11:49:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:49:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:49:04 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:49:04 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:49:04 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:47:38 AMReal-time file system protectionfileC:\Windows\System32\services.exeWin64/Patched.A.Gen trojanerror while deletingAyWen-PC\Ay WenEvent occurred during an attempt to access the file by the application: C:\Windows\System32\taskmgr.exe.
    10/14/2012 11:44:58 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:44:51 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:44:48 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:44:48 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:44:48 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:41:07 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:41:06 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:40:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:40:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:40:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:37:39 AMReal-time file system protectionfileC:\Windows\assembly\GAC_32\Desktop.iniWin32/Sirefef.EZ trojancleaned by deleting (after the next restart)NT AUTHORITY\SYSTEMEvent occurred during an attempt to run the file by the application: C:\Program Files (x86)\Thunder Network\Thunder\Program\ThunderPreload.exe.
    10/14/2012 11:36:33 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:36:31 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:33:09 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 11:31:29 AMReal-time file system protectionfileC:\Windows\assembly\GAC_32\Desktop.iniWin32/Sirefef.EZ trojancleaned by deleting (after the next restart)AyWen-PC\Ay WenEvent occurred during an attempt to run the file by the application: C:\Windows\SysWOW64\rundll32.exe.
    10/14/2012 11:31:13 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:30:53 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:30:47 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:30:46 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:30:45 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:27:43 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 11:26:30 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:26:30 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:26:29 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:26:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:24:44 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 11:22:16 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:22:15 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:22:15 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:22:13 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:22:13 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:21:32 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 11:20:57 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 11:18:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:18:18 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:18:17 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:14:01 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:13:59 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:13:59 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:09:44 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:09:42 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:09:42 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:09:25 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:09:25 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:05:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:05:27 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:05:26 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:05:10 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:05:09 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:03:16 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 11:00:57 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:00:55 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:00:55 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:00:52 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 11:00:52 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:56:42 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:56:38 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:56:37 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to
     
  2. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:56:36 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:53:12 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 10:52:22 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:52:22 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:52:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:52:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:52:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:48:25 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:48:22 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:48:22 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:48:06 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:48:05 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:44:10 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 10:43:54 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:43:51 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:43:50 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:43:49 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:43:48 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:41:31 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 10:39:47 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:39:45 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:39:44 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:39:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:35:19 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:35:19 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:35:18 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:35:17 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:35:17 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:31:38 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:31:35 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:31:34 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:31:33 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 10:31:01 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:31:01 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:26:51 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:26:49 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:26:47 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:26:45 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:26:44 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:22:48 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:22:47 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:22:46 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:22:29 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:22:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:18:14 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:18:14 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:18:13 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:18:12 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:18:12 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:14:04 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:14:01 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:14:00 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:13:57 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:13:57 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:11:26 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 10:10:15 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:10:14 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:10:14 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:09:41 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:09:21 AMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/14/2012 10:05:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:05:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:05:27 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:05:27 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:05:25 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:03:22 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:01:36 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:01:35 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:01:09 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 10:01:09 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:56:55 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:56:54 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:56:53 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:56:52 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:56:52 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:52:55 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:52:54 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:52:45 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:52:36 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:52:36 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:48:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:48:32 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:48:27 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:48:20 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:48:20 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:46:01 AMReal-time file system protectionfileC:\Windows\System32\services.exeWin64/Patched.A.Gen trojanerror while deletingAyWen-PC\Ay WenEvent occurred during an attempt to access the file by the application: D:\Program Files (x86)\TuneUp Utilities 2012\ProcessManager.exe.
    10/14/2012 9:44:23 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:44:22 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:44:21 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:44:04 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:44:04 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:39:52 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:39:46 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:39:46 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:39:45 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:39:44 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:36:51 AMStartup scannerfileOperating memory » firefox.exe(4748)probably a variant of Win32/Sirefef.FD trojanunable to cleanAyWen-PC\Ay Wen
    10/14/2012 9:36:46 AMStartup scannerfileOperating memory » C:\Windows\assembly\GAC_32\Desktop.inia variant of Win32/Sirefef.EZ trojandeleted (after the next restart)AyWen-PC\Ay Wen
    10/14/2012 9:36:44 AMStartup scannerfileOperating memory » sqlbrowser.exe(2128)probably a variant of Win32/Sirefef.FD trojanunable to clean
    10/14/2012 9:36:41 AMStartup scannerfileOperating memory » C:\Windows\assembly\GAC_32\Desktop.inia variant of Win32/Sirefef.EZ trojandeleted (after the next restart)
    10/14/2012 9:36:34 AMReal-time file system protectionfileC:\windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanEvent occurred during an attempt to access the file by the application: C:\Program Files\ESET\ESET Smart Security\SysInspector.exe.
    10/14/2012 9:35:53 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:35:48 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:35:47 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:35:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:33:01 AMReal-time file system protectionfileC:\Windows\System32\services.exeWin64/Patched.A.Gen trojanerror while deletingAyWen-PC\Ay WenEvent occurred during an attempt to access the file by the application: C:\Windows\System32\taskmgr.exe.
    10/14/2012 9:31:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantinedNT AUTHORITY\SYSTEMEvent occurred during an attempt to access the file by the application: C:\Windows\System32\services.exe.
    10/14/2012 9:31:28 AMReal-time file system protectionfileC:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantinedEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 5:58:50 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanerror while deletingNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 5:45:36 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 5:41:05 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 5:21:53 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:56:13 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:53:43 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanerror while deletingNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:53:31 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:47:41 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanerror while deletingNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:44:36 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanerror while deletingNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:32:39 PMReal-time file system protectionfileC:\Windows\system32\services.exeWin64/Patched.A.Gen trojanunable to cleanNT AUTHORITY\LOCAL SERVICEEvent occurred during an attempt to access the file by the application: C:\Windows\System32\svchost.exe.
    10/13/2012 4:04:13 PMReal-time file system protectionfileC:\Users\AYWEN~1\AppData\Local\Temp\IXP000.TMP\setup.exea variant of Win32/Kryptik.AMZK trojancleaned by deleting - quarantinedAyWen-PC\Ay WenEvent occurred on a new file created by the application: H:\setup.exe.
    10/13/2012 4:04:00 PMStartup scannerfileOperating memory » H:\setup.exea variant of Win32/Kryptik.AMZK trojanAyWen-PC\Ay Wen
    10/13/2012 4:03:43 PMReal-time file system protectionfileC:\Users\AYWEN~1\AppData\Local\Temp\IXP000.TMP\setup.exea variant of Win32/Kryptik.AMZK trojancleaned by deleting - quarantinedAyWen-PC\Ay WenEvent occurred on a new file created by the application: H:\setup.exe.
     
  3. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Malwarebytes log

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.14.01

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    Ay Wen :: AYWEN-PC [administrator]

    Protection: Disabled

    10/14/2012 12:01:52 PM
    mbam-log-2012-10-14 (12-01-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 265564
    Time elapsed: 6 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

    (end)
     
  4. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-14 13:02:11
    Windows 6.1.7601 Service Pack 1
    Running: pnsjz600.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@6c0e0d388c97 0xBF 0xD4 0x10 0x42 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@6c0e0d388c97 0xBF 0xD4 0x10 0x42 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000019 0 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001a 0 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00001b 0 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CDF8.tmp 150798 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CDF9.tmp 150798 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CDFA.tmp 150798 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CDFB.tmp 150798 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CDFC.tmp 150798 bytes
    File C:\Users\Ay Wen\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\CE0D.tmp 150798 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\likebox[2].htm 25570 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\login_button[2].htm 9229 bytes

    ---- EOF - GMER 1.0.15 ----
     
  5. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Please Advice what to do next, thanks very much!!



    DDS (Ver_2012-10-14.05) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Ay Wen at 13:03:41 on 2012-10-14
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2776 [GMT 8:00]
    .
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    D:\Program Files (x86)\Orbitdownloader\orbitdm.exe
    D:\Program Files (x86)\Orbitdownloader\orbitnet.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=57C7248E857BEF2D6846345066E218E7
    uProxyOverride = 192.168.*.*;*.local
    uURLSearchHooks: SrchHook Class: {CE9CB67A-D729-4fed-A44F-B901A514C291} - C:\Windows\SysWOW64\cssrhplus.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: VideoUrlSniffer Class: {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\VideoUrlSniffer.2.0.1.99.(840).dll
    BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ѸÀ×ÏÂÔØÖ§³Ö: {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Noozxoide Labs, EIZO-Recycle Processing Audio Series] "C:\Program Files (x86)\Noozxoide Laboratories\EIZO-recycle Series\EIZO-recycle.exe" /hideme
    uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    mRun: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    mRunOnce: [FE3C28EF-70A9-4AB1-B78D-25BE11BAFAED] cmd.exe /C start /D "C:\Users\AYWEN~1\AppData\Local\Temp" /B FE3C28EF-70A9-4AB1-B78D-25BE11BAFAED.exe -postboot
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUEMA~1.LNK - C:\Program Files (x86)\Blue Manager Suite\BMExplorer.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: MaxConnectionPer1_0Server = dword:16
    uPolicies-System: MaxConnectionPerServer = dword:16
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: OldEnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: &??&???? - <no file>
    IE: &??&???????? - <no file>
    IE: &??&?????? - <no file>
    IE: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: ???????? - <no file>
    IE: ??????????? - <no file>
    IE: {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
    IE: {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
    IE: {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{09D856DA-7BC1-43E2-8F11-C028A02DD04A}\16977756E6 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{176A144B-7DA3-4AB4-9CCE-A12E453016C3} : NameServer = 202.188.0.133,202.188.1.5
    TCP: Interfaces\{2C2976DE-B4C4-4D49-A3B1-21FA98DFDB98} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2C2976DE-B4C4-4D49-A3B1-21FA98DFDB98}\16977756E60286F6573756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C8883286-3DD0-4697-9044-CF349F19D125}\16977756E60286F6573756 : DHCPNameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    IFEO: mediabuilder.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: trueimagelauncher.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: wdsmartware.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    x64-BHO: ??????: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.8.3574.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: mediabuilder.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    x64-IFEO: trueimagelauncher.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    x64-IFEO: wdsmartware.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.4.(212).dll
    FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(779).dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
    FF - plugin: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.1.dll
    FF - plugin: C:\Users\Ay Wen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Ay Wen\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    FF - plugin: C:\Windows\System32\npmproxy.dll
    FF - plugin: C:\Windows\System32\npOGPPlugin.dll
    FF - plugin: C:\Windows\System32\npptools.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
    FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    FF - ExtSQL: 2012-09-29 19:47; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-9-24 23304]
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\System32\drivers\tdrpm251.sys [2010-4-11 1455648]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-13 283200]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-12-25 20752]
    R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2012-3-27 1617472]
    R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    S0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
    S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
    S1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 D_Link_DWA-140_WPS;D_Link_DWA-140_WPS Service;C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [2012-3-27 53248]
    S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 399432]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-30 676936]
    S2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-7 214896]
    S2 MSSQL$A2006;SQL Server (A2006);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
    S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Ay Wen\Forefront UAG Remote Access Agent\uagwesterndigital-asianet\https1\uagqecsvc.exe [2011-10-26 149904]
    S2 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
    S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-4-11 250400]
    S3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]
    S3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-28 368640]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    S3 btiaa2dp;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btiaa2dp.sys [2008-9-16 82944]
    S3 BTiAPan;Bluetooth PAN Miniport;C:\Windows\System32\drivers\btiapan.sys [2008-9-16 37888]
    S3 btiarcp;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btiarcp.sys [2008-7-30 10880]
    S3 btiaspp;Bluetooth Serial driver;C:\Windows\System32\drivers\btiaspp.sys [2008-9-16 92160]
    S3 BTIAUSB;Generic Bluetooth Device;C:\Windows\System32\drivers\btiausb.sys [2008-11-14 31744]
    S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2009-9-24 27776]
    S3 BTPROT;Generic Bluetooth Filter;C:\Windows\System32\drivers\btprot.sys [2008-11-14 517632]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-6 102240]
    S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-20 20552]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-7-5 14448]
    S3 iAnywhere_btAudio;Bluetooth Virtual SCO Device;C:\Windows\System32\drivers\btiasco.sys [2008-7-30 25088]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2009-8-26 30344]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-30 25928]
    S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
    S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-5-5 117520]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 115168]
    S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
    S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);C:\Windows\System32\drivers\s1029bus.sys [2010-2-28 113704]
    S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;C:\Windows\System32\drivers\s1029mdfl.sys [2010-2-28 19496]
    S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;C:\Windows\System32\drivers\s1029mdm.sys [2010-2-28 152616]
    S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1029mgmt.sys [2010-2-28 132648]
    S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1029nd5.sys [2010-2-28 34856]
    S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1029obex.sys [2010-2-28 128552]
    S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1029unic.sys [2010-2-28 145960]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2011-6-23 155320]
    S3 SRS_PremiumSound_Service;Noozxoide Labs, EIZO-recycle Processor Series;C:\Windows\System32\drivers\DSAPGX114_64pmo.sys [2009-12-8 342952]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-6 203104]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-5-10 16392]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-11 59392]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-25 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-4-11 2326920]
    .
    =============== Created Last 30 ================
    .
    2012-10-14 03:46:49--------d-----w-C:\Users\Ay Wen\AppData\Local\thumbs
    2012-10-14 03:18:14--------d-----w-C:\Windows\Installer2
    2012-10-13 10:08:48--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-10-13 08:23:49--------d-----w-C:\ProgramData\RELOADED
    2012-10-13 08:01:47283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-10-13 07:57:18560184----a-w-C:\Windows\System32\drivers\sptd.sys
    2012-10-13 07:49:2796224----a-w-C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-13 07:49:27157272----a-w-C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-12 20:25:5969000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08C42F69-FE90-4B55-ADA9-3EEE6FE713C4}\offreg.dll
    2012-10-12 20:25:089308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08C42F69-FE90-4B55-ADA9-3EEE6FE713C4}\mpengine.dll
    2012-10-09 21:10:595120---ha-w-C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 21:09:561464320----a-w-C:\Windows\System32\crypt32.dll
    2012-10-09 21:09:55184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-10-09 21:09:55140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-10-09 21:09:551159680----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-10-09 21:09:54140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-10-09 21:09:54103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-10-05 14:28:59--------d-----w-C:\ProgramData\AVAST Software
    2012-10-05 14:28:59--------d-----w-C:\Program Files\AVAST Software
    2012-10-05 14:05:31--------d-----w-C:\ProgramData\SecTaskMan
    2012-10-02 08:08:45--------d-----w-C:\Program Files\ESET
    2012-10-02 07:49:18--------d-----w-C:\Program Files (x86)\ESET
    2012-10-01 12:59:52514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-10-01 12:59:52366592----a-w-C:\Windows\System32\qdvd.dll
    2012-09-30 15:16:37552960----a-w-C:\Windows\System32\drivers\bthport.sys
    2012-09-30 14:47:393148800----a-w-C:\Windows\System32\win32k.sys
    2012-09-30 14:47:38245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-09-30 14:46:12956928----a-w-C:\Windows\System32\localspl.dll
    2012-09-30 14:36:352622464----a-w-C:\Windows\System32\wucltux.dll
    2012-09-30 14:36:2399840----a-w-C:\Windows\System32\wudriver.dll
    2012-09-30 14:36:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-09-30 14:36:12186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-09-30 07:06:24--------d-----w-C:\Users\Ay Wen\AppData\Roaming\Malwarebytes
    2012-09-30 04:59:57--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-30 04:51:1925928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-30 04:51:19--------d-----w-C:\ProgramData\Malwarebytes
    2012-09-30 04:51:19--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-30 03:28:49347424----a-w-C:\MicrosoftFixit.wu.RNP.158272406923423444.5.1.Run.exe
    2012-09-29 11:50:11--------d-----w-C:\Users\Ay Wen\AppData\Roaming\LavasoftStatistics
    2012-09-15 11:12:04--------d-----w-C:\Users\Ay Wen\AppData\Local\{08539865-93DB-4652-A04E-C761E2AC9E47}
    2012-09-14 14:29:46--------d-----w-C:\Program Files (x86)\Blue Manager Suite
    .
    ==================== Find3M ====================
    .
    2012-10-08 19:44:4973656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 19:44:49696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-28 02:05:044659712----a-w-C:\Windows\SysWow64\Redemption.dll
    2012-08-28 02:04:3490112----a-w-C:\Windows\MAMCityDownload.ocx
    2012-08-28 02:04:34330240----a-w-C:\Windows\MASetupCaller.dll
    2012-08-28 02:04:3430568----a-w-C:\Windows\MusiccityDownload.exe
    2012-08-28 02:04:32821824----a-w-C:\Windows\SysWow64\dgderapi.dll
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03715776----a-w-C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14542208----a-w-C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-07-31 10:42:48203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
    2012-07-31 10:42:48102240----a-w-C:\Windows\System32\drivers\ssudbus.sys
    2012-07-28 04:09:205538984----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-07-28 04:07:4410278912----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-07-28 03:43:1270144----a-w-C:\Windows\System32\coinst_8.982.dll
    2012-07-28 03:19:3424935424----a-w-C:\Windows\System32\atio6axx.dll
    2012-07-28 02:50:1020546560----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-07-28 02:15:50163840----a-w-C:\Windows\System32\atiapfxx.exe
    2012-07-28 02:15:42931328----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-07-28 02:13:561100288----a-w-C:\Windows\System32\aticfx64.dll
    2012-07-28 02:10:40442368----a-w-C:\Windows\System32\ATIDEMGX.dll
    2012-07-28 02:10:34534528----a-w-C:\Windows\System32\atieclxx.exe
    2012-07-28 02:09:44239616----a-w-C:\Windows\System32\atiesrxx.exe
    2012-07-28 02:08:20120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-07-28 02:08:0421504----a-w-C:\Windows\System32\atimuixx.dll
    2012-07-28 02:07:5859392----a-w-C:\Windows\System32\atiedu64.dll
    2012-07-28 02:07:5243520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-07-28 02:07:106430208----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-07-28 01:51:127052288----a-w-C:\Windows\System32\atidxx64.dll
    2012-07-28 01:41:324266496----a-w-C:\Windows\System32\atiumd6a.dll
    2012-07-28 01:35:1051200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-07-28 01:35:0846080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-07-28 01:35:0244544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-07-28 01:35:0044032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-07-28 01:34:4816034304----a-w-C:\Windows\System32\aticaldd64.dll
    2012-07-28 01:32:324751872----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-07-28 01:30:1013605888----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-07-28 01:25:526676480----a-w-C:\Windows\System32\atiumd64.dll
    2012-07-28 01:15:32540160----a-w-C:\Windows\System32\atiadlxx.dll
    2012-07-28 01:15:22368640----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-07-28 01:15:1217920----a-w-C:\Windows\System32\atig6pxx.dll
    2012-07-28 01:15:0814848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-07-28 01:15:0814848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-07-28 01:15:0441984----a-w-C:\Windows\System32\atig6txx.dll
    2012-07-28 01:14:5633280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-07-28 01:14:46368640----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-07-28 01:13:54129536----a-w-C:\Windows\System32\atiuxp64.dll
    2012-07-28 01:13:48109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-07-28 01:13:40103936----a-w-C:\Windows\System32\atiu9p64.dll
    2012-07-28 01:13:3283456----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-07-28 01:12:5453248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-07-28 01:08:4256320----a-w-C:\Windows\System32\atimpc64.dll
    2012-07-28 01:08:4256320----a-w-C:\Windows\System32\amdpcom64.dll
    2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-07-27 14:47:40187392----a-w-C:\Windows\System32\clinfo.exe
    2012-07-27 14:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
    .
    ============= FINISH: 13:04:06.39 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    I still need Attach.txt part of DDS.

