Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

ping.exe possible virus?


  • This topic is locked This topic is locked
31 replies to this topic

#1 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 14 April 2013 - 01:09 AM

Hi, recently when i play games, there's a popup says windows doesnt have enough memory, and it felt strange because my computer was decent enough to run the game, so when i open the task manager , i notice a lot of ping.exe, conhost.exe and scvhost.exe running. here is the dds log: . DDS (Ver_11-03-05.01) - NTFSx86 Run by Administrator at 15:05:02.31 on Sun 04/14/2013 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3552.2296 [GMT 8:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe C:\Windows\system32\svchost.exe -k imgsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost -k XLServicePlatform C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ICBCEbankTools\MingWah\MWREGICBC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\ChinaNetSn\bin\Netkeeper.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\PING.EXE C:\Windows\system32\PING.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\PING.EXE C:\Windows\system32\conhost.exe C:\Windows\system32\PING.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Administrator\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = www.bing.com uStart Page = hxxp://hao.kankan.com/?id=660115 mStart Page = www.tao678.com mSearch Page = www.bing.com uInternet Settings,ProxyOverride = <local> uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll BHO: ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö: {0ea37b17-6b8b-4085-8257-f3a4aa69c27a} - c:\program files\thunder network\thunder\bho\XlBrowserAddin1.0.8.71.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: ѸÀ×ÏÂÔØÖ§³Ö: {889d2feb-5411-4565-8998-1dd2c5261283} - c:\program files\thunder network\thunder\bho\XunleiBHO7.2.10.3694.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: ICBC Anti-Phishing class: {bb4491a2-d11a-4c6b-91c0-b53246a3122b} - c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\Icbc_AntiPhishing.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: CouponMatcher: {e155f23c-9931-47c6-a619-20e6fca86d75} - c:\program files\couponmatcher\CouponMatcher.dll TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - c:\program files\utorrentcontrol_v2\prxtbuTor.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [Steam] "d:\steam\steam.exe" -silent uRun: [Spotify Web Helper] "c:\users\administrator\appdata\roaming\spotify\data\SpotifyWebHelper.exe" uRun: [Spotify] "c:\users\administrator\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart uRun: [GarenaPlus] "c:\program files\garena plus\GarenaMessenger.exe" -autolaunch mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe" mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [Netkeeper1.0] c:\chinanetsn\bin\loader.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [MWREGICBC.exe] "c:\program files\icbcebanktools\mingwah\MWREGICBC.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" uPolicies-explorer: NoInternetIcon = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableInstallerDetection = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - c:\program files\thunder network\thunder\bho\OfflineDownload.htm IE: &ʹÓÃ&ѸÀ×ÏÂÔØ - c:\program files\thunder network\thunder\bho\geturl.htm IE: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\program files\thunder network\thunder\bho\GetAllUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll LSP: c:\windows\system32\ASProxy.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: icbc.com.cn Trusted Zone: soe.com Trusted Zone: sony.com DPF: {3B3FE354-548D-4DA2-BEC2-52960C31F8E7} - hxxps://b2c.icbc.com.cn/icbc/icbc_mwusbkey.cab DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll DPF: {E6C2DD02-CD38-41A1-9B69-3D7E3B64AF9A} - hxxps://b2c.icbc.com.cn/icbc/icbc_mwdv.cab TCP: {0242B746-2CBD-4E3C-9203-337EC9FAA5B1} = 202.96.104.17 202.96.104.27 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ================= FIREFOX =================== . FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\zel2y528.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.37\bin\npSSOAxCtrlForPTLogin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\tencent\qqdownload\browser\717\npXFPlugin.dll FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypc.dll FF - plugin: c:\program files\ubisoft\ubisoft game launcher\npuplaypchub.dll FF - plugin: c:\programdata\thunder network\thunder\data\npxunlei1.0.0.2.dll FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll FF - plugin: c:\windows\system32\aliedit\3.2.0.0\npaliedit.dll FF - plugin: c:\windows\system32\aliedit\3.2.0.0\npAliSecCtrl.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-1 49248] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2012-10-2 13592] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-3 765736] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-3 368176] R1 netpackets;netpackets;c:\windows\system32\drivers\netpackets.sys [2013-4-14 51552] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-12-19 65192] R2 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [2013-1-22 319840] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-9-28 217600] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-3 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-3 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-4-1 45248] R2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\icbcebanktools\icbcantiphishing\icbc_win32\IcbcDaemon.exe [2011-12-26 430720] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-2-3 458464] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2012-10-2 161560] R2 SSDPOpeService;SSDP OpeServer;c:\users\administrator\appdata\roaming\ssdpopt\SSDPOpeServer.exe [2012-12-5 523864] R2 SSDPOptService;SSDP OptService;c:\users\administrator\appdata\roaming\ssdpopt\SSDPOptServer.exe [2012-12-5 667152] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-10-2 363800] R2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost -k xlserviceplatform --> c:\windows\system32\svchost -k XLServicePlatform [?] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-9-28 9107968] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-9-28 370176] R3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\drivers\asvpndrv.sys [2012-12-1 25856] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-5-14 86656] R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2012-10-2 347928] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2012-10-2 789272] R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-10-2 46080] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-10-2 490088] R3 XLPPoEPC;Driver for XLPPoEPC Device;c:\windows\system32\drivers\XLPPoEPC.sys [2011-4-8 13824] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-10-3 136176] S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-10-2 8192] S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-14 418376] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-14 701512] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384] S3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files\astrill\ASOvpnSvc.exe [2012-12-1 434928] S3 ASProxy;ASProxy;c:\program files\astrill\ASProxy.exe [2012-12-1 1918888] S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-1 164736] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-10-3 136176] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-14 22856] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-26 30969208] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-16 115168] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872] S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184] S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264] S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520] . =============== Created Last 30 ================ . 2013-04-14 06:44:22 51552 ----a-w- c:\windows\system32\drivers\netpackets.sys 2013-04-14 06:04:16 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes 2013-04-14 06:03:24 -------- d-----w- c:\progra~2\Malwarebytes 2013-04-14 06:03:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-14 06:03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-14 06:03:16 -------- d-----w- c:\users\admini~1\appdata\local\Programs 2013-04-07 18:24:07 -------- d-----w- c:\users\admini~1\appdata\roaming\NetworkTunnel 2013-04-06 16:13:05 -------- d-----w- c:\program files\common files\WuShu_0.0.1.034 2013-04-06 16:13:02 -------- d-----w- c:\program files\common files\AgeofWushu_download 2013-04-05 11:05:23 -------- d-----r- c:\program files\Skype 2013-04-05 11:05:06 -------- d-----w- c:\windows\system32\appmgmt 2013-04-01 04:24:39 -------- d-----w- c:\windows\system32\wbem\mof\good 2013-04-01 04:24:39 -------- d-----w- c:\windows\system32\wbem\mof\bad 2013-03-31 16:27:05 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-31 16:27:04 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-30 17:12:16 -------- d-----w- c:\users\admini~1\appdata\local\thunder network 2013-03-29 21:06:11 -------- d-----w- c:\windows\system32\wbem\Logs . ==================== Find3M ==================== . 2013-04-11 05:45:33 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-11 05:45:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-06 23:32:51 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 08:25:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-06 08:25:29 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-06 08:25:29 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-03 10:05:08 2210832 ----a-w- c:\users\admini~1\appdata\roaming\ssdp_21352594.exe 2013-02-18 19:52:08 352168 ----a-w- c:\windows\system32\ASProxy.dll . ============= FINISH: 15:05:32.06 ===============