    Next....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  7. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    I had tried this step based on the this post
    http://www.techspot.com/community/topics/trojan-win64-patched-a-on-system32-services-exe.186020/

    IT end up cannot boot up my windows, but I tried repair my windows 7 using windows disk and run the below option
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
    These are the step I had done before you reply me
    Now I can boot into window 7.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form ofTDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    ===============================
    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    ===============================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Here is the latest DDS logs


    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Ay Wen at 0:08:24 on 2012-10-15
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.1632 [GMT 8:00]
    .
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\SysWOW64\svchost -k XLServicePlatform
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Noozxoide Laboratories\EIZO-recycle Series\EIZO-recycle.exe
    C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Blue Manager Suite\BMExplorer.exe
    C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ay Wen\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=57C7248E857BEF2D6846345066E218E7
    uProxyOverride = 192.168.*.*;*.local
    uURLSearchHooks: SrchHook Class: {CE9CB67A-D729-4fed-A44F-B901A514C291} - C:\Windows\SysWOW64\cssrhplus.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: VideoUrlSniffer Class: {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\VideoUrlSniffer.2.0.1.99.(840).dll
    BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.7.70.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ѸÀ×ÏÂÔØÖ§³Ö: {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO7.2.8.3574.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Noozxoide Labs, EIZO-Recycle Processing Audio Series] "C:\Program Files (x86)\Noozxoide Laboratories\EIZO-recycle Series\EIZO-recycle.exe" /hideme
    uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    mRun: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUEMA~1.LNK - C:\Program Files (x86)\Blue Manager Suite\BMExplorer.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: MaxConnectionPer1_0Server = dword:16
    uPolicies-System: MaxConnectionPerServer = dword:16
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-Explorer: OldEnableShellExecuteHooks = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &Download by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: &??&???? - <no file>
    IE: &??&???????? - <no file>
    IE: &??&?????? - <no file>
    IE: Do&wnload selected by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - d:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: ???????? - <no file>
    IE: ??????????? - <no file>
    IE: {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm
    IE: {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm
    IE: {548BF84E-9665-47f9-B635-7380F8943E90} - C:\Program Files (x86)\Thunder Network\Thunder\Program\repairimage.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{09D856DA-7BC1-43E2-8F11-C028A02DD04A}\16977756E6 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{176A144B-7DA3-4AB4-9CCE-A12E453016C3} : NameServer = 202.188.0.133,202.188.1.5
    TCP: Interfaces\{2C2976DE-B4C4-4D49-A3B1-21FA98DFDB98} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2C2976DE-B4C4-4D49-A3B1-21FA98DFDB98}\16977756E60286F6573756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C8883286-3DD0-4697-9044-CF349F19D125}\16977756E60286F6573756 : DHCPNameServer = 192.168.1.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    IFEO: mediabuilder.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: trueimagelauncher.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: wdsmartware.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    x64-BHO: ??????: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.2.8.3574.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: mediabuilder.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    x64-IFEO: trueimagelauncher.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    x64-IFEO: wdsmartware.exe - "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.4.(212).dll
    FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(779).dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
    FF - plugin: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.1.dll
    FF - plugin: C:\Users\Ay Wen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Ay Wen\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    FF - plugin: C:\Windows\System32\npmproxy.dll
    FF - plugin: C:\Windows\System32\npOGPPlugin.dll
    FF - plugin: C:\Windows\System32\npptools.dll
    FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: D:\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
    FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
    FF - ExtSQL: 2012-09-29 19:47; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Ay Wen\AppData\Roaming\Mozilla\Firefox\Profiles\fx454o99.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;C:\Windows\System32\drivers\BtHidBus.sys [2009-9-24 23304]
    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\System32\drivers\tdrpm251.sys [2010-4-11 1455648]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-13 283200]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]
    R2 D_Link_DWA-140_WPS;D_Link_DWA-140_WPS Service;C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [2012-3-27 53248]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-30 399432]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-7 214896]
    R2 MSSQL$A2006;SQL Server (A2006);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
    R2 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-28 368640]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 btiaa2dp;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btiaa2dp.sys [2008-9-16 82944]
    R3 BTiAPan;Bluetooth PAN Miniport;C:\Windows\System32\drivers\btiapan.sys [2008-9-16 37888]
    R3 btiarcp;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btiarcp.sys [2008-7-30 10880]
    R3 btiaspp;Bluetooth Serial driver;C:\Windows\System32\drivers\btiaspp.sys [2008-9-16 92160]
    R3 BTIAUSB;Generic Bluetooth Device;C:\Windows\System32\drivers\btiausb.sys [2008-11-14 31744]
    R3 BTPROT;Generic Bluetooth Filter;C:\Windows\System32\drivers\btprot.sys [2008-11-14 517632]
    R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-12-25 20752]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-30 25928]
    R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2012-3-27 1617472]
    R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264]
    R3 SRS_PremiumSound_Service;Noozxoide Labs, EIZO-recycle Processor Series;C:\Windows\System32\drivers\DSAPGX114_64pmo.sys [2009-12-8 342952]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-30 676936]
    S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Users\Ay Wen\Forefront UAG Remote Access Agent\uagwesterndigital-asianet\https1\uagqecsvc.exe [2011-10-26 149904]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250808]
    S3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-4-11 250400]
    S3 btnetBUs;Bluetooth PAN Bus Service;C:\Windows\System32\drivers\btnetBus.sys [2009-9-24 27776]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-6 102240]
    S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-12-20 20552]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-7-5 14448]
    S3 iAnywhere_btAudio;Bluetooth Virtual SCO Device;C:\Windows\System32\drivers\btiasco.sys [2008-7-30 25088]
    S3 IvtBtBUs;IVT Bluetooth Bus Service;C:\Windows\System32\drivers\IvtBtBus.sys [2009-8-26 30344]
    S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
    S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-5-5 117520]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 115168]
    S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
    S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);C:\Windows\System32\drivers\s1029bus.sys [2010-2-28 113704]
    S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;C:\Windows\System32\drivers\s1029mdfl.sys [2010-2-28 19496]
    S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;C:\Windows\System32\drivers\s1029mdm.sys [2010-2-28 152616]
    S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1029mgmt.sys [2010-2-28 132648]
    S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1029nd5.sys [2010-2-28 34856]
    S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1029obex.sys [2010-2-28 128552]
    S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1029unic.sys [2010-2-28 145960]
    S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2011-6-23 155320]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-6 203104]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-5-10 16392]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-11 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-25 1255736]
    S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-4-11 2326920]
    .
    =============== Created Last 30 ================
    .
    2012-10-14 03:46:49--------d-----w-C:\Users\Ay Wen\AppData\Local\thumbs
    2012-10-14 03:18:14--------d-----w-C:\Windows\Installer2
    2012-10-13 10:08:48--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-10-13 08:23:49--------d-----w-C:\ProgramData\RELOADED
    2012-10-13 08:01:47283200----a-w-C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-10-13 07:57:18560184----a-w-C:\Windows\System32\drivers\sptd.sys
    2012-10-13 07:49:2796224----a-w-C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-10-13 07:49:27157272----a-w-C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
    2012-10-12 20:25:5969000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08C42F69-FE90-4B55-ADA9-3EEE6FE713C4}\offreg.dll
    2012-10-12 20:25:089308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{08C42F69-FE90-4B55-ADA9-3EEE6FE713C4}\mpengine.dll
    2012-10-09 21:10:595120---ha-w-C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 21:09:561464320----a-w-C:\Windows\System32\crypt32.dll
    2012-10-09 21:09:55184320----a-w-C:\Windows\System32\cryptsvc.dll
    2012-10-09 21:09:55140288----a-w-C:\Windows\System32\cryptnet.dll
    2012-10-09 21:09:551159680----a-w-C:\Windows\SysWow64\crypt32.dll
    2012-10-09 21:09:54140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2012-10-09 21:09:54103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2012-10-05 14:28:59--------d-----w-C:\ProgramData\AVAST Software
    2012-10-05 14:28:59--------d-----w-C:\Program Files\AVAST Software
    2012-10-05 14:05:31--------d-----w-C:\ProgramData\SecTaskMan
    2012-10-02 08:08:45--------d-----w-C:\Program Files\ESET
    2012-10-02 07:49:18--------d-----w-C:\Program Files (x86)\ESET
    2012-10-01 12:59:52514560----a-w-C:\Windows\SysWow64\qdvd.dll
    2012-10-01 12:59:52366592----a-w-C:\Windows\System32\qdvd.dll
    2012-09-30 15:16:37552960----a-w-C:\Windows\System32\drivers\bthport.sys
    2012-09-30 14:47:393148800----a-w-C:\Windows\System32\win32k.sys
    2012-09-30 14:47:38245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-09-30 14:46:12956928----a-w-C:\Windows\System32\localspl.dll
    2012-09-30 14:36:352622464----a-w-C:\Windows\System32\wucltux.dll
    2012-09-30 14:36:2399840----a-w-C:\Windows\System32\wudriver.dll
    2012-09-30 14:36:1236864----a-w-C:\Windows\System32\wuapp.exe
    2012-09-30 14:36:12186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-09-30 07:06:24--------d-----w-C:\Users\Ay Wen\AppData\Roaming\Malwarebytes
    2012-09-30 04:59:57--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-30 04:51:1925928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-09-30 04:51:19--------d-----w-C:\ProgramData\Malwarebytes
    2012-09-30 04:51:19--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-30 03:28:49347424----a-w-C:\MicrosoftFixit.wu.RNP.158272406923423444.5.1.Run.exe
    2012-09-29 11:50:11--------d-----w-C:\Users\Ay Wen\AppData\Roaming\LavasoftStatistics
    2012-09-15 11:12:04--------d-----w-C:\Users\Ay Wen\AppData\Local\{08539865-93DB-4652-A04E-C761E2AC9E47}
    .
    ==================== Find3M ====================
    .
    2012-10-08 19:44:4973656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 19:44:49696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-28 02:05:044659712----a-w-C:\Windows\SysWow64\Redemption.dll
    2012-08-28 02:04:3490112----a-w-C:\Windows\MAMCityDownload.ocx
    2012-08-28 02:04:34330240----a-w-C:\Windows\MASetupCaller.dll
    2012-08-28 02:04:3430568----a-w-C:\Windows\MusiccityDownload.exe
    2012-08-28 02:04:32821824----a-w-C:\Windows\SysWow64\dgderapi.dll
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-11 00:56:03715776----a-w-C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14542208----a-w-C:\Windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-07-31 10:42:48203104----a-w-C:\Windows\System32\drivers\ssudmdm.sys
    2012-07-31 10:42:48102240----a-w-C:\Windows\System32\drivers\ssudbus.sys
    2012-07-28 04:09:205538984----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-07-28 04:07:4410278912----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-07-28 03:43:1270144----a-w-C:\Windows\System32\coinst_8.982.dll
    2012-07-28 03:19:3424935424----a-w-C:\Windows\System32\atio6axx.dll
    2012-07-28 02:50:1020546560----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-07-28 02:15:50163840----a-w-C:\Windows\System32\atiapfxx.exe
    2012-07-28 02:15:42931328----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-07-28 02:13:561100288----a-w-C:\Windows\System32\aticfx64.dll
    2012-07-28 02:10:40442368----a-w-C:\Windows\System32\ATIDEMGX.dll
    2012-07-28 02:10:34534528----a-w-C:\Windows\System32\atieclxx.exe
    2012-07-28 02:09:44239616----a-w-C:\Windows\System32\atiesrxx.exe
    2012-07-28 02:08:20120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-07-28 02:08:0421504----a-w-C:\Windows\System32\atimuixx.dll
    2012-07-28 02:07:5859392----a-w-C:\Windows\System32\atiedu64.dll
    2012-07-28 02:07:5243520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-07-28 02:07:106430208----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-07-28 01:51:127052288----a-w-C:\Windows\System32\atidxx64.dll
    2012-07-28 01:41:324266496----a-w-C:\Windows\System32\atiumd6a.dll
    2012-07-28 01:35:1051200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-07-28 01:35:0846080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-07-28 01:35:0244544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-07-28 01:35:0044032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-07-28 01:34:4816034304----a-w-C:\Windows\System32\aticaldd64.dll
    2012-07-28 01:32:324751872----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-07-28 01:30:1013605888----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-07-28 01:25:526676480----a-w-C:\Windows\System32\atiumd64.dll
    2012-07-28 01:15:32540160----a-w-C:\Windows\System32\atiadlxx.dll
    2012-07-28 01:15:22368640----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-07-28 01:15:1217920----a-w-C:\Windows\System32\atig6pxx.dll
    2012-07-28 01:15:0814848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-07-28 01:15:0814848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-07-28 01:15:0441984----a-w-C:\Windows\System32\atig6txx.dll
    2012-07-28 01:14:5633280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-07-28 01:14:46368640----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-07-28 01:13:54129536----a-w-C:\Windows\System32\atiuxp64.dll
    2012-07-28 01:13:48109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-07-28 01:13:40103936----a-w-C:\Windows\System32\atiu9p64.dll
    2012-07-28 01:13:3283456----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-07-28 01:12:5453248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-07-28 01:08:4256320----a-w-C:\Windows\System32\atimpc64.dll
    2012-07-28 01:08:4256320----a-w-C:\Windows\System32\amdpcom64.dll
    2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-07-27 14:47:40187392----a-w-C:\Windows\System32\clinfo.exe
    2012-07-27 14:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
    .
    ============= FINISH: 0:09:08.37 ===============
     
  9. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Latest Malware bytes logs, does this means the threats already removed?

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.14.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ay Wen :: AYWEN-PC [administrator]

    10/15/2012 12:19:35 AM
    mbam-log-2012-10-15 (00-19-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267142
    Time elapsed: 6 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You need to re-read forum rules: http://www.techspot.com/community/topics/read-this-or-you-might-not-get-help.182638/

    Also, re-read rules I posted in my 1st reply:
    So from now on you do nothing else but what I ask you to do.

    Now I want you to follow instructions from my reply #6
     
  11. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Understood,done the step in reply 6

    here is the logs you requested

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2012
    Ran by SYSTEM at 15-10-2012 06:59:36
    Running from H:\
    Windows 7 Professional (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-06] (ESET)
    HKLM-x32\...\Run: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1074496 2011-06-28] (D-Link Corp.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-05] (Advanced Micro Devices, Inc.)
    HKU\Ay Wen\...\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
    HKU\Ay Wen\...\Run: [Noozxoide Labs, EIZO-Recycle Processing Audio Series] "C:\Program Files (x86)\Noozxoide Laboratories\EIZO-recycle Series\EIZO-recycle.exe" /hideme [4972544 2009-12-13] (Noozxoide Laboratories)
    HKU\Ay Wen\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48648 2011-05-22] (Mobile Stream)
    HKU\Ay Wen\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-11-10] (AMD)
    HKU\Ay Wen\...\Policies\system: [MaxConnectionPer1_0Server] 16
    HKU\Ay Wen\...\Policies\system: [MaxConnectionPerServer] 16
    HKU\sai.AyWen-PC\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [380928 2009-11-10] (AMD)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{176A144B-7DA3-4AB4-9CCE-A12E453016C3}: [NameServer]202.188.0.133,202.188.1.5
    IMEO\mediabuilder.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\trueimagelauncher.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\wdsmartware.exe: [Debugger] "D:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Blue Manager Suite.lnk
    ShortcutTarget: Blue Manager Suite.lnk -> C:\Program Files (x86)\Blue Manager Suite\BMExplorer.exe (iAnywhere Solutions)

    ==================== Services (Whitelisted) ===================

    4 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [891432 2009-09-12] (Acronis)
    4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2326920 2010-04-10] (Acronis)
    2 D_Link_DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-07-11] ()
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-06] (ESET)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
    2 MSSQL$A2006; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sA2006 [29293408 2010-12-10] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-03-19] ()
    2 uagqecsvc; C:\Users\Ay Wen\Forefront UAG Remote Access Agent\uagwesterndigital-asianet\https1\uagqecsvc.exe [149904 2011-12-07] (Microsoft ® Corporation)
    2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [88080 2012-06-11] (ShenZhen Xunlei Networking Technologies,LTD)
    3 SolidWorks Licensing Service; "C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe" [x]
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [x]
    2 winvnc; "C:\Program Files (x86)\TightVNC-Jaadu\WinVNC.exe" -service [x]

    ==================== Drivers (Whitelisted) =====================

    0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23304 2009-09-23] (IVT Corporation.)
    3 btiaa2dp; C:\Windows\System32\Drivers\btiaa2dp.sys [82944 2008-09-15] (iAnywhere Solutions)
    3 BTiAPan; C:\Windows\System32\Drivers\BTiAPan.sys [37888 2008-09-15] (iAnywhere Solutions)
    3 btiarcp; C:\Windows\System32\Drivers\btiarcp.sys [10880 2008-07-30] (iAnywhere Solutions)
    3 btiaspp; C:\Windows\System32\Drivers\btiaspp.sys [92160 2008-09-15] (iAnywhere Solutions)
    3 BTIAUSB; C:\Windows\System32\Drivers\BTIAUSB.sys [31744 2008-11-13] (iAnywhere Solutions)
    3 btnetBUs; C:\Windows\System32\Drivers\btnetBUs.sys [27776 2009-09-23] ()
    3 BTPROT; C:\Windows\System32\Drivers\BTPROT.sys [517632 2008-11-13] (iAnywhere Solutions)
    3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-12-19] (Devguru Co., Ltd)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-10-13] (DT Soft Ltd)
    1 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-13] (ESET)
    3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20752 2011-05-21] (Mobile Stream)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-13] (ESET)
    2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-13] (ESET)
    1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-13] (ESET)
    3 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [34144 2010-12-20] (ESET)
    0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-13] (ESET)
    3 iAnywhere_btAudio; C:\Windows\System32\drivers\btiasco.sys [25088 2008-07-30] (iAnywhere Solutions)
    3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBUs.sys [30344 2009-08-25] (IVT Corporation.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-27] (Ralink Technology Corp.)
    3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-23] (Primax Ltd)
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    3 s1029bus; C:\Windows\System32\Drivers\s1029bus.sys [113704 2009-05-25] (MCCI Corporation)
    3 s1029mdfl; C:\Windows\System32\Drivers\s1029mdfl.sys [19496 2009-05-25] (MCCI Corporation)
    3 s1029mdm; C:\Windows\System32\Drivers\s1029mdm.sys [152616 2009-05-25] (MCCI Corporation)
    3 s1029mgmt; C:\Windows\System32\Drivers\s1029mgmt.sys [132648 2009-05-25] (MCCI Corporation)
    3 s1029nd5; C:\Windows\System32\Drivers\s1029nd5.sys [34856 2009-05-25] (MCCI Corporation)
    3 s1029obex; C:\Windows\System32\Drivers\s1029obex.sys [128552 2009-05-25] (MCCI Corporation)
    3 s1029unic; C:\Windows\System32\Drivers\s1029unic.sys [145960 2009-05-25] (MCCI Corporation)
    2 Sllpsvdr; C:\Windows\SysWow64\Drivers\Sllpsvdr.sys [7328 1998-03-23] ()
    2 Slp1kdr; C:\Windows\SysWow64\Drivers\Slp1kdr.sys [6645 2001-03-05] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-12] (Duplex Secure Ltd.)
    3 SRS_PremiumSound_Service; C:\Windows\System32\drivers\DSAPGX114_64pmo.sys [342952 2009-04-19] ()
    0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2010-04-10] (Acronis)
    2 websafe; C:\Windows\SysWow64\Drivers\websafe.sys [15616 2010-10-09] ()
    0 32972063; C:\Windows\System32\drivers\57537292.sys [x]
    3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
    3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]
    3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [x]
    3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [x]
    3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]
    3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]
    3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
    3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]
    3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]
    3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
    3 tcphoc; \??\C:\Program Files (x86)\Thunder Network\Thunder\Program\tcphoc.sys [x]
    3 TuneUpUtilitiesDrv; \??\D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
    3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [x]
    3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [x]
    3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [x]
    3 X6va005; \??\C:\Users\AYWEN~1\AppData\Local\Temp\005B6C.tmp [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-15 06:59 - 2012-10-15 06:59 - 00000000 ____D C:\FRST
    2012-10-14 14:45 - 2012-10-14 14:45 - 01456929 ____A (Farbar) C:\Users\Ay Wen\Desktop\FRST64.exe
    2012-10-14 08:09 - 2012-10-14 08:20 - 00016782 ____A C:\Users\Ay Wen\Desktop\attach.txt
    2012-10-14 02:34 - 2012-10-14 02:34 - 00002546 ____A C:\Users\Ay Wen\Desktop\aswMBR.txt
    2012-10-14 02:34 - 2012-10-14 02:34 - 00000512 ____A C:\Users\Ay Wen\Desktop\MBR.dat
    2012-10-14 00:18 - 2012-10-14 00:19 - 04731392 ____A (AVAST Software) C:\Users\Ay Wen\Desktop\aswMBR.exe
    2012-10-14 00:18 - 2012-10-14 00:18 - 00003266 ____A C:\Users\Ay Wen\Desktop\RKreport[3].txt
    2012-10-14 00:16 - 2012-10-14 00:16 - 00005175 ____A C:\Users\Ay Wen\Desktop\RKreport[2].txt
    2012-10-14 00:14 - 2012-10-14 00:16 - 00000000 ____D C:\Users\Ay Wen\Desktop\RK_Quarantine
    2012-10-14 00:14 - 2012-10-14 00:14 - 00004156 ____A C:\Users\Ay Wen\Desktop\RKreport[1].txt
    2012-10-14 00:13 - 2012-10-14 00:13 - 01422336 ____A C:\Users\Ay Wen\Desktop\RogueKiller.exe
    2012-10-13 21:04 - 2012-10-14 08:09 - 00035660 ____A C:\Users\Ay Wen\Desktop\dds.txt
    2012-10-13 20:50 - 2012-10-13 20:50 - 00706431 ____R (Swearware) C:\Users\Ay Wen\Desktop\dds.com
    2012-10-13 20:19 - 2012-10-13 20:19 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Ay Wen\Desktop\tdsskiller.exe
    2012-10-13 20:13 - 2012-10-14 03:00 - 00013320 ____A C:\Windows\PFRO.log
    2012-10-13 20:06 - 2012-10-13 20:06 - 00302592 ____A C:\Users\Ay Wen\Desktop\pnsjz600.exe
    2012-10-13 19:36 - 2012-10-14 03:00 - 00000112 ____A C:\Windows\setupact.log
    2012-10-13 19:18 - 2012-10-13 19:18 - 00000000 ____D C:\Windows\Installer2
    2012-10-13 02:08 - 2012-10-13 02:08 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-13 00:23 - 2012-10-13 00:23 - 00000000 ____D C:\Users\All Users\RELOADED
    2012-10-13 00:20 - 2012-10-13 00:20 - 00000667 ____A C:\Users\Public\Desktop\R.A.W Realms of Ancient War.lnk
    2012-10-13 00:01 - 2012-10-13 00:01 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-10-12 23:57 - 2012-10-12 23:57 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
    2012-10-12 23:57 - 2012-10-12 23:57 - 00000859 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2012-10-12 23:50 - 2012-10-12 23:53 - 14294360 ____A (DT Soft Ltd) C:\Users\Ay Wen\Desktop\DTLite4454-0316.exe
    2012-10-09 13:11 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 13:11 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 13:11 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 13:11 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 13:11 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-09 13:11 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-09 13:11 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-09 13:11 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-09 13:11 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-09 13:11 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-09 13:11 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-09 13:11 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-09 13:11 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-09 13:11 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-09 13:11 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-09 13:11 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-09 13:11 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 13:11 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-09 13:10 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 13:10 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 13:10 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 13:10 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
     