    Advertisements

Register to Remove


#2 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 17 April 2013 - 04:47 PM

Hello,
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.

If you do not make a reply in 3 days, we will have to close your topic.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.

Please take note of some guidelines for this fix:

•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post





Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
      If suspicious objects are found select skip
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)









Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error

#3 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 19 April 2013 - 02:21 AM

Still need help?

#4 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 19 April 2013 - 09:59 AM

this is the tdskiller log: 13:12:08.0198 12144 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 13:12:08.0809 12144 ============================================================ 13:12:08.0810 12144 Current date / time: 2013/04/20 13:12:08.0809 13:12:08.0810 12144 SystemInfo: 13:12:08.0810 12144 13:12:08.0810 12144 OS Version: 6.1.7601 ServicePack: 1.0 13:12:08.0810 12144 Product type: Workstation 13:12:08.0810 12144 ComputerName: USERSMI-M4AD7ID 13:12:08.0810 12144 UserName: Administrator 13:12:08.0810 12144 Windows directory: C:\Windows 13:12:08.0810 12144 System windows directory: C:\Windows 13:12:08.0810 12144 Processor architecture: Intel x86 13:12:08.0810 12144 Number of processors: 4 13:12:08.0810 12144 Page size: 0x1000 13:12:08.0810 12144 Boot type: Normal boot 13:12:08.0810 12144 ============================================================ 13:12:09.0663 12144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 13:12:09.0666 12144 ============================================================ 13:12:09.0666 12144 \Device\Harddisk0\DR0: 13:12:09.0666 12144 MBR partitions: 13:12:09.0666 12144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C134849 13:12:09.0679 12144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C1348C7, BlocksNum 0x1E25037A 13:12:09.0679 12144 ============================================================ 13:12:09.0704 12144 C: <-> \Device\Harddisk0\DR0\Partition1 13:12:09.0731 12144 D: <-> \Device\Harddisk0\DR0\Partition2 13:12:09.0731 12144 ============================================================ 13:12:09.0731 12144 Initialize success 13:12:09.0731 12144 ============================================================ 13:12:11.0355 1916 ============================================================ 13:12:11.0355 1916 Scan started 13:12:11.0355 1916 Mode: Manual; 13:12:11.0355 1916 ============================================================ 13:12:11.0842 1916 ================ Scan system memory ======================== 13:12:11.0842 1916 System memory - ok 13:12:11.0842 1916 ================ Scan services ============================= 13:12:11.0989 1916 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:12:11.0990 1916 1394ohci - ok 13:12:12.0007 1916 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:12:12.0009 1916 ACPI - ok 13:12:12.0024 1916 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:12:12.0025 1916 AcpiPmi - ok 13:12:12.0117 1916 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 13:12:12.0118 1916 AdobeARMservice - ok 13:12:12.0145 1916 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 13:12:12.0149 1916 adp94xx - ok 13:12:12.0164 1916 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 13:12:12.0167 1916 adpahci - ok 13:12:12.0182 1916 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 13:12:12.0183 1916 adpu320 - ok 13:12:12.0205 1916 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:12:12.0206 1916 AeLookupSvc - ok 13:12:12.0239 1916 [ 1151FD4FB0216CFED887BFDE29EBD516 ] AFD C:\Windows\system32\drivers\afd.sys 13:12:12.0242 1916 AFD - ok 13:12:12.0260 1916 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 13:12:12.0260 1916 agp440 - ok 13:12:12.0268 1916 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 13:12:12.0269 1916 aic78xx - ok 13:12:12.0297 1916 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 13:12:12.0298 1916 ALG - ok 13:12:12.0322 1916 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 13:12:12.0322 1916 aliide - ok 13:12:12.0366 1916 [ F3D94E366A918638F59A679AD70C71A9 ] AlipaySecSvc C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe 13:12:12.0368 1916 AlipaySecSvc - ok 13:12:12.0401 1916 [ E608D708EFE1F8AE7160DB7C0DE4D8E6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 13:12:12.0404 1916 AMD External Events Utility - ok 13:12:12.0420 1916 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 13:12:12.0421 1916 amdagp - ok 13:12:12.0435 1916 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 13:12:12.0436 1916 amdide - ok 13:12:12.0452 1916 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 13:12:12.0453 1916 AmdK8 - ok 13:12:12.0611 1916 [ F611C341A8B0926D6C2D6417464BD11E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:12:12.0643 1916 amdkmdag - ok 13:12:12.0662 1916 [ C08F6E9987D2AACFF9653ADB30C4DA3D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 13:12:12.0663 1916 amdkmdap - ok 13:12:12.0675 1916 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 13:12:12.0676 1916 AmdPPM - ok 13:12:12.0708 1916 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:12:12.0709 1916 amdsata - ok 13:12:12.0725 1916 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 13:12:12.0727 1916 amdsbs - ok 13:12:12.0745 1916 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:12:12.0745 1916 amdxata - ok 13:12:12.0771 1916 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 13:12:12.0772 1916 AppID - ok 13:12:12.0815 1916 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:12:12.0815 1916 AppIDSvc - ok 13:12:12.0825 1916 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 13:12:12.0826 1916 Appinfo - ok 13:12:12.0870 1916 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:12:12.0871 1916 Apple Mobile Device - ok 13:12:12.0894 1916 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 13:12:12.0896 1916 AppMgmt - ok 13:12:12.0920 1916 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 13:12:12.0921 1916 arc - ok 13:12:12.0939 1916 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 13:12:12.0940 1916 arcsas - ok 13:12:13.0002 1916 [ 54AB80D7F53E0C228A3F0FDB167DC83E ] ASOVPNHelper C:\Program Files\Astrill\ASOvpnSvc.exe 13:12:13.0004 1916 ASOVPNHelper - ok 13:12:13.0102 1916 [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 13:12:13.0103 1916 aspnet_state - ok 13:12:13.0169 1916 [ 1B69B335F6BCD85C104F8C674660D6D6 ] ASProxy C:\Program Files\Astrill\ASProxy.exe 13:12:13.0182 1916 ASProxy - ok 13:12:13.0207 1916 [ FA1F8B44242E0817F4B1BE2EE7979DF0 ] asvpndrv C:\Windows\system32\DRIVERS\asvpndrv.sys 13:12:13.0208 1916 asvpndrv - ok 13:12:13.0236 1916 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 13:12:13.0237 1916 aswFsBlk - ok 13:12:13.0244 1916 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 13:12:13.0245 1916 aswMonFlt - ok 13:12:13.0259 1916 [ 6844738D52970A0F482768EEA941C78E ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 13:12:13.0259 1916 aswRdr - ok 13:12:13.0286 1916 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 13:12:13.0287 1916 aswRvrt - ok 13:12:13.0306 1916 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 13:12:13.0312 1916 aswSnx - ok 13:12:13.0327 1916 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\Windows\system32\drivers\aswSP.sys 13:12:13.0329 1916 aswSP - ok 13:12:13.0337 1916 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 13:12:13.0338 1916 aswTdi - ok 13:12:13.0386 1916 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 13:12:13.0387 1916 aswVmm - ok 13:12:13.0396 1916 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:12:13.0396 1916 AsyncMac - ok 13:12:13.0410 1916 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 13:12:13.0410 1916 atapi - ok 13:12:13.0453 1916 [ 434192D027A6A11E32E1C74C7C43E1ED ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys 13:12:13.0454 1916 AtiHDAudioService - ok 13:12:13.0487 1916 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:12:13.0491 1916 AudioEndpointBuilder - ok 13:12:13.0503 1916 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 13:12:13.0507 1916 Audiosrv - ok 13:12:13.0546 1916 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 13:12:13.0547 1916 avast! Antivirus - ok 13:12:13.0567 1916 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:12:13.0568 1916 AxInstSV - ok 13:12:13.0590 1916 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 13:12:13.0593 1916 b06bdrv - ok 13:12:13.0613 1916 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 13:12:13.0615 1916 b57nd60x - ok 13:12:13.0636 1916 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 13:12:13.0637 1916 BDESVC - ok 13:12:13.0644 1916 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 13:12:13.0645 1916 Beep - ok 13:12:13.0660 1916 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 13:12:13.0664 1916 BFE - ok 13:12:13.0693 1916 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 13:12:13.0701 1916 BITS - ok 13:12:13.0714 1916 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:12:13.0715 1916 blbdrive - ok 13:12:13.0760 1916 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 13:12:13.0763 1916 Bonjour Service - ok 13:12:13.0785 1916 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:12:13.0786 1916 bowser - ok 13:12:13.0804 1916 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 13:12:13.0805 1916 BrFiltLo - ok 13:12:13.0821 1916 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 13:12:13.0822 1916 BrFiltUp - ok 13:12:13.0834 1916 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll 13:12:13.0835 1916 Browser - ok 13:12:13.0852 1916 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:12:13.0854 1916 Brserid - ok 13:12:13.0863 1916 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:12:13.0864 1916 BrSerWdm - ok 13:12:13.0879 1916 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:12:13.0879 1916 BrUsbMdm - ok 13:12:13.0884 1916 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:12:13.0884 1916 BrUsbSer - ok 13:12:13.0892 1916 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 13:12:13.0893 1916 BTHMODEM - ok 13:12:13.0910 1916 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 13:12:13.0911 1916 bthserv - ok 13:12:13.0923 1916 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:12:13.0924 1916 cdfs - ok 13:12:13.0952 1916 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:12:13.0953 1916 cdrom - ok 13:12:13.0967 1916 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 13:12:13.0969 1916 CertPropSvc - ok 13:12:13.0982 1916 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 13:12:13.0983 1916 circlass - ok 13:12:14.0000 1916 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 13:12:14.0001 1916 CLFS - ok 13:12:14.0019 1916 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:12:14.0020 1916 clr_optimization_v2.0.50727_32 - ok 13:12:14.0056 1916 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:12:14.0057 1916 clr_optimization_v4.0.30319_32 - ok 13:12:14.0073 1916 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 13:12:14.0073 1916 CmBatt - ok 13:12:14.0084 1916 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:12:14.0084 1916 cmdide - ok 13:12:14.0107 1916 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys 13:12:14.0109 1916 CNG - ok 13:12:14.0123 1916 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 13:12:14.0123 1916 Compbatt - ok 13:12:14.0152 1916 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 13:12:14.0153 1916 CompositeBus - ok 13:12:14.0172 1916 COMSysApp - ok 13:12:14.0187 1916 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 13:12:14.0188 1916 crcdisk - ok 13:12:14.0217 1916 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:12:14.0219 1916 CryptSvc - ok 13:12:14.0236 1916 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 13:12:14.0239 1916 CSC - ok 13:12:14.0259 1916 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 13:12:14.0263 1916 CscService - ok 13:12:14.0298 1916 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 13:12:14.0303 1916 DcomLaunch - ok 13:12:14.0322 1916 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 13:12:14.0324 1916 defragsvc - ok 13:12:14.0347 1916 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:12:14.0347 1916 DfsC - ok 13:12:14.0367 1916 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 13:12:14.0371 1916 Dhcp - ok 13:12:14.0397 1916 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 13:12:14.0398 1916 discache - ok 13:12:14.0421 1916 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 13:12:14.0422 1916 Disk - ok 13:12:14.0437 1916 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 13:12:14.0438 1916 dmvsc - ok 13:12:14.0455 1916 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:12:14.0458 1916 Dnscache - ok 13:12:14.0481 1916 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 13:12:14.0485 1916 dot3svc - ok 13:12:14.0497 1916 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 13:12:14.0500 1916 DPS - ok 13:12:14.0531 1916 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:12:14.0531 1916 drmkaud - ok 13:12:14.0550 1916 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:12:14.0555 1916 DXGKrnl - ok 13:12:14.0567 1916 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 13:12:14.0569 1916 EapHost - ok 13:12:14.0625 1916 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 13:12:14.0639 1916 ebdrv - ok 13:12:14.0674 1916 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 13:12:14.0676 1916 EFS - ok 13:12:14.0705 1916 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 13:12:14.0708 1916 elxstor - ok 13:12:14.0723 1916 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:12:14.0724 1916 ErrDev - ok 13:12:14.0745 1916 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 13:12:14.0749 1916 EventSystem - ok 13:12:14.0775 1916 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 13:12:14.0776 1916 exfat - ok 13:12:14.0799 1916 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:12:14.0800 1916 fastfat - ok 13:12:14.0817 1916 