  12. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    2012-10-09 13:10 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-09 13:10 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 13:10 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 13:10 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 13:09 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 13:09 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 13:09 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 13:09 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 13:09 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 13:09 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-06 06:43 - 2012-10-06 06:43 - 00000000 ____D C:\Windows\symbols
    2012-10-06 01:31 - 2012-10-06 01:31 - 00985600 ____A C:\Users\Ay Wen\Desktop\MicrosoftFixit50123.msi
    2012-10-05 06:29 - 2012-10-06 18:08 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-10-05 06:29 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-10-05 06:28 - 2012-10-06 18:08 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-10-05 06:28 - 2012-10-05 06:28 - 00000000 ____D C:\Program Files\AVAST Software
    2012-10-05 06:05 - 2012-10-05 06:11 - 00000000 ____D C:\Users\All Users\SecTaskMan
    2012-10-05 06:04 - 2012-10-05 06:05 - 02095024 ____A C:\Users\Ay Wen\Desktop\SecurityTaskManager_Setup.exe
    2012-10-05 06:02 - 2012-10-05 06:02 - 00370048 ____A (Neuber Software) C:\Users\Ay Wen\Desktop\SvchostAnalyzer.exe
    2012-10-04 06:17 - 2012-10-04 06:18 - 19137616 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\mpas-fe.exe
    2012-10-04 06:13 - 2012-10-04 06:14 - 17483288 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\Windows-KB890830-x64-V4.12.exe
    2012-10-04 05:56 - 2012-10-04 05:56 - 00347424 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\MicrosoftFixit.wu.LB.159272789311309173.2.1.Run.exe
    2012-10-04 05:55 - 2012-08-30 08:12 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-10-04 05:53 - 2012-10-04 06:01 - 16868888 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\Windows-KB890830-V4.12.exe
    2012-10-02 00:08 - 2012-10-02 00:08 - 00000000 ____D C:\Users\All Users\ESET
    2012-10-02 00:08 - 2012-10-02 00:08 - 00000000 ____D C:\Program Files\ESET
    2012-10-01 23:49 - 2012-10-01 23:49 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-10-01 23:28 - 2012-10-01 23:31 - 62664192 ____A C:\Users\Ay Wen\Desktop\ess_nt64_enu.msi
    2012-10-01 04:59 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
    2012-10-01 04:59 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2012-09-30 07:16 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
    2012-09-30 07:04 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-30 07:04 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-30 07:04 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-30 07:04 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-30 07:04 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-30 07:04 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-30 07:04 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-30 07:04 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-30 07:04 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-30 07:04 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-30 07:04 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-30 07:04 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-30 07:04 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-30 07:04 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-30 07:04 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-30 07:04 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-30 07:04 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-30 07:04 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-30 07:04 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-30 07:04 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-30 07:04 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-30 07:04 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-30 07:04 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-30 07:04 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-30 07:04 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-30 07:04 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-30 07:04 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-30 07:04 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-30 07:03 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-30 07:03 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-30 07:03 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-30 07:03 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-30 06:49 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-09-30 06:49 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-09-30 06:48 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-09-30 06:48 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-09-30 06:48 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-09-30 06:48 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-09-30 06:48 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-09-30 06:48 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-09-30 06:48 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
    2012-09-30 06:48 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-09-30 06:48 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-09-30 06:48 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-09-30 06:48 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-09-30 06:48 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-09-30 06:48 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-09-30 06:48 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-09-30 06:48 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-09-30 06:48 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-09-30 06:48 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-09-30 06:48 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-09-30 06:48 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-09-30 06:48 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-09-30 06:48 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
    2012-09-30 06:48 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2012-09-30 06:48 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-09-30 06:48 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-09-30 06:48 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-09-30 06:48 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-09-30 06:48 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-09-30 06:48 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-09-30 06:48 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-09-30 06:48 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2012-09-30 06:48 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
    2012-09-30 06:48 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
    2012-09-30 06:48 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2012-09-30 06:48 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-09-30 06:48 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-09-30 06:47 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-30 06:47 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-09-30 06:46 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
    2012-09-30 06:45 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
    2012-09-30 06:45 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
    2012-09-30 06:45 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
    2012-09-30 06:45 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2012-09-30 06:45 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2012-09-30 06:45 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-09-30 06:45 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-09-30 06:36 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-09-30 06:36 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-09-30 06:36 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-09-30 06:36 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-09-30 06:36 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-09-30 06:36 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-09-30 06:36 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-09-30 06:36 - 2012-06-01 23:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-09-30 06:36 - 2012-06-01 23:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-09-29 23:06 - 2012-09-29 23:06 - 00000000 ____D C:\Users\Ay Wen\AppData\Roaming\Malwarebytes
    2012-09-29 21:11 - 2012-09-29 21:11 - 00347424 ____A (Microsoft Corporation) C:\Users\sai.AyWen-PC\Downloads\MicrosoftFixit.wu.LB.155272413273457956.1.1.Run.exe
    2012-09-29 20:59 - 2012-10-14 00:11 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-09-29 20:51 - 2012-09-29 20:51 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-29 20:51 - 2012-09-29 20:51 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Malwarebytes
    2012-09-29 20:51 - 2012-09-29 20:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-09-29 20:51 - 2012-09-29 20:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-29 20:51 - 2012-09-07 01:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-29 20:50 - 2012-09-29 20:50 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\sai.AyWen-PC\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-29 20:50 - 2012-09-29 20:50 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Adobe
    2012-09-29 20:50 - 2012-09-29 20:50 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\Macromedia
    2012-09-29 20:01 - 2012-09-29 20:01 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\thumbs
    2012-09-29 19:53 - 2012-09-29 19:53 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\GrabPro
    2012-09-29 19:34 - 2012-09-29 19:34 - 00109184 ____A C:\Users\sai.AyWen-PC\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-29 19:33 - 2012-09-29 20:01 - 00000803 ____A C:\Users\sai.AyWen-PC\AppData\Local\bmarchive.bms
    2012-09-29 19:33 - 2012-09-29 19:53 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\adawarebp
    2012-09-29 19:33 - 2012-09-29 19:33 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\ESET
    2012-09-29 19:33 - 2012-09-29 19:33 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\ATI
    2012-09-29 19:33 - 2012-09-29 19:33 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\ESET
    2012-09-29 19:33 - 2012-09-29 19:33 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\ATI
    2012-09-29 19:31 - 2012-09-29 19:32 - 00000000 ___RD C:\Users\sai.AyWen-PC\Virtual Machines
    2012-09-29 19:31 - 2012-09-29 19:31 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Motorola
    2012-09-29 19:28 - 2012-09-29 19:26 - 00347424 ____A (Microsoft Corporation) C:\MicrosoftFixit.wu.RNP.158272406923423444.5.1.Run.exe
    2012-09-29 19:26 - 2012-09-29 19:26 - 00347424 ____A (Microsoft Corporation) C:\Users\sai.AyWen-PC\Downloads\MicrosoftFixit.wu.RNP.158272406923423444.5.1.Run.exe
    2012-09-29 19:25 - 2012-09-29 19:25 - 00347424 ____A (Microsoft Corporation) C:\Users\sai.AyWen-PC\Downloads\MicrosoftFixit.Performance.RNP.158272406923423444.2.1.Run.exe
    2012-09-29 19:24 - 2012-09-29 19:24 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Mozilla
    2012-09-29 19:24 - 2012-09-29 19:24 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\Mozilla
    2012-09-29 13:56 - 2012-09-29 13:56 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\TuneUp Software
    2012-09-29 13:49 - 2012-09-29 19:28 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Ad-Aware Antivirus
    2012-09-29 13:48 - 2012-09-29 19:31 - 00000000 ____D C:\users\sai.AyWen-PC
    2012-09-29 13:48 - 2012-09-29 13:48 - 00000020 ___SH C:\Users\sai.AyWen-PC\ntuser.ini
    2012-09-29 13:48 - 2010-10-20 09:26 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Macromedia
    2012-09-29 13:48 - 2010-05-13 11:56 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Roaming\Apple Computer
    2012-09-29 13:48 - 2009-10-26 08:27 - 00000000 ____D C:\Users\sai.AyWen-PC\AppData\Local\Microsoft Help
    2012-09-29 13:40 - 2012-10-15 06:59 - 00000000 ____D C:\users\sai
    2012-09-29 13:40 - 2010-10-20 09:26 - 00000000 ____D C:\Users\sai\AppData\Roaming\Macromedia
    2012-09-29 13:40 - 2010-05-13 11:56 - 00000000 ____D C:\Users\sai\AppData\Roaming\Apple Computer
    2012-09-29 13:40 - 2009-10-26 08:27 - 00000000 ____D C:\Users\sai\AppData\Local\Microsoft Help
    2012-09-29 03:50 - 2012-09-30 02:07 - 00000000 ____D C:\Users\Ay Wen\AppData\Roaming\LavasoftStatistics
    2012-09-15 03:12 - 2012-09-16 03:12 - 00000000 ____D C:\Users\Ay Wen\AppData\Local\{08539865-93DB-4652-A04E-C761E2AC9E47}

    ==================== 3 Months Modified Files ==================

    2012-10-14 14:49 - 2008-05-09 00:08 - 00000954 ____A C:\Users\Ay Wen\AppData\Local\bmarchive.bms
    2012-10-14 14:48 - 2009-07-13 21:13 - 00792886 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-14 14:45 - 2012-10-14 14:45 - 01456929 ____A (Farbar) C:\Users\Ay Wen\Desktop\FRST64.exe
    2012-10-14 14:44 - 2012-04-05 06:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-14 14:36 - 2010-08-10 05:16 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3286712610-3324488593-3930158484-1000UA.job
    2012-10-14 08:20 - 2012-10-14 08:09 - 00016782 ____A C:\Users\Ay Wen\Desktop\attach.txt
    2012-10-14 08:09 - 2012-10-13 21:04 - 00035660 ____A C:\Users\Ay Wen\Desktop\dds.txt
    2012-10-14 03:07 - 2009-07-13 20:45 - 00013808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 03:07 - 2009-07-13 20:45 - 00013808 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 03:01 - 2009-10-24 23:21 - 01532554 ____A C:\Windows\WindowsUpdate.log
    2012-10-14 03:00 - 2012-10-13 20:13 - 00013320 ____A C:\Windows\PFRO.log
    2012-10-14 03:00 - 2012-10-13 19:36 - 00000112 ____A C:\Windows\setupact.log
    2012-10-14 03:00 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-14 02:34 - 2012-10-14 02:34 - 00002546 ____A C:\Users\Ay Wen\Desktop\aswMBR.txt
    2012-10-14 02:34 - 2012-10-14 02:34 - 00000512 ____A C:\Users\Ay Wen\Desktop\MBR.dat
    2012-10-14 00:19 - 2012-10-14 00:18 - 04731392 ____A (AVAST Software) C:\Users\Ay Wen\Desktop\aswMBR.exe
    2012-10-14 00:18 - 2012-10-14 00:18 - 00003266 ____A C:\Users\Ay Wen\Desktop\RKreport[3].txt
    2012-10-14 00:16 - 2012-10-14 00:16 - 00005175 ____A C:\Users\Ay Wen\Desktop\RKreport[2].txt
    2012-10-14 00:14 - 2012-10-14 00:14 - 00004156 ____A C:\Users\Ay Wen\Desktop\RKreport[1].txt
    2012-10-14 00:13 - 2012-10-14 00:13 - 01422336 ____A C:\Users\Ay Wen\Desktop\RogueKiller.exe
    2012-10-13 20:50 - 2012-10-13 20:50 - 00706431 ____R (Swearware) C:\Users\Ay Wen\Desktop\dds.com
    2012-10-13 20:20 - 2011-10-24 06:34 - 00002227 ____A C:\Users\Ay Wen\Desktop\??7.lnk
    2012-10-13 20:19 - 2012-10-13 20:19 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Ay Wen\Desktop\tdsskiller.exe
    2012-10-13 20:06 - 2012-10-13 20:06 - 00302592 ____A C:\Users\Ay Wen\Desktop\pnsjz600.exe
    2012-10-13 19:57 - 2009-07-13 21:08 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-13 19:36 - 2010-07-24 23:14 - 00000106 ____A C:\SLNTLDR.LOG
    2012-10-13 00:20 - 2012-10-13 00:20 - 00000667 ____A C:\Users\Public\Desktop\R.A.W Realms of Ancient War.lnk
    2012-10-13 00:04 - 2012-09-06 05:57 - 00000375 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-10-13 00:01 - 2012-10-13 00:01 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-10-12 23:58 - 2010-08-10 05:16 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3286712610-3324488593-3930158484-1000Core.job
    2012-10-12 23:57 - 2012-10-12 23:57 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
    2012-10-12 23:57 - 2012-10-12 23:57 - 00000859 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    2012-10-12 23:56 - 2012-09-10 15:02 - 00002034 ___AH C:\Users\Ay Wen\Documents\Default.rdp
    2012-10-12 23:53 - 2012-10-12 23:50 - 14294360 ____A (DT Soft Ltd) C:\Users\Ay Wen\Desktop\DTLite4454-0316.exe
    2012-10-12 07:58 - 2012-02-01 04:42 - 00000025 ____A C:\Users\Ay Wen\AppData\Roaming\CoreAVC.ini
    2012-10-10 11:04 - 2009-10-28 17:12 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-08 11:44 - 2012-04-05 06:13 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-08 11:44 - 2011-05-20 04:39 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-06 18:08 - 2012-10-05 06:29 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-10-06 01:31 - 2012-10-06 01:31 - 00985600 ____A C:\Users\Ay Wen\Desktop\MicrosoftFixit50123.msi
    2012-10-05 06:05 - 2012-10-05 06:04 - 02095024 ____A C:\Users\Ay Wen\Desktop\SecurityTaskManager_Setup.exe
    2012-10-05 06:02 - 2012-10-05 06:02 - 00370048 ____A (Neuber Software) C:\Users\Ay Wen\Desktop\SvchostAnalyzer.exe
    2012-10-05 05:31 - 2010-10-04 07:06 - 00844954 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-10-04 06:18 - 2012-10-04 06:17 - 19137616 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\mpas-fe.exe
    2012-10-04 06:14 - 2012-10-04 06:13 - 17483288 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\Windows-KB890830-x64-V4.12.exe
    2012-10-04 06:01 - 2012-10-04 05:53 - 16868888 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\Windows-KB890830-V4.12.exe
    2012-10-04 05:56 - 2012-10-04 05:56 - 00347424 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\MicrosoftFixit.wu.LB.159272789311309173.2.1.Run.exe
    2012-10-04 05:53 - 2012-06-14 06:41 - 00889416 ____A (Microsoft Corporation) C:\Users\Ay Wen\Desktop\dotNetFx40_Full_setup.exe
    2012-10-01 23:31 - 2012-10-01 23:28 - 62664192 ____A C:\Users\Ay Wen\Desktop\ess_nt64_enu.msi
    2012-09-30 08:03 - 2009-07-13 20:45 - 00417416 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-09-30 07:18 - 2009-07-13 18:34 - 00000501 ____A C:\Windows\win.ini
    2012-09-29 21:11 - 2012-09-29 21:11 - 00347424 ____A (Microsoft Corporation) C:\Users\sai.AyWen-PC\Downloads\MicrosoftFixit.wu.LB.155272413273457956.1.1.Run.exe
    2012-09-29 20:51 - 2012-09-29 20:51 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-29 20:50 - 2012-09-29 20:50 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\sai.AyWen-PC\Downloads\mbam-setup-1.65.0.1400.exe
    2012-09-29 20:01 - 2012-09-29 19:33 - 00000803 ____A C:\Users\sai.AyWen-PC\AppData\Local\bmarchive.bms
    2012-09-29 19:34 - 2012-09-29 19:34 - 00109184 ____A C:\Users\sai.AyWen-PC\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-09-29 19:26 - 2012-09-29 19:28 - 00347424 ____A (Microsoft Corporation) C:\MicrosoftFixit.wu.RNP.158272406923423444.5.1.Run.exe
    2012-09-29 19:26 - 2012-09-29 19:26 - 00347424 ____A (Microsoft Corporation) C:\Users\sai.AyWen-PC\Downloads\MicrosoftFixit.wu.RNP.158272406923423444.5.1.Run.exe
    2012-09-29 19:25 - 2012-09-29 19:25 - 00347424 ____A (Microsoft Corporation) C:\Users\sai.AyWen-PC\Downloads\MicrosoftFixit.Performance.RNP.158272406923423444.2.1.Run.exe
    2012-09-29 13:48 - 2012-09-29 13:48 - 00000020 ___SH C:\Users\sai.AyWen-PC\ntuser.ini
    2012-09-14 11:19 - 2012-10-09 13:10 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-09 13:10 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-14 06:31 - 2012-09-14 06:31 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btiaspp_01005.Wdf
    2012-09-14 06:30 - 2012-09-14 06:30 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btprot_01005.Wdf
    2012-09-14 06:29 - 2012-09-14 06:29 - 00001814 ____A C:\Users\Public\Desktop\Launch Blue Manager Suite.lnk
    2012-09-08 20:55 - 2012-07-26 07:56 - 00000138 ____A C:\Windows\vsfilter.INI
    2012-09-07 01:04 - 2012-09-29 20:51 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-05 19:41 - 2012-09-05 19:41 - 00001996 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
    2012-09-01 01:39 - 2012-02-29 06:36 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-01 01:39 - 2009-11-05 16:24 - 00001905 ____A C:\Windows\diagwrn.xml
    2012-09-01 01:39 - 2009-11-05 16:24 - 00001905 ____A C:\Windows\diagerr.xml
    2012-08-31 10:19 - 2012-10-09 13:11 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 19:07 - 2012-08-30 19:07 - 00000966 ____A C:\Users\Ay Wen\Desktop\Orcs Must Die! 2.lnk
    2012-08-30 10:03 - 2012-10-09 13:11 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 13:11 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 13:11 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-30 08:12 - 2012-10-04 05:55 - 62164608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-08-27 18:05 - 2011-05-13 00:30 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
    2012-08-27 18:04 - 2012-09-05 19:40 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
    2012-08-27 18:04 - 2012-08-27 18:04 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
    2012-08-27 18:04 - 2012-08-27 18:04 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
    2012-08-27 18:04 - 2012-08-27 18:04 - 00030568 ____A () C:\Windows\MusiccityDownload.exe
    2012-08-27 06:49 - 2012-01-13 03:43 - 00001767 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-08-27 06:35 - 2012-08-27 06:32 - 62664192 ____A C:\Users\Ay Wen\Documents\ess_nt64_enu.msi
    2012-08-25 19:38 - 2009-10-24 11:02 - 00109184 ____A C:\Users\Ay Wen\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-08-24 10:05 - 2012-10-09 13:10 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 13:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-30 07:03 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-30 07:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-30 07:04 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
     