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 13:12:14.0820 1916 Fax - ok 13:12:14.0833 1916 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys 13:12:14.0834 1916 fdc - ok 13:12:14.0848 1916 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 13:12:14.0849 1916 fdPHost - ok 13:12:14.0859 1916 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 13:12:14.0860 1916 FDResPub - ok 13:12:14.0868 1916 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:12:14.0869 1916 FileInfo - ok 13:12:14.0876 1916 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:12:14.0876 1916 Filetrace - ok 13:12:14.0878 1916 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 13:12:14.0878 1916 flpydisk - ok 13:12:14.0886 1916 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:12:14.0887 1916 FltMgr - ok 13:12:14.0923 1916 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll 13:12:14.0927 1916 FontCache - ok 13:12:14.0971 1916 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 13:12:14.0972 1916 FontCache3.0.0.0 - ok 13:12:14.0980 1916 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:12:14.0980 1916 FsDepends - ok 13:12:14.0992 1916 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:12:14.0992 1916 Fs_Rec - ok 13:12:15.0015 1916 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:12:15.0016 1916 fvevol - ok 13:12:15.0040 1916 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 13:12:15.0041 1916 gagp30kx - ok 13:12:15.0076 1916 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 13:12:15.0077 1916 GEARAspiWDM - ok 13:12:15.0146 1916 GGSAFERDriver - ok 13:12:15.0178 1916 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 13:12:15.0184 1916 gpsvc - ok 13:12:15.0264 1916 GPU-Z - ok 13:12:15.0311 1916 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 13:12:15.0312 1916 gupdate - ok 13:12:15.0316 1916 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 13:12:15.0318 1916 gupdatem - ok 13:12:15.0335 1916 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:12:15.0335 1916 hcw85cir - ok 13:12:15.0372 1916 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:12:15.0375 1916 HdAudAddService - ok 13:12:15.0401 1916 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 13:12:15.0403 1916 HDAudBus - ok 13:12:15.0406 1916 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 13:12:15.0407 1916 HidBatt - ok 13:12:15.0419 1916 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 13:12:15.0420 1916 HidBth - ok 13:12:15.0437 1916 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 13:12:15.0438 1916 HidIr - ok 13:12:15.0458 1916 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 13:12:15.0460 1916 hidserv - ok 13:12:15.0472 1916 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:12:15.0473 1916 HidUsb - ok 13:12:15.0497 1916 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:12:15.0500 1916 hkmsvc - ok 13:12:15.0526 1916 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:12:15.0530 1916 HomeGroupListener - ok 13:12:15.0559 1916 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:12:15.0563 1916 HomeGroupProvider - ok 13:12:15.0572 1916 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:12:15.0572 1916 HpSAMD - ok 13:12:15.0590 1916 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:12:15.0592 1916 HTTP - ok 13:12:15.0601 1916 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:12:15.0601 1916 hwpolicy - ok 13:12:15.0636 1916 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 13:12:15.0637 1916 i8042prt - ok 13:12:15.0652 1916 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:12:15.0655 1916 iaStorV - ok 13:12:15.0755 1916 [ 645B2E8D38F937DAB5A735B12922446E ] ICBC Daemon Service C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe 13:12:15.0758 1916 ICBC Daemon Service - ok 13:12:15.0910 1916 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 13:12:15.0917 1916 idsvc - ok 13:12:15.0968 1916 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 13:12:15.0969 1916 iirsp - ok 13:12:15.0994 1916 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 13:12:16.0001 1916 IKEEXT - ok 13:12:16.0102 1916 [ 0DBEF9CD5A2CD71240DD5AFCEE56D073 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 13:12:16.0115 1916 IntcAzAudAddService - ok 13:12:16.0172 1916 [ C86A9AA1CBC4C3C2C5C9DD0F6D939926 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 13:12:16.0175 1916 Intel® Capability Licensing Service Interface - ok 13:12:16.0203 1916 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 13:12:16.0204 1916 intelide - ok 13:12:16.0217 1916 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:12:16.0218 1916 intelppm - ok 13:12:16.0248 1916 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:12:16.0250 1916 IPBusEnum - ok 13:12:16.0275 1916 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:12:16.0276 1916 IpFilterDriver - ok 13:12:16.0305 1916 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:12:16.0311 1916 iphlpsvc - ok 13:12:16.0324 1916 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:12:16.0324 1916 IPMIDRV - ok 13:12:16.0333 1916 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:12:16.0334 1916 IPNAT - ok 13:12:16.0388 1916 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 13:12:16.0394 1916 iPod Service - ok 13:12:16.0412 1916 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:12:16.0412 1916 IRENUM - ok 13:12:16.0434 1916 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:12:16.0435 1916 isapnp - ok 13:12:16.0448 1916 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:12:16.0450 1916 iScsiPrt - ok 13:12:16.0493 1916 [ 68773314B22DDB7B6A4177537508AF91 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 13:12:16.0493 1916 iusb3hcs - ok 13:12:16.0516 1916 [ F093BCA5CD5D797B3777ABD2E5B9CFCE ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 13:12:16.0517 1916 iusb3hub - ok 13:12:16.0533 1916 [ 7F3245BCEE44E168EA67A5103AA496DE ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 13:12:16.0536 1916 iusb3xhc - ok 13:12:16.0571 1916 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe 13:12:16.0572 1916 jhi_service - ok 13:12:16.0604 1916 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 13:12:16.0605 1916 kbdclass - ok 13:12:16.0631 1916 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 13:12:16.0632 1916 kbdhid - ok 13:12:16.0649 1916 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 13:12:16.0652 1916 KeyIso - ok 13:12:16.0687 1916 [ 4635935FC972C582632BF45C26BFCB0E ] KMService C:\Windows\system32\srvany.exe 13:12:16.0692 1916 KMService - ok 13:12:16.0703 1916 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:12:16.0704 1916 KSecDD - ok 13:12:16.0724 1916 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:12:16.0726 1916 KSecPkg - ok 13:12:16.0756 1916 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 13:12:16.0762 1916 KtmRm - ok 13:12:16.0785 1916 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 13:12:16.0791 1916 LanmanServer - ok 13:12:16.0799 1916 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:12:16.0804 1916 LanmanWorkstation - ok 13:12:16.0848 1916 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:12:16.0848 1916 lltdio - ok 13:12:16.0879 1916 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:12:16.0881 1916 lltdsvc - ok 13:12:16.0893 1916 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 13:12:16.0895 1916 lmhosts - ok 13:12:16.0928 1916 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe 13:12:16.0930 1916 LMS - ok 13:12:16.0954 1916 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 13:12:16.0955 1916 LSI_FC - ok 13:12:16.0969 1916 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 13:12:16.0970 1916 LSI_SAS - ok 13:12:16.0986 1916 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 13:12:16.0987 1916 LSI_SAS2 - ok 13:12:17.0004 1916 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 13:12:17.0004 1916 LSI_SCSI - ok 13:12:17.0019 1916 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 13:12:17.0020 1916 luafv - ok 13:12:17.0048 1916 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 13:12:17.0049 1916 MBAMProtector - ok 13:12:17.0095 1916 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 13:12:17.0098 1916 MBAMScheduler - ok 13:12:17.0128 1916 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 13:12:17.0134 1916 MBAMService - ok 13:12:17.0160 1916 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys 13:12:17.0162 1916 mcdbus - ok 13:12:17.0176 1916 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 13:12:17.0177 1916 megasas - ok 13:12:17.0199 1916 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 13:12:17.0201 1916 MegaSR - ok 13:12:17.0235 1916 [ 240D715CFE4FB8F4CDA76F6863E62334 ] MEI C:\Windows\system32\DRIVERS\HECI.sys 13:12:17.0236 1916 MEI - ok 13:12:17.0290 1916 Microsoft SharePoint Workspace Audit Service - ok 13:12:17.0309 1916 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 13:12:17.0311 1916 MMCSS - ok 13:12:17.0326 1916 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 13:12:17.0326 1916 Modem - ok 13:12:17.0355 1916 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:12:17.0356 1916 monitor - ok 13:12:17.0374 1916 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:12:17.0375 1916 mouclass - ok 13:12:17.0393 1916 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:12:17.0394 1916 mouhid - ok 13:12:17.0411 1916 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:12:17.0412 1916 mountmgr - ok 13:12:17.0463 1916 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 13:12:17.0464 1916 MozillaMaintenance - ok 13:12:17.0480 1916 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 13:12:17.0482 1916 mpio - ok 13:12:17.0495 1916 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:12:17.0496 1916 mpsdrv - ok 13:12:17.0515 1916 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:12:17.0518 1916 MpsSvc - ok 13:12:17.0528 1916 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:12:17.0529 1916 MRxDAV - ok 13:12:17.0544 1916 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:12:17.0545 1916 mrxsmb - ok 13:12:17.0568 1916 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:12:17.0569 1916 mrxsmb10 - ok 13:12:17.0578 1916 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:12:17.0579 1916 mrxsmb20 - ok 13:12:17.0592 1916 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 13:12:17.0592 1916 msahci - ok 13:12:17.0617 1916 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:12:17.0618 1916 msdsm - ok 13:12:17.0636 1916 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 13:12:17.0640 1916 MSDTC - ok 13:12:17.0660 1916 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:12:17.0661 1916 Msfs - ok 13:12:17.0665 1916 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:12:17.0666 1916 mshidkmdf - ok 13:12:17.0674 1916 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:12:17.0674 1916 msisadrv - ok 13:12:17.0706 1916 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:12:17.0709 1916 MSiSCSI - ok 13:12:17.0711 1916 msiserver - ok 13:12:17.0734 1916 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:12:17.0735 1916 MSKSSRV - ok 13:12:17.0750 1916 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:12:17.0751 1916 MSPCLOCK - ok 13:12:17.0755 1916 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:12:17.0756 1916 MSPQM - ok 13:12:17.0769 1916 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:12:17.0771 1916 MsRPC - ok 13:12:17.0783 1916 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 13:12:17.0784 1916 mssmbios - ok 13:12:17.0803 1916 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:12:17.0804 1916 MSTEE - ok 13:12:17.0814 1916 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 13:12:17.0815 1916 MTConfig - ok 13:12:17.0827 1916 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 13:12:17.0828 1916 Mup - ok 13:12:17.0854 1916 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 13:12:17.0857 1916 napagent - ok 13:12:17.0879 1916 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:12:17.0880 1916 NativeWifiP - ok 13:12:17.0896 1916 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:12:17.0899 1916 NDIS - ok 13:12:17.0907 1916 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:12:17.0908 1916 NdisCap - ok 13:12:17.0915 1916 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:12:17.0915 1916 NdisTapi - ok 13:12:17.0937 1916 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:12:17.0938 1916 Ndisuio - ok 13:12:17.0947 1916 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:12:17.0948 1916 NdisWan - ok 13:12:17.0975 1916 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:12:17.0976 1916 NDProxy - ok 13:12:17.0988 1916 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:12:17.0989 1916 NetBIOS - ok 13:12:18.0004 1916 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:12:18.0005 1916 NetBT - ok 13:12:18.0016 1916 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 13:12:18.0018 1916 Netlogon - ok 13:12:18.0060 1916 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 13:12:18.0066 1916 Netman - ok 13:12:18.0120 1916 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:12:18.0122 1916 NetMsmqActivator - ok 13:12:18.0170 1916 [ 54CC2F7B9C20F4569EBBBBD6090C6D85 ] netpackets C:\Windows\system32\drivers\netpackets.sys 13:12:18.0171 1916 netpackets - ok 13:12:18.0175 1916 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:12:18.0177 1916 NetPipeActivator - ok 13:12:18.0198 1916 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 13:12:18.0204 1916 netprofm - ok 13:12:18.0209 1916 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:12:18.0210 1916 NetTcpActivator - ok 13:12:18.0214 1916 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 13:12:18.0216 1916 NetTcpPortSharing - ok 13:12:18.0269 1916 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 13:12:18.0270 1916 nfrd960 - ok 13:12:18.0282 1916 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:12:18.0287 1916 NlaSvc - ok 13:12:18.0317 1916 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\DRIVERS\npf.sys 13:12:18.0318 1916 NPF - ok 13:12:18.0328 1916 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:12:18.0329 1916 Npfs - ok 13:12:18.0340 1916 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 13:12:18.0342 1916 nsi - ok 