  13. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    2012-08-24 02:22 - 2012-09-30 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-30 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-30 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-30 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-30 07:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-30 07:04 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-30 07:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-30 07:04 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-30 07:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-30 07:04 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-30 07:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-30 07:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-30 07:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-30 07:03 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-30 07:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-30 07:04 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-30 07:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-30 07:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-30 07:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-30 07:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-30 07:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-30 07:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-30 07:04 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-30 07:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-30 07:04 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-30 07:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-30 07:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-30 07:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-30 07:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-23 05:38 - 2012-07-05 04:35 - 00002026 ____A C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
    2012-08-22 10:12 - 2012-09-30 06:48 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-30 06:48 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-30 06:48 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-30 06:48 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-30 06:47 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 01:12 - 2012-10-05 06:29 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-08-20 10:48 - 2012-10-09 13:11 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 13:11 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 13:11 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 13:11 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 13:11 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 13:11 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 13:11 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 13:11 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 13:11 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-09 13:11 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 13:11 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 13:11 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 13:11 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 13:11 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 13:11 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 13:10 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 13:10 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 13:10 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 13:10 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 13:10 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-10 16:56 - 2012-10-09 13:10 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-09 13:10 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-08 20:25 - 2011-04-25 22:17 - 00033792 __ASH C:\Users\Ay Wen\Documents\Thumbs.db
    2012-08-02 09:58 - 2012-09-30 06:48 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-30 06:48 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-08-01 23:06 - 2012-08-01 23:06 - 00049642 ____A C:\Users\Ay Wen\Documents\Copy of Daily Update Template.xlsx
    2012-08-01 09:42 - 2012-08-01 09:42 - 00001070 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2012-07-31 02:42 - 2012-09-06 05:46 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
    2012-07-31 02:42 - 2012-09-06 05:46 - 00102240 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys
    2012-07-28 07:41 - 2012-07-28 07:41 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
    2012-07-27 20:09 - 2010-10-26 10:28 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll
    2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb
    2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-07-27 18:15 - 2010-10-26 10:55 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-07-27 18:13 - 2010-10-26 10:54 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-07-27 18:10 - 2012-07-27 18:10 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-07-27 18:07 - 2009-11-10 20:53 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-07-27 17:51 - 2009-11-10 20:46 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-07-27 17:41 - 2012-07-27 17:41 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap
    2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-07-27 17:32 - 2010-10-26 09:50 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-07-27 17:25 - 2012-07-27 17:25 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-07-27 17:13 - 2012-06-11 08:25 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-07-27 17:13 - 2010-10-26 10:13 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-07-27 17:13 - 2010-10-26 10:13 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-07-27 17:13 - 2010-10-26 10:13 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-07-27 06:47 - 2012-07-27 06:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-07-27 06:47 - 2012-07-27 06:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-07-27 06:47 - 2012-07-27 06:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-07-27 06:47 - 2012-07-27 06:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-07-27 06:47 - 2012-07-27 06:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-07-27 06:46 - 2012-07-27 06:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-07-27 06:46 - 2012-07-27 06:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-07-18 10:15 - 2012-09-30 06:47 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


    ZeroAccess:
    C:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}
    C:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 4094.55 MB
    Available physical RAM: 3432.31 MB
    Total Pagefile: 4092.7 MB
    Available Pagefile: 3442.37 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    2 Drive c: () (Fixed) (Total:70.83 GB) (Free:5.67 GB) NTFS
    3 Drive e: (Storage) (Fixed) (Total:277.74 GB) (Free:38.09 GB) NTFS
    4 Drive f: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    5 Drive g: (WEN) (Fixed) (Total:931.29 GB) (Free:64.05 GB) FAT32
    6 Drive h: (AYWEN) (Removable) (Total:3.76 GB) (Free:2.34 GB) FAT32
    7 Drive I: (HD-PNTU3) (Fixed) (Total:931.48 GB) (Free:114.14 GB) NTFS
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (Master) (Fixed) (Total:117.19 GB) (Free:16.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 931 GB 0 B
    Disk 2 Online 3854 MB 0 B
    Disk 3 Online 931 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 117 GB 31 KB
    Partition 2 Primary 70 GB 117 GB
    Partition 3 Primary 277 GB 188 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y Master NTFS Partition 117 GB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 70 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Storage NTFS Partition 277 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 1024 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G WEN FAT32 Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3853 MB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H AYWEN FAT32 Removable 3853 MB Healthy

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 931 GB 32 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I HD-PNTU3 NTFS Partition 931 GB Healthy

    =========================================================

    Last Boot: 2012-10-05 16:26

    ==================== End Of Log =============================
     
  14. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Farbar Recovery Scan Tool (x64) Version: 14-10-2012
    Ran by SYSTEM at 2012-10-15 07:05:11
    Running from H:\
    ================== Search: "services.exe" ===================
    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    ====== End Of Search ======
     
  15. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    =================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  16. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-10-2012
    Ran by SYSTEM at 2012-10-15 21:56:18 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{025ec67b-a2b9-f96a-b77e-e61b593f142b} moved successfully.

    An error occurred while attempting to delete the specified data element.
    Element not found.

    ==== End of Fixlog ====
     
  17. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    22:01:26.0659 3684 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    22:01:27.0199 3684 ============================================================
    22:01:27.0199 3684 Current date / time: 2012/10/15 22:01:27.0199
    22:01:27.0199 3684 SystemInfo:
    22:01:27.0199 3684
    22:01:27.0199 3684 OS Version: 6.1.7601 ServicePack: 1.0
    22:01:27.0199 3684 Product type: Workstation
    22:01:27.0199 3684 ComputerName: AYWEN-PC
    22:01:27.0199 3684 UserName: Ay Wen
    22:01:27.0199 3684 Windows directory: C:\Windows
    22:01:27.0199 3684 System windows directory: C:\Windows
    22:01:27.0199 3684 Running under WOW64
    22:01:27.0199 3684 Processor architecture: Intel x64
    22:01:27.0199 3684 Number of processors: 2
    22:01:27.0199 3684 Page size: 0x1000
    22:01:27.0199 3684 Boot type: Normal boot
    22:01:27.0199 3684 ============================================================
    22:01:29.0460 3684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:01:29.0460 3684 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:01:29.0491 3684 Drive \Device\Harddisk2\DR2 - Size: 0xF0E00000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:01:29.0491 3684 Drive \Device\Harddisk3\DR3 - Size: 0xE8DEFB6000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:01:29.0507 3684 ============================================================
    22:01:29.0507 3684 \Device\Harddisk0\DR0:
    22:01:29.0507 3684 MBR partitions:
    22:01:29.0507 3684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
    22:01:29.0507 3684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60942, BlocksNum 0x8DA7E9E
    22:01:29.0507 3684 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x178087E0, BlocksNum 0x22B7C461
    22:01:29.0507 3684 \Device\Harddisk1\DR1:
    22:01:29.0507 3684 MBR partitions:
    22:01:29.0507 3684 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x747065B0
    22:01:29.0507 3684 \Device\Harddisk2\DR2:
    22:01:29.0507 3684 MBR partitions:
    22:01:29.0507 3684 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x786FC1
    22:01:29.0507 3684 \Device\Harddisk3\DR3:
    22:01:29.0507 3684 MBR partitions:
    22:01:29.0507 3684 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0x746F7D40
    22:01:29.0507 3684 ============================================================
    22:01:29.0554 3684 C: <-> \Device\Harddisk0\DR0\Partition2
    22:01:29.0569 3684 D: <-> \Device\Harddisk0\DR0\Partition1
    22:01:29.0601 3684 E: <-> \Device\Harddisk0\DR0\Partition3
    22:01:29.0601 3684 J: <-> \Device\Harddisk1\DR1\Partition1
    22:01:30.0006 3684 G: <-> \Device\Harddisk3\DR3\Partition1
    22:01:30.0006 3684 ============================================================
    22:01:30.0006 3684 Initialize success
    22:01:30.0006 3684 ============================================================
    22:02:39.0431 4008 ============================================================
    22:02:39.0431 4008 Scan started
    22:02:39.0431 4008 Mode: Manual;
    22:02:39.0431 4008 ============================================================
    22:02:40.0772 4008 ================ Scan system memory ========================
    22:02:40.0772 4008 System memory - ok
    22:02:40.0772 4008 ================ Scan services =============================
    22:02:40.0928 4008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:02:40.0928 4008 1394ohci - ok
    22:02:40.0944 4008 32972063 - ok
    22:02:40.0991 4008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:02:40.0991 4008 ACPI - ok
    22:02:41.0022 4008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:02:41.0037 4008 AcpiPmi - ok
    22:02:41.0115 4008 [ 2582060D70153B4AB12FF226B6ED7146 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    22:02:41.0147 4008 AcrSch2Svc - ok
    22:02:41.0240 4008 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:02:41.0240 4008 AdobeFlashPlayerUpdateSvc - ok
    22:02:41.0271 4008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:02:41.0287 4008 adp94xx - ok
    22:02:41.0318 4008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:02:41.0318 4008 adpahci - ok
    22:02:41.0334 4008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:02:41.0349 4008 adpu320 - ok
    22:02:41.0381 4008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:02:41.0381 4008 AeLookupSvc - ok
    22:02:41.0412 4008 [ 3426A6EAA09077F3AB946FB9CEB85D8E ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
    22:02:41.0427 4008 afcdp - ok
    22:02:41.0490 4008 [ 986A134B1A1770599B7AF9354CBB066F ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    22:02:41.0537 4008 afcdpsrv - ok
    22:02:41.0568 4008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:02:41.0583 4008 AFD - ok
    22:02:41.0630 4008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:02:41.0646 4008 agp440 - ok
    22:02:41.0661 4008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:02:41.0677 4008 ALG - ok
    22:02:41.0693 4008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:02:41.0693 4008 aliide - ok
    22:02:41.0724 4008 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    22:02:41.0724 4008 AMD External Events Utility - ok
    22:02:41.0739 4008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:02:41.0755 4008 amdide - ok
    22:02:41.0771 4008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:02:41.0771 4008 AmdK8 - ok
    22:02:41.0973 4008 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    22:02:42.0124 4008 amdkmdag - ok
    22:02:42.0164 4008 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    22:02:42.0164 4008 amdkmdap - ok
    22:02:42.0194 4008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:02:42.0194 4008 AmdPPM - ok
    22:02:42.0224 4008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:02:42.0234 4008 amdsata - ok
    22:02:42.0254 4008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:02:42.0264 4008 amdsbs - ok
    22:02:42.0274 4008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:02:42.0274 4008 amdxata - ok
    22:02:42.0314 4008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:02:42.0314 4008 AppID - ok
    22:02:42.0324 4008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:02:42.0324 4008 AppIDSvc - ok
    22:02:42.0364 4008 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:02:42.0364 4008 Appinfo - ok
    22:02:42.0414 4008 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:02:42.0434 4008 Apple Mobile Device - ok
    22:02:42.0474 4008 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    22:02:42.0474 4008 AppMgmt - ok
    22:02:42.0494 4008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:02:42.0504 4008 arc - ok
    22:02:42.0524 4008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:02:42.0524 4008 arcsas - ok
    22:02:42.0544 4008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:02:42.0544 4008 AsyncMac - ok
    22:02:42.0574 4008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:02:42.0574 4008 atapi - ok
    22:02:42.0614 4008 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    22:02:42.0614 4008 AtiHDAudioService - ok
    22:02:42.0644 4008 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    22:02:42.0654 4008 AtiHdmiService - ok
    22:02:42.0824 4008 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    22:02:42.0894 4008 atikmdag - ok
    22:02:42.0964 4008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:02:42.0974 4008 AudioEndpointBuilder - ok
    22:02:42.0984 4008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:02:42.0984 4008 AudioSrv - ok
    22:02:43.0024 4008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:02:43.0024 4008 AxInstSV - ok
    22:02:43.0054 4008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:02:43.0054 4008 b06bdrv - ok
    22:02:43.0074 4008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:02:43.0084 4008 b57nd60a - ok
    22:02:43.0124 4008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:02:43.0124 4008 BDESVC - ok
    22:02:43.0144 4008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:02:43.0144 4008 Beep - ok
    22:02:43.0154 4008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:02:43.0174 4008 blbdrive - ok
    22:02:43.0224 4008 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    22:02:43.0234 4008 Bonjour Service - ok
    22:02:43.0264 4008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:02:43.0274 4008 bowser - ok
    22:02:43.0304 4008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:02:43.0314 4008 BrFiltLo - ok
    22:02:43.0344 4008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:02:43.0354 4008 BrFiltUp - ok
    22:02:43.0404 4008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:02:43.0414 4008 Browser - ok
    22:02:43.0454 4008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:02:43.0484 4008 Brserid - ok
    22:02:43.0514 4008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:02:43.0524 4008 BrSerWdm - ok
    22:02:43.0544 4008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:02:43.0554 4008 BrUsbMdm - ok
    22:02:43.0564 4008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:02:43.0594 4008 BrUsbSer - ok
    22:02:43.0604 4008 BT - ok
    22:02:43.0614 4008 BTCFilterService - ok
    22:02:43.0624 4008 Btcsrusb - ok
    22:02:43.0684 4008 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    22:02:43.0694 4008 BthEnum - ok
    22:02:43.0734 4008 [ 88B11D73CC023274E590FBC3565AE519 ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys
    22:02:43.0754 4008 BtHidBus - ok
    22:02:43.0774 4008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:02:43.0784 4008 BTHMODEM - ok
    22:02:43.0824 4008 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    22:02:43.0864 4008 BthPan - ok
    22:02:44.0034 4008 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    22:02:44.0194 4008 BTHPORT - ok
    22:02:44.0254 4008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:02:44.0254 4008 bthserv - ok
    22:02:44.0294 4008 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    22:02:44.0304 4008 BTHUSB - ok
    22:02:44.0354 4008 [ 2E5A2233303800C7C2E9999FC6BF9B27 ] btiaa2dp C:\Windows\system32\drivers\btiaa2dp.sys
    22:02:44.0384 4008 btiaa2dp - ok
    22:02:44.0414 4008 [ A0DD67F9683E6E533DD5E49059E42359 ] BTiAPan C:\Windows\system32\DRIVERS\btiapan.sys
    22:02:44.0414 4008 BTiAPan - ok
    22:02:44.0494 4008 [ BABAB04A469845C1A3E7ED4F28B7E654 ] btiarcp C:\Windows\system32\DRIVERS\btiarcp.sys
    22:02:44.0494 4008 btiarcp - ok
    22:02:44.0544 4008 [ BF43AA9EA27EC82F37938A52DDAEF53B ] btiaspp C:\Windows\system32\DRIVERS\btiaspp.sys
    22:02:44.0544 4008 btiaspp - ok
    22:02:44.0604 4008 [ 6DB8264C3E751648BF69D1D23FCE8B10 ] BTIAUSB C:\Windows\system32\DRIVERS\btiausb.sys
    22:02:44.0604 4008 BTIAUSB - ok
    22:02:44.0654 4008 [ 23EF863DF7E0B3185B60EC71C2B291A7 ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
    22:02:44.0684 4008 btnetBUs - ok
    22:02:44.0754 4008 [ D9C0214AA868A8CC8B39815E8E12E3D8 ] BTPROT C:\Windows\system32\DRIVERS\btprot.sys
    22:02:44.0764 4008 BTPROT - ok
    22:02:44.0794 4008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:02:44.0794 4008 cdfs - ok
    22:02:44.0844 4008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:02:44.0844 4008 cdrom - ok
    22:02:44.0884 4008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:02:44.0894 4008 CertPropSvc - ok
    22:02:44.0924 4008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:02:44.0944 4008 circlass - ok
    22:02:44.0994 4008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:02:45.0024 4008 CLFS - ok
    22:02:45.0114 4008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:02:45.0154 4008 clr_optimization_v2.0.50727_32 - ok
    22:02:45.0224 4008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:02:45.0234 4008 clr_optimization_v2.0.50727_64 - ok
    22:02:45.0424 4008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:02:45.0694 4008 clr_optimization_v4.0.30319_32 - ok
    22:02:45.0824 4008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:02:45.0964 4008 clr_optimization_v4.0.30319_64 - ok
    22:02:45.0994 4008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:02:46.0014 4008 CmBatt - ok
    22:02:46.0054 4008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:02:46.0064 4008 cmdide - ok
    22:02:46.0124 4008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:02:46.0134 4008 CNG - ok
    22:02:46.0154 4008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:02:46.0164 4008 Compbatt - ok
    22:02:46.0204 4008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:02:46.0204 4008 CompositeBus - ok
    22:02:46.0214 4008 COMSysApp - ok
    22:02:46.0244 4008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:02:46.0254 4008 crcdisk - ok
    22:02:46.0314 4008 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:02:46.0354 4008 CryptSvc - ok
    22:02:46.0424 4008 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    22:02:46.0434 4008 CSC - ok
    22:02:46.0514 4008 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    22:02:46.0524 4008 CscService - ok
    22:02:46.0574 4008 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    22:02:46.0574 4008 ctxusbm - ok
    22:02:46.0644 4008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:02:46.0654 4008 DcomLaunch - ok
    22:02:46.0714 4008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:02:46.0734 4008 defragsvc - ok
    22:02:46.0784 4008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:02:46.0784 4008 DfsC - ok
    22:02:46.0824 4008 [ DEF365F0F6E017888C4B869D3BA4B8E0 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
    22:02:46.0834 4008 dgderdrv - ok
    22:02:46.0874 4008 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    22:02:47.0044 4008 dg_ssudbus - ok
    22:02:47.0074 4008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:02:47.0074 4008 Dhcp - ok
    22:02:47.0114 4008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:02:47.0114 4008 discache - ok
    22:02:47.0134 4008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:02:47.0134 4008 Disk - ok
    22:02:47.0164 4008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:02:47.0174 4008 Dnscache - ok
    22:02:47.0204 4008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:02:47.0214 4008 dot3svc - ok
    22:02:47.0244 4008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:02:47.0254 4008 DPS - ok
    22:02:47.0274 4008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:02:47.0284 4008 drmkaud - ok
    22:02:47.0324 4008 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    22:02:47.0324 4008 dtsoftbus01 - ok
    22:02:47.0374 4008 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:02:47.0384 4008 DXGKrnl - ok
    22:02:47.0434 4008 [ C062A2B158ED9C643D24F8E33A607C9F ] D_Link_DWA-140_WPS C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
    22:02:47.0434 4008 D_Link_DWA-140_WPS - ok
    22:02:47.0484 4008 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
    22:02:47.0504 4008 eamonm - ok
    22:02:47.0534 4008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:02:47.0534 4008 EapHost - ok
    22:02:47.0574 4008 [ 1E8D0E318D3F17B2EAAF993DB20C76F0 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
    22:02:47.0574 4008 easytether - ok
    22:02:47.0644 4008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:02:47.0714 4008 ebdrv - ok
    22:02:47.0774 4008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:02:47.0804 4008 EFS - ok
    22:02:47.0854 4008 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
    22:02:47.0864 4008 ehdrv - ok
    22:02:47.0954 4008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:02:47.0994 4008 ehRecvr - ok
    22:02:48.0034 4008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:02:48.0074 4008 ehSched - ok
    22:02:48.0284 4008 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    22:02:48.0284 4008 ekrn - ok
    22:02:48.0354 4008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:02:48.0364 4008 elxstor - ok
    22:02:48.0434 4008 [ 587F0F4145A1536A6E37EFD769B7665F ] epfw C:\Windows\system32\DRIVERS\epfw.sys
    22:02:48.0464 4008 epfw - ok
    22:02:48.0514 4008 [ D2F812358EE8EE23CBB5C4DAFFB5B819 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
    22:02:48.0524 4008 EpfwLWF - ok
    22:02:48.0574 4008 [ 66E61BC6C9F519A99275EB0F0E530BF4 ] Epfwndis C:\Windows\system32\DRIVERS\Epfwndis.sys
    22:02:48.0574 4008 Epfwndis - ok
    22:02:48.0624 4008 [ 34BF55D69AB74D14C7E7A17259CB7DF8 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
    22:02:48.0654 4008 epfwwfp - ok
    22:02:48.0684 4008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:02:48.0724 4008 ErrDev - ok
    22:02:48.0794 4008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:02:48.0794 4008 EventSystem - ok
    22:02:48.0834 4008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:02:48.0864 4008 exfat - ok
    22:02:48.0874 4008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:02:48.0884 4008 fastfat - ok
    22:02:48.0934 4008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:02:48.0954 4008 Fax - ok
    22:02:48.0974 4008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:02:48.0984 4008 fdc - ok
    22:02:48.0994 4008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:02:49.0034 4008 fdPHost - ok
    22:02:49.0054 4008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:02:49.0064 4008 FDResPub - ok
    22:02:49.0084 4008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:02:49.0084 4008 FileInfo - ok
    22:02:49.0104 4008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:02:49.0134 4008 Filetrace - ok
    22:02:49.0154 4008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:02:49.0154 4008 flpydisk - ok
    22:02:49.0194 4008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:02:49.0204 4008 FltMgr - ok
    22:02:49.0254 4008 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:02:49.0274 4008 FontCache - ok
    22:02:49.0344 4008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:02:49.0344 4008 FontCache3.0.0.0 - ok
    22:02:49.0364 4008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:02:49.0364 4008 FsDepends - ok
    22:02:49.0404 4008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:02:49.0404 4008 Fs_Rec - ok
    22:02:49.0444 4008 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:02:49.0454 4008 fvevol - ok
    22:02:49.0464 4008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:02:49.0464 4008 gagp30kx - ok
    22:02:49.0504 4008 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:02:49.0514 4008 GEARAspiWDM - ok
    22:02:49.0544 4008 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
    22:02:49.0544 4008 ggflt - ok
    22:02:49.0574 4008 GGSAFERDriver - ok
    22:02:49.0604 4008 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
    22:02:49.0614 4008 ggsemc - ok
    22:02:49.0654 4008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:02:49.0674 4008 gpsvc - ok
    22:02:49.0694 4008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:02:49.0694 4008 hcw85cir - ok
    22:02:49.0734 4008 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:02:49.0754 4008 HdAudAddService - ok
    22:02:49.0784 4008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    22:02:49.0784 4008 HDAudBus - ok
    22:02:49.0804 4008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:02:49.0814 4008 HidBatt - ok
    22:02:49.0834 4008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:02:49.0834 4008 HidBth - ok
    22:02:49.0844 4008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:02:49.0854 4008 HidIr - ok
    22:02:49.0884 4008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:02:49.0894 4008 hidserv - ok
    22:02:49.0914 4008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:02:49.0934 4008 HidUsb - ok
    22:02:49.0984 4008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:02:49.0994 4008 hkmsvc - ok
    22:02:50.0024 4008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:02:50.0024 4008 HomeGroupListener - ok
    22:02:50.0084 4008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:02:50.0104 4008 HomeGroupProvider - ok
    22:02:50.0134 4008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:02:50.0154 4008 HpSAMD - ok
    22:02:50.0214 4008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:02:50.0234 4008 HTTP - ok
    22:02:50.0264 4008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:02:50.0274 4008 hwpolicy - ok
    22:02:50.0304 4008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:02:50.0324 4008 i8042prt - ok
    22:02:50.0374 4008 [ 8287222C98DB780A5B6107A6AC7DB0EA ] iAnywhere_btAudio C:\Windows\system32\drivers\btiasco.sys
    22:02:50.0374 4008 iAnywhere_btAudio - ok
    22:02:50.0404 4008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:02:50.0434 4008 iaStorV - ok
    22:02:50.0474 4008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:02:50.0484 4008 idsvc - ok
    22:02:50.0524 4008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:02:50.0534 4008 iirsp - ok
    22:02:50.0604 4008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:02:50.0624 4008 IKEEXT - ok
    22:02:50.0764 4008 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:02:50.0784 4008 IntcAzAudAddService - ok
    22:02:50.0804 4008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:02:50.0824 4008 intelide - ok
    22:02:50.0834 4008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:02:50.0834 4008 intelppm - ok
    22:02:50.0884 4008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:02:50.0914 4008 IPBusEnum - ok
    22:02:50.0974 4008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:02:50.0994 4008 IpFilterDriver - ok
    22:02:51.0024 4008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:02:51.0034 4008 IPMIDRV - ok
    22:02:51.0054 4008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:02:51.0084 4008 IPNAT - ok
    22:02:51.0184 4008 [ B7CB0B121962CD89F98C0DD89331B0C0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:02:51.0194 4008 iPod Service - ok
    22:02:51.0214 4008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:02:51.0234 4008 IRENUM - ok
    22:02:51.0244 4008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:02:51.0254 4008 isapnp - ok
    22:02:51.0304 4008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:02:51.0324 4008 iScsiPrt - ok
    22:02:51.0354 4008 [ 70EBDA3ED637B0212450C5542EDD11A7 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys
    22:02:51.0364 4008 IvtBtBUs - ok
    22:02:51.0384 4008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:02:51.0384 4008 kbdclass - ok
    22:02:51.0424 4008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:02:51.0424 4008 kbdhid - ok
    22:02:51.0434 4008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:02:51.0434 4008 KeyIso - ok
    22:02:51.0464 4008 [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
    22:02:51.0474 4008 KMWDFILTER - ok
    22:02:51.0504 4008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:02:51.0504 4008 KSecDD - ok
    22:02:51.0544 4008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:02:51.0544 4008 KSecPkg - ok
    22:02:51.0564 4008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:02:51.0564 4008 ksthunk - ok
    22:02:51.0604 4008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:02:51.0634 4008 KtmRm - ok
    22:02:51.0664 4008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:02:51.0674 4008 LanmanServer - ok
    22:02:51.0704 4008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:02:51.0724 4008 LanmanWorkstation - ok
    22:02:51.0754 4008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:02:51.0754 4008 lltdio - ok
    22:02:51.0784 4008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:02:51.0794 4008 lltdsvc - ok
    22:02:51.0814 4008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:02:51.0824 4008 lmhosts - ok
    22:02:51.0844 4008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:02:51.0854 4008 LSI_FC - ok
    22:02:51.0874 4008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:02:51.0874 4008 LSI_SAS - ok
    22:02:51.0904 4008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:02:51.0904 4008 LSI_SAS2 - ok
    22:02:51.0914 4008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:02:51.0924 4008 LSI_SCSI - ok
    22:02:51.0934 4008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:02:51.0934 4008 luafv - ok
    22:02:51.0974 4008 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    22:02:51.0984 4008 MBAMProtector - ok
    22:02:52.0044 4008 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
     