13:12:18.0350 1916 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:12:18.0350 1916 nsiproxy - ok 13:12:18.0379 1916 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:12:18.0384 1916 Ntfs - ok 13:12:18.0395 1916 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 13:12:18.0395 1916 Null - ok 13:12:18.0415 1916 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:12:18.0416 1916 nvraid - ok 13:12:18.0422 1916 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:12:18.0423 1916 nvstor - ok 13:12:18.0438 1916 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:12:18.0439 1916 nv_agp - ok 13:12:18.0450 1916 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:12:18.0451 1916 ohci1394 - ok 13:12:18.0504 1916 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:12:18.0506 1916 ose - ok 13:12:18.0611 1916 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:12:18.0633 1916 osppsvc - ok 13:12:18.0659 1916 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:12:18.0661 1916 p2pimsvc - ok 13:12:18.0683 1916 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 13:12:18.0686 1916 p2psvc - ok 13:12:18.0698 1916 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys 13:12:18.0698 1916 Parport - ok 13:12:18.0707 1916 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:12:18.0708 1916 partmgr - ok 13:12:18.0725 1916 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys 13:12:18.0725 1916 Parvdm - ok 13:12:18.0735 1916 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:12:18.0737 1916 PcaSvc - ok 13:12:18.0757 1916 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 13:12:18.0757 1916 pci - ok 13:12:18.0775 1916 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 13:12:18.0775 1916 pciide - ok 13:12:18.0789 1916 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 13:12:18.0791 1916 pcmcia - ok 13:12:18.0807 1916 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 13:12:18.0808 1916 pcw - ok 13:12:18.0821 1916 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:12:18.0824 1916 PEAUTH - ok 13:12:18.0841 1916 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 13:12:18.0847 1916 PeerDistSvc - ok 13:12:18.0877 1916 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 13:12:18.0884 1916 pla - ok 13:12:18.0935 1916 [ 92DC6E68D2C856C5C2F21AE9E22112B8 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:12:18.0942 1916 PlugPlay - ok 13:12:18.0954 1916 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:12:18.0958 1916 PNRPAutoReg - ok 13:12:18.0976 1916 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:12:18.0982 1916 PNRPsvc - ok 13:12:19.0004 1916 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:12:19.0009 1916 PolicyAgent - ok 13:12:19.0019 1916 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 13:12:19.0023 1916 Power - ok 13:12:19.0044 1916 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:12:19.0045 1916 PptpMiniport - ok 13:12:19.0056 1916 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 13:12:19.0057 1916 Processor - ok 13:12:19.0086 1916 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll 13:12:19.0089 1916 ProfSvc - ok 13:12:19.0099 1916 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:12:19.0101 1916 ProtectedStorage - ok 13:12:19.0120 1916 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:12:19.0121 1916 Psched - ok 13:12:19.0181 1916 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 13:12:19.0191 1916 ql2300 - ok 13:12:19.0206 1916 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 13:12:19.0207 1916 ql40xx - ok 13:12:19.0221 1916 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 13:12:19.0224 1916 QWAVE - ok 13:12:19.0237 1916 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:12:19.0238 1916 QWAVEdrv - ok 13:12:19.0249 1916 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:12:19.0250 1916 RasAcd - ok 13:12:19.0282 1916 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:12:19.0283 1916 RasAgileVpn - ok 13:12:19.0297 1916 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 13:12:19.0303 1916 RasAuto - ok 13:12:19.0311 1916 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:12:19.0312 1916 Rasl2tp - ok 13:12:19.0328 1916 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 13:12:19.0331 1916 RasMan - ok 13:12:19.0346 1916 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:12:19.0346 1916 RasPppoe - ok 13:12:19.0377 1916 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:12:19.0378 1916 RasSstp - ok 13:12:19.0393 1916 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:12:19.0396 1916 rdbss - ok 13:12:19.0410 1916 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 13:12:19.0411 1916 rdpbus - ok 13:12:19.0418 1916 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:12:19.0419 1916 RDPCDD - ok 13:12:19.0439 1916 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 13:12:19.0441 1916 RDPDR - ok 13:12:19.0456 1916 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:12:19.0457 1916 RDPENCDD - ok 13:12:19.0464 1916 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:12:19.0465 1916 RDPREFMP - ok 13:12:19.0479 1916 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 13:12:19.0480 1916 RdpVideoMiniport - ok 13:12:19.0492 1916 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:12:19.0494 1916 RDPWD - ok 13:12:19.0512 1916 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:12:19.0514 1916 rdyboost - ok 13:12:19.0540 1916 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 13:12:19.0543 1916 RemoteAccess - ok 13:12:19.0568 1916 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:12:19.0572 1916 RemoteRegistry - ok 13:12:19.0578 1916 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:12:19.0582 1916 RpcEptMapper - ok 13:12:19.0605 1916 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 13:12:19.0607 1916 RpcLocator - ok 13:12:19.0623 1916 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 13:12:19.0626 1916 RpcSs - ok 13:12:19.0667 1916 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:12:19.0667 1916 rspndr - ok 13:12:19.0714 1916 [ 6A2586DCB5B04A52404699EB325DF1DB ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 13:12:19.0718 1916 RTL8167 - ok 13:12:19.0729 1916 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 13:12:19.0730 1916 s3cap - ok 13:12:19.0741 1916 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 13:12:19.0744 1916 SamSs - ok 13:12:19.0762 1916 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:12:19.0763 1916 sbp2port - ok 13:12:19.0783 1916 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:12:19.0786 1916 SCardSvr - ok 13:12:19.0796 1916 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:12:19.0797 1916 scfilter - ok 13:12:19.0817 1916 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 13:12:19.0824 1916 Schedule - ok 13:12:19.0851 1916 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:12:19.0852 1916 SCPolicySvc - ok 13:12:19.0862 1916 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:12:19.0864 1916 SDRSVC - ok 13:12:19.0886 1916 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:12:19.0886 1916 secdrv - ok 13:12:19.0891 1916 