  18. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    22:02:52.0044 4008 MBAMScheduler - ok
    22:02:52.0074 4008 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:02:52.0094 4008 MBAMService - ok
    22:02:52.0124 4008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:02:52.0134 4008 Mcx2Svc - ok
    22:02:52.0144 4008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:02:52.0144 4008 megasas - ok
    22:02:52.0164 4008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:02:52.0174 4008 MegaSR - ok
    22:02:52.0194 4008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:02:52.0194 4008 MMCSS - ok
    22:02:52.0214 4008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:02:52.0214 4008 Modem - ok
    22:02:52.0244 4008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:02:52.0244 4008 monitor - ok
    22:02:52.0284 4008 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
    22:02:52.0284 4008 motandroidusb - ok
    22:02:52.0294 4008 motccgp - ok
    22:02:52.0304 4008 motccgpfl - ok
    22:02:52.0334 4008 [ 3CC500C9B0E4D476802D277353CB2C89 ] MotDev C:\Windows\system32\DRIVERS\motodrv.sys
    22:02:52.0344 4008 MotDev - ok
    22:02:52.0374 4008 [ EB03D4164E7F10B601D280413655ADE4 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
    22:02:52.0394 4008 MotioninJoyXFilter - ok
    22:02:52.0404 4008 motmodem - ok
    22:02:52.0464 4008 [ 9DFD34E6841C460B5D992A1C5327AE69 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    22:02:52.0474 4008 MotoHelper - ok
    22:02:52.0484 4008 MotoSwitchService - ok
    22:02:52.0494 4008 Motousbnet - ok
    22:02:52.0504 4008 motusbdevice - ok
    22:02:52.0544 4008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:02:52.0544 4008 mouclass - ok
    22:02:52.0554 4008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:02:52.0564 4008 mouhid - ok
    22:02:52.0604 4008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:02:52.0604 4008 mountmgr - ok
    22:02:52.0664 4008 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:02:52.0674 4008 MozillaMaintenance - ok
    22:02:52.0704 4008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:02:52.0704 4008 mpio - ok
    22:02:52.0714 4008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:02:52.0724 4008 mpsdrv - ok
    22:02:52.0754 4008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:02:52.0754 4008 MRxDAV - ok
    22:02:52.0794 4008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:02:52.0804 4008 mrxsmb - ok
    22:02:52.0844 4008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:02:52.0864 4008 mrxsmb10 - ok
    22:02:52.0884 4008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:02:52.0884 4008 mrxsmb20 - ok
    22:02:52.0904 4008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:02:52.0904 4008 msahci - ok
    22:02:52.0934 4008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:02:52.0944 4008 msdsm - ok
    22:02:52.0964 4008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:02:52.0964 4008 MSDTC - ok
    22:02:53.0004 4008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:02:53.0004 4008 Msfs - ok
    22:02:53.0014 4008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:02:53.0024 4008 mshidkmdf - ok
    22:02:53.0044 4008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:02:53.0054 4008 msisadrv - ok
    22:02:53.0084 4008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:02:53.0104 4008 MSiSCSI - ok
    22:02:53.0104 4008 msiserver - ok
    22:02:53.0134 4008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:02:53.0134 4008 MSKSSRV - ok
    22:02:53.0144 4008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:02:53.0144 4008 MSPCLOCK - ok
    22:02:53.0164 4008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:02:53.0164 4008 MSPQM - ok
    22:02:53.0214 4008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:02:53.0214 4008 MsRPC - ok
    22:02:53.0234 4008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:02:53.0234 4008 mssmbios - ok
    22:02:53.0284 4008 MSSQL$A2006 - ok
    22:02:53.0354 4008 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    22:02:53.0364 4008 MSSQLServerADHelper - ok
    22:02:53.0374 4008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:02:53.0374 4008 MSTEE - ok
    22:02:53.0384 4008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    22:02:53.0394 4008 MTConfig - ok
    22:02:53.0414 4008 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    22:02:53.0424 4008 MTsensor - ok
    22:02:53.0444 4008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:02:53.0444 4008 Mup - ok
    22:02:53.0494 4008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:02:53.0504 4008 napagent - ok
    22:02:53.0554 4008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:02:53.0574 4008 NativeWifiP - ok
    22:02:53.0624 4008 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:02:53.0634 4008 NDIS - ok
    22:02:53.0654 4008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:02:53.0674 4008 NdisCap - ok
    22:02:53.0694 4008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:02:53.0694 4008 NdisTapi - ok
    22:02:53.0714 4008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:02:53.0724 4008 Ndisuio - ok
    22:02:53.0794 4008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:02:53.0794 4008 NdisWan - ok
    22:02:53.0834 4008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:02:53.0844 4008 NDProxy - ok
    22:02:53.0914 4008 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    22:02:53.0924 4008 Nero BackItUp Scheduler 4.0 - ok
    22:02:53.0954 4008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:02:53.0964 4008 NetBIOS - ok
    22:02:54.0084 4008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:02:54.0094 4008 NetBT - ok
    22:02:54.0104 4008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:02:54.0104 4008 Netlogon - ok
    22:02:54.0194 4008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:02:54.0194 4008 Netman - ok
    22:02:54.0224 4008 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:02:54.0264 4008 NetMsmqActivator - ok
    22:02:54.0284 4008 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:02:54.0284 4008 NetPipeActivator - ok
    22:02:54.0314 4008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:02:54.0314 4008 netprofm - ok
    22:02:54.0384 4008 [ D60945C192EC4A7C6455B11B0D7C4610 ] netr28ux C:\Windows\system32\DRIVERS\Dnetr28ux.sys
    22:02:54.0394 4008 netr28ux - ok
    22:02:54.0434 4008 [ 621559A521682A888D83DB34C6EC0BF8 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
    22:02:54.0444 4008 netr7364 - ok
    22:02:54.0464 4008 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:02:54.0464 4008 NetTcpActivator - ok
    22:02:54.0474 4008 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:02:54.0474 4008 NetTcpPortSharing - ok
    22:02:54.0494 4008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:02:54.0504 4008 nfrd960 - ok
    22:02:54.0544 4008 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:02:54.0544 4008 NlaSvc - ok
    22:02:54.0584 4008 [ FBCA3FD51604147770EB4FB53D6144A8 ] NMgamingmsFltr C:\Windows\system32\drivers\NMgamingms.sys
    22:02:54.0584 4008 NMgamingmsFltr - ok
    22:02:54.0614 4008 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\NPF.sys
    22:02:54.0614 4008 NPF - ok
    22:02:54.0624 4008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:02:54.0634 4008 Npfs - ok
    22:02:54.0664 4008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:02:54.0664 4008 nsi - ok
    22:02:54.0684 4008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:02:54.0684 4008 nsiproxy - ok
    22:02:54.0744 4008 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:02:54.0794 4008 Ntfs - ok
    22:02:54.0824 4008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:02:54.0824 4008 Null - ok
    22:02:54.0864 4008 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    22:02:54.0874 4008 NVENETFD - ok
    22:02:54.0914 4008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:02:54.0914 4008 nvraid - ok
    22:02:54.0934 4008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:02:54.0934 4008 nvstor - ok
    22:02:54.0964 4008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:02:54.0984 4008 nv_agp - ok
    22:02:55.0144 4008 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:02:55.0164 4008 odserv - ok
    22:02:55.0194 4008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:02:55.0194 4008 ohci1394 - ok
    22:02:55.0234 4008 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:02:55.0254 4008 ose - ok
    22:02:55.0294 4008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:02:55.0304 4008 p2pimsvc - ok
    22:02:55.0334 4008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:02:55.0344 4008 p2psvc - ok
    22:02:55.0364 4008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:02:55.0374 4008 Parport - ok
    22:02:55.0404 4008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:02:55.0424 4008 partmgr - ok
    22:02:55.0444 4008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:02:55.0454 4008 PcaSvc - ok
    22:02:55.0504 4008 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
    22:02:55.0514 4008 pccsmcfd - ok
    22:02:55.0534 4008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:02:55.0534 4008 pci - ok
    22:02:55.0554 4008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:02:55.0564 4008 pciide - ok
    22:02:55.0574 4008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:02:55.0584 4008 pcmcia - ok
    22:02:55.0614 4008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:02:55.0614 4008 pcw - ok
    22:02:55.0634 4008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:02:55.0644 4008 PEAUTH - ok
    22:02:55.0694 4008 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    22:02:55.0724 4008 PeerDistSvc - ok
    22:02:55.0804 4008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:02:55.0804 4008 PerfHost - ok
    22:02:55.0874 4008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:02:55.0904 4008 pla - ok
    22:02:55.0964 4008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:02:55.0974 4008 PlugPlay - ok
    22:02:55.0984 4008 PnkBstrA - ok
    22:02:56.0024 4008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:02:56.0024 4008 PNRPAutoReg - ok
    22:02:56.0044 4008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:02:56.0054 4008 PNRPsvc - ok
    22:02:56.0084 4008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:02:56.0114 4008 PolicyAgent - ok
    22:02:56.0164 4008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:02:56.0174 4008 Power - ok
    22:02:56.0214 4008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:02:56.0214 4008 PptpMiniport - ok
    22:02:56.0234 4008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:02:56.0234 4008 Processor - ok
    22:02:56.0264 4008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:02:56.0284 4008 ProfSvc - ok
    22:02:56.0314 4008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:02:56.0314 4008 ProtectedStorage - ok
    22:02:56.0354 4008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:02:56.0364 4008 Psched - ok
    22:02:56.0414 4008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:02:56.0444 4008 ql2300 - ok
    22:02:56.0464 4008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:02:56.0474 4008 ql40xx - ok
    22:02:56.0504 4008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:02:56.0504 4008 QWAVE - ok
    22:02:56.0524 4008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:02:56.0524 4008 QWAVEdrv - ok
    22:02:56.0544 4008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:02:56.0544 4008 RasAcd - ok
    22:02:56.0574 4008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:02:56.0574 4008 RasAgileVpn - ok
    22:02:56.0584 4008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:02:56.0594 4008 RasAuto - ok
    22:02:56.0634 4008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:02:56.0634 4008 Rasl2tp - ok
    22:02:56.0674 4008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:02:56.0684 4008 RasMan - ok
    22:02:56.0694 4008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:02:56.0704 4008 RasPppoe - ok
    22:02:56.0724 4008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:02:56.0724 4008 RasSstp - ok
    22:02:56.0754 4008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:02:56.0754 4008 rdbss - ok
    22:02:56.0784 4008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:02:56.0784 4008 rdpbus - ok
    22:02:56.0804 4008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:02:56.0804 4008 RDPCDD - ok
    22:02:56.0844 4008 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    22:02:56.0844 4008 RDPDR - ok
    22:02:56.0864 4008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:02:56.0874 4008 RDPENCDD - ok
    22:02:56.0884 4008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:02:56.0894 4008 RDPREFMP - ok
    22:02:56.0924 4008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:02:56.0924 4008 RDPWD - ok
    22:02:56.0964 4008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:02:56.0974 4008 rdyboost - ok
    22:02:57.0014 4008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:02:57.0024 4008 RemoteAccess - ok
    22:02:57.0044 4008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:02:57.0054 4008 RemoteRegistry - ok
    22:02:57.0084 4008 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    22:02:57.0094 4008 RFCOMM - ok
    22:02:57.0124 4008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:02:57.0124 4008 RpcEptMapper - ok
    22:02:57.0154 4008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:02:57.0164 4008 RpcLocator - ok
    22:02:57.0214 4008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:02:57.0224 4008 RpcSs - ok
    22:02:57.0244 4008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:02:57.0254 4008 rspndr - ok
    22:02:57.0284 4008 [ 5FF8AFA2D59BFDB632A3A7585495782D ] s1029bus C:\Windows\system32\DRIVERS\s1029bus.sys
    22:02:57.0304 4008 s1029bus - ok
    22:02:57.0354 4008 [ DC67A982227A99E1ECB7167A0082F296 ] s1029mdfl C:\Windows\system32\DRIVERS\s1029mdfl.sys
    22:02:57.0364 4008 s1029mdfl - ok
    22:02:57.0414 4008 [ 0E46143696A6546FAD6599C469F79CC2 ] s1029mdm C:\Windows\system32\DRIVERS\s1029mdm.sys
    22:02:57.0424 4008 s1029mdm - ok
    22:02:57.0484 4008 [ 02C903CC866B01E8B858AE89D3A5AC41 ] s1029mgmt C:\Windows\system32\DRIVERS\s1029mgmt.sys
    22:02:57.0494 4008 s1029mgmt - ok
    22:02:57.0504 4008 [ A7672B769028792D5B362EF39AC4B249 ] s1029nd5 C:\Windows\system32\DRIVERS\s1029nd5.sys
    22:02:57.0504 4008 s1029nd5 - ok
    22:02:57.0524 4008 [ D0F7A8BF65068957EFD243C5761ACA3A ] s1029obex C:\Windows\system32\DRIVERS\s1029obex.sys
    22:02:57.0534 4008 s1029obex - ok
    22:02:57.0544 4008 [ 08A8AB3CB4876AAFDEFAE485320FFAC3 ] s1029unic C:\Windows\system32\DRIVERS\s1029unic.sys
    22:02:57.0554 4008 s1029unic - ok
    22:02:57.0584 4008 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    22:02:57.0584 4008 s3cap - ok
    22:02:57.0604 4008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:02:57.0604 4008 SamSs - ok
    22:02:57.0634 4008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:02:57.0644 4008 sbp2port - ok
    22:02:57.0684 4008 SBRE - ok
    22:02:57.0714 4008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:02:57.0714 4008 SCardSvr - ok
    22:02:57.0754 4008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:02:57.0764 4008 scfilter - ok
    22:02:57.0814 4008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:02:57.0824 4008 Schedule - ok
    22:02:57.0864 4008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:02:57.0864 4008 SCPolicySvc - ok
    22:02:57.0914 4008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:02:57.0914 4008 SDRSVC - ok
    22:02:57.0944 4008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:02:57.0954 4008 secdrv - ok
    22:02:57.0984 4008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:02:57.0994 4008 seclogon - ok
    22:02:58.0004 4008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:02:58.0004 4008 SENS - ok
    22:02:58.0024 4008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:02:58.0054 4008 SensrSvc - ok
    22:02:58.0074 4008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:02:58.0074 4008 Serenum - ok
    22:02:58.0084 4008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:02:58.0084 4008 Serial - ok
    22:02:58.0104 4008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:02:58.0104 4008 sermouse - ok
    22:02:58.0164 4008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:02:58.0164 4008 SessionEnv - ok
    22:02:58.0204 4008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:02:58.0204 4008 sffdisk - ok
    22:02:58.0214 4008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:02:58.0224 4008 sffp_mmc - ok
    22:02:58.0234 4008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:02:58.0244 4008 sffp_sd - ok
    22:02:58.0254 4008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:02:58.0264 4008 sfloppy - ok
    22:02:58.0314 4008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:02:58.0324 4008 ShellHWDetection - ok
    22:02:58.0334 4008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:02:58.0344 4008 SiSRaid2 - ok
    22:02:58.0354 4008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:02:58.0354 4008 SiSRaid4 - ok
    22:02:58.0364 4008 Sllpsvdr - ok
    22:02:58.0384 4008 Slp1kdr - ok
    22:02:58.0404 4008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:02:58.0404 4008 Smb - ok
    22:02:58.0454 4008 [ 446EB38CE4A6D040F548B2F547CA96FF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
    22:02:58.0454 4008 snapman - ok
    22:02:58.0484 4008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:02:58.0484 4008 SNMPTRAP - ok
    22:02:58.0504 4008 SolidWorks Licensing Service - ok
    22:02:58.0574 4008 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
    22:02:58.0594 4008 Sony PC Companion - ok
    22:02:58.0604 4008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:02:58.0614 4008 spldr - ok
    22:02:58.0654 4008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:02:58.0664 4008 Spooler - ok
    22:02:58.0784 4008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:02:58.0864 4008 sppsvc - ok
    22:02:58.0924 4008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:02:58.0974 4008 sppuinotify - ok
    22:02:59.0044 4008 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
    22:02:59.0054 4008 sptd - ok
    22:02:59.0094 4008 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    22:02:59.0104 4008 SQLBrowser - ok
    22:02:59.0184 4008 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    22:02:59.0234 4008 SQLWriter - ok
    22:02:59.0344 4008 [ 4C47882059A2FD44D9AD0DEC573CF2C5 ] SRS_PremiumSound_Service C:\Windows\system32\drivers\DSAPGX114_64pmo.sys
    22:02:59.0454 4008 SRS_PremiumSound_Service - ok
    22:02:59.0524 4008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:02:59.0534 4008 srv - ok
    22:02:59.0634 4008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:02:59.0664 4008 srv2 - ok
    22:02:59.0694 4008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:02:59.0704 4008 srvnet - ok
    22:02:59.0744 4008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:02:59.0754 4008 SSDPSRV - ok
    22:02:59.0774 4008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:02:59.0774 4008 SstpSvc - ok
    22:02:59.0814 4008 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    22:02:59.0854 4008 ssudmdm - ok
    22:02:59.0874 4008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:02:59.0874 4008 stexstor - ok
    22:02:59.0924 4008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:02:59.0934 4008 stisvc - ok
    22:02:59.0974 4008 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    22:02:59.0994 4008 storflt - ok
    22:03:00.0024 4008 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    22:03:00.0034 4008 StorSvc - ok
    22:03:00.0064 4008 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    22:03:00.0064 4008 storvsc - ok
    22:03:00.0094 4008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:03:00.0104 4008 swenum - ok
    22:03:00.0134 4008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:03:00.0144 4008 swprv - ok
    22:03:00.0204 4008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:03:00.0244 4008 SysMain - ok
    22:03:00.0284 4008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:03:00.0294 4008 TabletInputService - ok
    22:03:00.0344 4008 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
    22:03:00.0384 4008 tap0901 - ok
    22:03:00.0414 4008 [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
    22:03:00.0434 4008 taphss - ok
    22:03:00.0504 4008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:03:00.0514 4008 TapiSrv - ok
    22:03:00.0574 4008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:03:00.0574 4008 TBS - ok
    22:03:00.0614 4008 tcphoc - ok
    22:03:00.0724 4008 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:03:00.0744 4008 Tcpip - ok
    22:03:00.0814 4008 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:03:00.0834 4008 TCPIP6 - ok
    22:03:00.0984 4008 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:03:00.0984 4008 tcpipreg - ok
    22:03:01.0064 4008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:03:01.0064 4008 TDPIPE - ok
    22:03:01.0164 4008 [ DF9179B7BDF0C5B71F9C3D93C016BAE5 ] tdrpman251 C:\Windows\system32\DRIVERS\tdrpm251.sys
    22:03:01.0194 4008 tdrpman251 - ok
    22:03:01.0254 4008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:03:01.0264 4008 TDTCP - ok
    22:03:01.0344 4008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:03:01.0344 4008 tdx - ok
    22:03:01.0404 4008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:03:01.0424 4008 TermDD - ok
    22:03:01.0524 4008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:03:01.0554 4008 TermService - ok
    22:03:01.0594 4008 [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
    22:03:01.0684 4008 TFsExDisk - ok
    22:03:01.0724 4008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:03:01.0724 4008 Themes - ok
    22:03:01.0764 4008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:03:01.0764 4008 THREADORDER - ok
    22:03:01.0814 4008 [ F7546EAD58CC3000AC02CF9529B9934E ] timounter C:\Windows\system32\DRIVERS\timntr.sys
    22:03:01.0864 4008 timounter - ok
    22:03:01.0884 4008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:03:01.0894 4008 TrkWks - ok
    22:03:01.0954 4008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:03:01.0954 4008 TrustedInstaller - ok
    22:03:02.0004 4008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:03:02.0004 4008 tssecsrv - ok
    22:03:02.0054 4008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:03:02.0124 4008 TsUsbFlt - ok
    22:03:02.0224 4008 [ 7952032BBC51AEADB0C9A4BB79D79DF5 ] TuneUp.UtilitiesSvc D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    22:03:02.0274 4008 TuneUp.UtilitiesSvc - ok
    22:03:02.0354 4008 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
    22:03:02.0354 4008 TuneUpUtilitiesDrv - ok
    22:03:02.0404 4008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:03:02.0414 4008 tunnel - ok
    22:03:02.0484 4008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:03:02.0494 4008 uagp35 - ok
    22:03:02.0614 4008 [ C49ADF4FDCC2C1493197B2DF528C9485 ] uagqecsvc C:\Users\Ay Wen\Forefront UAG Remote Access Agent\uagwesterndigital-asianet\https1\uagqecsvc.exe
    22:03:02.0664 4008 uagqecsvc - ok
    22:03:02.0704 4008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:03:02.0714 4008 udfs - ok
    22:03:02.0784 4008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:03:02.0834 4008 UI0Detect - ok
    22:03:02.0874 4008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:03:02.0874 4008 uliagpkx - ok
    22:03:02.0944 4008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    22:03:02.0984 4008 umbus - ok
    22:03:03.0044 4008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:03:03.0064 4008 UmPass - ok
    22:03:03.0154 4008 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    22:03:03.0164 4008 UmRdpService - ok
    22:03:03.0224 4008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:03:03.0274 4008 upnphost - ok
    22:03:03.0314 4008 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    22:03:03.0314 4008 USBAAPL64 - ok
    22:03:03.0344 4008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:03:03.0364 4008 usbccgp - ok
    22:03:03.0404 4008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:03:03.0414 4008 usbcir - ok
    22:03:03.0434 4008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    22:03:03.0454 4008 usbehci - ok
    22:03:03.0484 4008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:03:03.0494 4008 usbhub - ok
    22:03:03.0514 4008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    22:03:03.0524 4008 usbohci - ok
    22:03:03.0534 4008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:03:03.0534 4008 usbprint - ok
    22:03:03.0574 4008 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    22:03:03.0584 4008 usbscan - ok
    22:03:03.0624 4008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:03:03.0644 4008 USBSTOR - ok
    22:03:03.0694 4008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:03:03.0714 4008 usbuhci - ok
    22:03:03.0734 4008 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    22:03:03.0744 4008 usbvideo - ok
    22:03:03.0764 4008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:03:03.0784 4008 UxSms - ok
    22:03:03.0804 4008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:03:03.0804 4008 VaultSvc - ok
    22:03:03.0814 4008 VComm - ok
    22:03:03.0834 4008 VcommMgr - ok
    22:03:03.0854 4008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:03:03.0874 4008 vdrvroot - ok
    22:03:03.0924 4008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:03:03.0964 4008 vds - ok
    22:03:04.0014 4008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:03:04.0014 4008 vga - ok
    22:03:04.0054 4008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:03:04.0064 4008 VgaSave - ok
    22:03:04.0074 4008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:03:04.0084 4008 vhdmp - ok
    22:03:04.0094 4008 VHidMinidrv - ok
    22:03:04.0134 4008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:03:04.0134 4008 viaide - ok
    22:03:04.0154 4008 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    22:03:04.0174 4008 vmbus - ok
    22:03:04.0194 4008 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    22:03:04.0194 4008 VMBusHID - ok
    22:03:04.0214 4008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:03:04.0224 4008 volmgr - ok
    22:03:04.0254 4008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:03:04.0264 4008 volmgrx - ok
    22:03:04.0284 4008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:03:04.0294 4008 volsnap - ok
    22:03:04.0324 4008 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
    22:03:04.0334 4008 vpcbus - ok
    22:03:04.0374 4008 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
    22:03:04.0374 4008 vpcnfltr - ok
    22:03:04.0404 4008 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
    22:03:04.0414 4008 vpcusb - ok
    22:03:04.0454 4008 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
    22:03:04.0454 4008 vpcvmm - ok
    22:03:04.0464 4008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:03:04.0474 4008 vsmraid - ok
    22:03:04.0534 4008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:03:04.0564 4008 VSS - ok
    22:03:04.0594 4008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:03:04.0614 4008 vwifibus - ok
    22:03:04.0644 4008 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:03:04.0644 4008 vwififlt - ok
    22:03:04.0654 4008 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    22:03:04.0654 4008 vwifimp - ok
    22:03:04.0704 4008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:03:04.0704 4008 W32Time - ok
    22:03:04.0734 4008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:03:04.0734 4008 WacomPen - ok
    22:03:04.0754 4008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:03:04.0754 4008 WANARP - ok
    22:03:04.0764 4008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:03:04.0774 4008 Wanarpv6 - ok
    22:03:04.0834 4008 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:03:04.0874 4008 WatAdminSvc - ok
    22:03:04.0944 4008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:03:05.0004 4008 wbengine - ok
    22:03:05.0054 4008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:03:05.0074 4008 WbioSrvc - ok
    22:03:05.0114 4008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:03:05.0164 4008 wcncsvc - ok
    22:03:05.0194 4008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:03:05.0194 4008 WcsPlugInService - ok
    22:03:05.0214 4008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:03:05.0214 4008 Wd - ok
    22:03:05.0254 4008 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    22:03:05.0254 4008 WDC_SAM - ok
    22:03:05.0284 4008 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:03:05.0294 4008 Wdf01000 - ok
    22:03:05.0314 4008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:03:05.0314 4008 WdiServiceHost - ok
    22:03:05.0334 4008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:03:05.0334 4008 WdiSystemHost - ok
    22:03:05.0374 4008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:03:05.0384 4008 WebClient - ok
    22:03:05.0394 4008 websafe - ok
    22:03:05.0414 4008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:03:05.0414 4008 Wecsvc - ok
    22:03:05.0434 4008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:03:05.0434 4008 wercplsupport - ok
    22:03:05.0454 4008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:03:05.0464 4008 WerSvc - ok
    22:03:05.0474 4008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:03:05.0474 4008 WfpLwf - ok
    22:03:05.0494 4008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:03:05.0494 4008 WIMMount - ok
    22:03:05.0504 4008 WinHttpAutoProxySvc - ok
    22:03:05.0564 4008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:03:05.0564 4008 Winmgmt - ok
    22:03:05.0634 4008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:03:05.0674 4008 WinRM - ok
    22:03:05.0734 4008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    22:03:05.0734 4008 WinUsb - ok
    22:03:05.0764 4008 winvnc - ok
    22:03:05.0814 4008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:03:05.0824 4008 Wlansvc - ok
    22:03:06.0134 4008 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:03:06.0164 4008 wlidsvc - ok
    22:03:06.0214 4008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:03:06.0214 4008 WmiAcpi - ok
    22:03:06.0254 4008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:03:06.0254 4008 wmiApSrv - ok
    22:03:06.0284 4008 WMPNetworkSvc - ok
    22:03:06.0294 4008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:03:06.0304 4008 WPCSvc - ok
    22:03:06.0334 4008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:03:06.0334 4008 WPDBusEnum - ok
    22:03:06.0374 4008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:03:06.0374 4008 ws2ifsl - ok
    22:03:06.0384 4008 WSearch - ok
    22:03:06.0434 4008 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:03:06.0434 4008 WudfPf - ok
    22:03:06.0444 4008 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:03:06.0454 4008 WUDFRd - ok
    22:03:06.0494 4008 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:03:06.0494 4008 wudfsvc - ok
    22:03:06.0514 4008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:03:06.0524 4008 WwanSvc - ok
    22:03:06.0614 4008 X6va005 - ok
    22:03:06.0704 4008 [ 7E6E20A89C2447A586A1DE10712E92AA ] XLServicePlatform C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll
    22:03:06.0704 4008 XLServicePlatform - ok
    22:03:06.0754 4008 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    22:03:06.0764 4008 xusb21 - ok
    22:03:06.0934 4008 ================ Scan global ===============================
    22:03:06.0964 4008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:03:07.0004 4008 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    22:03:07.0034 4008 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    22:03:07.0064 4008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:03:07.0094 4008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:03:07.0104 4008 [Global] - ok
    22:03:07.0104 4008 ================ Scan MBR ==================================
    22:03:07.0124 4008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:03:07.0324 4008 \Device\Harddisk0\DR0 - ok
    22:03:07.0324 4008 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    22:03:07.0334 4008 \Device\Harddisk1\DR1 - ok
    22:03:07.0344 4008 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk2\DR2
    22:03:15.0114 4008 \Device\Harddisk2\DR2 - ok
    22:03:15.0124 4008 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3
    22:03:15.0144 4008 \Device\Harddisk3\DR3 - ok
    22:03:15.0144 4008 ================ Scan VBR ==================================
    22:03:15.0164 4008 [ C77E978FBDAF707C65526E909B052F37 ] \Device\Harddisk0\DR0\Partition1
    22:03:15.0164 4008 \Device\Harddisk0\DR0\Partition1 - ok
    22:03:15.0184 4008 [ E849EC5BDB70815E011CE4C9E2EA1730 ] \Device\Harddisk0\DR0\Partition2
    22:03:15.0194 4008 \Device\Harddisk0\DR0\Partition2 - ok
    22:03:15.0214 4008 [ 0D065CF4F2099D03C45F7148D11365E3 ] \Device\Harddisk0\DR0\Partition3
    22:03:15.0214 4008 \Device\Harddisk0\DR0\Partition3 - ok
    22:03:15.0214 4008 [ E795F6BDD22A8AE215D8021AFF5F42C5 ] \Device\Harddisk1\DR1\Partition1
    22:03:15.0214 4008 \Device\Harddisk1\DR1\Partition1 - ok
    22:03:15.0224 4008 [ 7352BDBDFFC2EF41C5613B79F95436AA ] \Device\Harddisk2\DR2\Partition1
    22:03:15.0224 4008 \Device\Harddisk2\DR2\Partition1 - ok
    22:03:15.0234 4008 [ C9442459B9983BB3608AE875EC4DA49F ] \Device\Harddisk3\DR3\Partition1
    22:03:15.0234 4008 \Device\Harddisk3\DR3\Partition1 - ok
    22:03:15.0234 4008 ============================================================
    22:03:15.0234 4008 Scan finished
    22:03:15.0234 4008 ============================================================
    22:03:15.0254 2788 Detected object count: 0
    22:03:15.0254 2788 Actual detected object count: 0
     