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 13:12:19.0894 1916 seclogon - ok 13:12:19.0905 1916 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 13:12:19.0907 1916 SENS - ok 13:12:19.0919 1916 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:12:19.0922 1916 SensrSvc - ok 13:12:19.0937 1916 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:12:19.0937 1916 Serenum - ok 13:12:19.0956 1916 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:12:19.0957 1916 Serial - ok 13:12:19.0976 1916 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 13:12:19.0977 1916 sermouse - ok 13:12:19.0992 1916 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 13:12:19.0997 1916 SessionEnv - ok 13:12:20.0012 1916 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:12:20.0013 1916 sffdisk - ok 13:12:20.0017 1916 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:12:20.0017 1916 sffp_mmc - ok 13:12:20.0022 1916 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:12:20.0022 1916 sffp_sd - ok 13:12:20.0030 1916 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 13:12:20.0031 1916 sfloppy - ok 13:12:20.0054 1916 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:12:20.0056 1916 SharedAccess - ok 13:12:20.0063 1916 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:12:20.0067 1916 ShellHWDetection - ok 13:12:20.0082 1916 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 13:12:20.0082 1916 sisagp - ok 13:12:20.0097 1916 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 13:12:20.0097 1916 SiSRaid2 - ok 13:12:20.0106 1916 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 13:12:20.0107 1916 SiSRaid4 - ok 13:12:20.0152 1916 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 13:12:20.0153 1916 SkypeUpdate - ok 13:12:20.0170 1916 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:12:20.0171 1916 Smb - ok 13:12:20.0197 1916 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:12:20.0202 1916 SNMPTRAP - ok 13:12:20.0206 1916 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 13:12:20.0207 1916 spldr - ok 13:12:20.0220 1916 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe 13:12:20.0227 1916 Spooler - ok 13:12:20.0280 1916 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 13:12:20.0305 1916 sppsvc - ok 13:12:20.0317 1916 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:12:20.0320 1916 sppuinotify - ok 13:12:20.0332 1916 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 13:12:20.0333 1916 srv - ok 13:12:20.0343 1916 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:12:20.0345 1916 srv2 - ok 13:12:20.0364 1916 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:12:20.0364 1916 srvnet - ok 13:12:20.0483 1916 [ 0B40FCD24D0B50B90AE4D41D3F318985 ] SSDPOpeService C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe 13:12:20.0487 1916 SSDPOpeService - ok 13:12:20.0532 1916 [ 79D181C1463ACAEF263105BF3F714FBC ] SSDPOptService C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe 13:12:20.0537 1916 SSDPOptService - ok 13:12:20.0560 1916 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:12:20.0566 1916 SSDPSRV - ok 13:12:20.0571 1916 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:12:20.0576 1916 SstpSvc - ok 13:12:20.0592 1916 Steam Client Service - ok 13:12:20.0617 1916 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 13:12:20.0618 1916 stexstor - ok 13:12:20.0644 1916 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 13:12:20.0648 1916 StiSvc - ok 13:12:20.0665 1916 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 13:12:20.0666 1916 storflt - ok 13:12:20.0688 1916 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 13:12:20.0688 1916 storvsc - ok 13:12:20.0699 1916 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 13:12:20.0700 1916 swenum - ok 13:12:20.0715 1916 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 13:12:20.0722 1916 swprv - ok 13:12:20.0736 1916 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 13:12:20.0738 1916 Synth3dVsc - ok 13:12:20.0762 1916 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 13:12:20.0775 1916 SysMain - ok 13:12:20.0783 1916 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:12:20.0786 1916 TabletInputService - ok 13:12:20.0820 1916 [ 5A5927C254DA9D76D66DE866E21C1058 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys 13:12:20.0820 1916 tap0901 - ok 13:12:20.0833 1916 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 13:12:20.0836 1916 TapiSrv - ok 13:12:20.0841 1916 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 13:12:20.0843 1916 TBS - ok 13:12:20.0863 1916 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:12:20.0869 1916 Tcpip - ok 13:12:20.0962 1916 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:12:20.0972 1916 TCPIP6 - ok 13:12:21.0010 1916 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:12:21.0012 1916 tcpipreg - ok 13:12:21.0041 1916 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:12:21.0042 1916 TDPIPE - ok 13:12:21.0055 1916 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:12:21.0055 1916 TDTCP - ok 13:12:21.0072 1916 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:12:21.0073 1916 tdx - ok 13:12:21.0081 1916 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 13:12:21.0082 1916 TermDD - ok 13:12:21.0101 1916 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys 13:12:21.0101 1916 terminpt - ok 13:12:21.0126 1916 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 13:12:21.0135 1916 TermService - ok 13:12:21.0148 1916 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 13:12:21.0154 1916 Themes - ok 13:12:21.0168 1916 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 13:12:21.0171 1916 THREADORDER - ok 13:12:21.0192 1916 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 13:12:21.0198 1916 TrkWks - ok 13:12:21.0239 1916 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:12:21.0241 1916 TrustedInstaller - ok 13:12:21.0247 1916 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:12:21.0248 1916 tssecsrv - ok 13:12:21.0261 1916 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:12:21.0262 1916 TsUsbFlt - ok 13:12:21.0292 1916 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 13:12:21.0293 1916 TsUsbGD - ok 13:12:21.0305 1916 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 13:12:21.0306 1916 tsusbhub - ok 13:12:21.0314 1916 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:12:21.0315 1916 tunnel - ok 13:12:21.0329 1916 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 13:12:21.0329 1916 uagp35 - ok 13:12:21.0342 1916 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:12:21.0343 1916 udfs - ok 13:12:21.0367 1916 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:12:21.0370 1916 UI0Detect - ok 13:12:21.0400 1916 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:12:21.0402 1916 uliagpkx - ok 13:12:21.0418 1916 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:12:21.0420 1916 umbus - ok 13:12:21.0439 1916 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 13:12:21.0440 1916 UmPass - ok 13:12:21.0453 1916 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 13:12:21.0460 1916 UmRdpService - ok 13:12:21.0493 1916 