  19. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Ay Wen [Admin rights]
    Mode : Remove -- Date : 10/15/2012 22:14:55

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\32972063 (system32\drivers\57537292.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\32972063 (system32\drivers\57537292.sys) -> DELETED
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{176A144B-7DA3-4AB4-9CCE-A12E453016C3} : NameServer (202.188.0.133,202.188.1.5) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{176A144B-7DA3-4AB4-9CCE-A12E453016C3} : NameServer (202.188.0.133,202.188.1.5) -> NOT REMOVED, USE DNSFIX

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Documents and Settings\Administrator\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    -> D:\Documents and Settings\LEO\NTUSER.DAT
    -> D:\Documents and Settings\LocalService\NTUSER.DAT
    -> D:\Documents and Settings\NetworkService\NTUSER.DAT
    -> D:\Documents and Settings\WEN\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD50 00AAKS-00V1A SCSI Disk Device +++++
    --- User ---
    [MBR] 51bd80e9a23c14ae5a5c40c6fc57e86b
    [BSP] 62039010f429075e1404b8ae8223080c : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 120001 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762370 | Size: 72527 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 394299360 | Size: 284408 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: WD My Book IEEE 1394 SBP2 Device +++++
    --- User ---
    [MBR] eaa2d31aeb193e7d90f36622a6f012eb
    [BSP] 328fa16320dd1f16ad8814325769e663 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 2048 | Size: 953868 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: PNY USB 2.0 FD USB Device +++++
    --- User ---
    [MBR] 71b1006fb7578a88584f529515ef502b
    [BSP] a83a24340e59ea8cbbf2d8eaa19e98b0 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 3853 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive3: BUFFALO HD-PNTU3 USB Device +++++
    --- User ---
    [MBR] f4af8e175dd3e2cc737fd8caf754b440
    [BSP] d5f00655d5aa6dfba79b08fc9aeb1619 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 953839 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  20. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.15.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Ay Wen :: AYWEN-PC [administrator]

    10/15/2012 10:22:57 PM
    mbam-log-2012-10-15 (22-22-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 263103
    Time elapsed: 7 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  21. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-15 22:30:46
    -----------------------------
    22:30:46.082 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:30:46.082 Number of processors: 2 586 0x170A
    22:30:46.082 ComputerName: AYWEN-PC UserName: Ay Wen
    22:30:46.737 Initialize success
    22:34:02.246 AVAST engine defs: 12101500
    22:35:13.740 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000078
    22:35:13.740 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
    22:35:13.740 Disk 1 \Device\Harddisk1\DR1 -> \Device\Sbp2\WD&My Book&0&0090a901_504dedb5_Instance00
    22:35:13.740 Disk 1 Vendor: WD______ 1028 Size: 953869MB BusType: 4
    22:35:13.881 Disk 0 MBR read successfully
    22:35:13.896 Disk 0 MBR scan
    22:35:13.896 Disk 0 Windows 7 default MBR code
    22:35:13.896 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 120001 MB offset 63
    22:35:13.990 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 72527 MB offset 245762370
    22:35:14.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 284408 MB offset 394299360
    22:35:14.068 Disk 0 scanning C:\Windows\system32\drivers
    22:35:40.237 Service scanning
    22:36:16.057 Modules scanning
    22:36:16.397 Disk 0 trace - called modules:
    22:36:16.427 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
    22:36:16.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004268530]
    22:36:16.447 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8003716c00]
    22:36:16.457 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\00000078[0xfffffa80040e69c0]
    22:36:17.107 AVAST engine scan C:\Windows
    22:36:20.397 AVAST engine scan C:\Windows\system32
    22:41:37.650 AVAST engine scan C:\Windows\system32\drivers
    22:42:06.640 AVAST engine scan C:\Users\Ay Wen
    22:53:37.257 AVAST engine scan C:\ProgramData
    22:57:11.413 Scan finished successfully
    23:13:22.129 Disk 0 MBR has been saved successfully to "C:\Users\Ay Wen\Desktop\MBR.dat"
    23:13:22.149 The log file has been saved successfully to "C:\Users\Ay Wen\Desktop\aswMBR.txt"
     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  23. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    I cannot run combo fix or even Rkill, it run a while then blue screen came out
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    That's fine.

    How is computer doing?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. aywen89

    aywen89 TS Rookie Topic Starter Posts: 30

    So far seems to be ok, the memory usage had drop to normal
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...