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe 13:12:21.0495 1916 UNS - ok 13:12:21.0509 1916 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 13:12:21.0516 1916 upnphost - ok 13:12:21.0544 1916 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 13:12:21.0546 1916 usbaudio - ok 13:12:21.0569 1916 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:12:21.0571 1916 usbccgp - ok 13:12:21.0587 1916 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:12:21.0589 1916 usbcir - ok 13:12:21.0612 1916 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 13:12:21.0613 1916 usbehci - ok 13:12:21.0636 1916 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:12:21.0639 1916 usbhub - ok 13:12:21.0662 1916 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:12:21.0663 1916 usbohci - ok 13:12:21.0673 1916 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys 13:12:21.0674 1916 usbprint - ok 13:12:21.0689 1916 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:12:21.0690 1916 USBSTOR - ok 13:12:21.0710 1916 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:12:21.0710 1916 usbuhci - ok 13:12:21.0747 1916 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 13:12:21.0749 1916 usbvideo - ok 13:12:21.0771 1916 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 13:12:21.0777 1916 UxSms - ok 13:12:21.0783 1916 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 13:12:21.0787 1916 VaultSvc - ok 13:12:21.0801 1916 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:12:21.0803 1916 vdrvroot - ok 13:12:21.0816 1916 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 13:12:21.0821 1916 vds - ok 13:12:21.0845 1916 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:12:21.0845 1916 vga - ok 13:12:21.0855 1916 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 13:12:21.0855 1916 VgaSave - ok 13:12:21.0857 1916 VGPU - ok 13:12:21.0866 1916 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:12:21.0867 1916 vhdmp - ok 13:12:21.0893 1916 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 13:12:21.0894 1916 viaagp - ok 13:12:21.0898 1916 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 13:12:21.0900 1916 ViaC7 - ok 13:12:21.0905 1916 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 13:12:21.0906 1916 viaide - ok 13:12:21.0918 1916 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 13:12:21.0920 1916 vmbus - ok 13:12:21.0929 1916 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 13:12:21.0930 1916 VMBusHID - ok 13:12:21.0945 1916 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:12:21.0946 1916 volmgr - ok 13:12:21.0956 1916 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:12:21.0959 1916 volmgrx - ok 13:12:21.0971 1916 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:12:21.0974 1916 volsnap - ok 13:12:21.0997 1916 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 13:12:21.0999 1916 vsmraid - ok 13:12:22.0026 1916 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 13:12:22.0037 1916 VSS - ok 13:12:22.0047 1916 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 13:12:22.0048 1916 vwifibus - ok 13:12:22.0067 1916 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 13:12:22.0071 1916 W32Time - ok 13:12:22.0089 1916 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 13:12:22.0090 1916 WacomPen - ok 13:12:22.0109 1916 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:12:22.0110 1916 WANARP - ok 13:12:22.0112 1916 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:12:22.0112 1916 Wanarpv6 - ok 13:12:22.0137 1916 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 13:12:22.0145 1916 wbengine - ok 13:12:22.0167 1916 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:12:22.0170 1916 WbioSrvc - ok 13:12:22.0192 1916 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:12:22.0196 1916 wcncsvc - ok 13:12:22.0204 1916 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:12:22.0208 1916 WcsPlugInService - ok 13:12:22.0220 1916 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 13:12:22.0221 1916 Wd - ok 13:12:22.0247 1916 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys 13:12:22.0248 1916 WDC_SAM - ok 13:12:22.0262 1916 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:12:22.0266 1916 Wdf01000 - ok 13:12:22.0280 1916 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:12:22.0286 1916 WdiServiceHost - ok 13:12:22.0290 1916 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:12:22.0296 1916 WdiSystemHost - ok 13:12:22.0317 1916 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 13:12:22.0320 1916 WebClient - ok 13:12:22.0333 1916 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:12:22.0336 1916 Wecsvc - ok 13:12:22.0344 1916 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:12:22.0347 1916 wercplsupport - ok 13:12:22.0369 1916 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 13:12:22.0372 1916 WerSvc - ok 13:12:22.0386 1916 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:12:22.0386 1916 WfpLwf - ok 13:12:22.0404 1916 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:12:22.0405 1916 WIMMount - ok 13:12:22.0461 1916 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 13:12:22.0466 1916 WinDefend - ok 13:12:22.0473 1916 WinHttpAutoProxySvc - ok 13:12:22.0513 1916 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:12:22.0514 1916 Winmgmt - ok 13:12:22.0551 1916 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 13:12:22.0565 1916 WinRM - ok 13:12:22.0609 1916 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 13:12:22.0610 1916 WinUsb - ok 13:12:22.0644 1916 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 13:12:22.0655 1916 Wlansvc - ok 13:12:22.0740 1916 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:12:22.0746 1916 wlidsvc - ok 13:12:22.0776 1916 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 13:12:22.0777 1916 WmiAcpi - ok 13:12:22.0802 1916 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:12:22.0803 1916 wmiApSrv - ok 13:12:22.0885 1916 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 13:12:22.0894 1916 WMPNetworkSvc - ok 13:12:22.0935 1916 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:12:22.0941 1916 WPCSvc - ok 13:12:22.0951 1916 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:12:22.0957 1916 WPDBusEnum - ok 13:12:22.0966 1916 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:12:22.0967 1916 ws2ifsl - ok 13:12:22.0982 1916 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 13:12:22.0989 1916 wscsvc - ok 13:12:22.0992 1916 WSearch - ok 13:12:23.0033 1916 [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv C:\Windows\system32\wuaueng.dll 13:12:23.0052 1916 wuauserv - ok 13:12:23.0077 1916 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:12:23.0078 1916 WudfPf - ok 13:12:23.0109 1916 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:12:23.0110 1916 WUDFRd - ok 13:12:23.0120 1916 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:12:23.0124 1916 wudfsvc - ok 13:12:23.0137 1916 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 13:12:23.0141 1916 WwanSvc - ok 13:12:23.0160 1916 [ C255BD9DFC6D96F6552DB004899210AF ] XLPPoEPC C:\Windows\system32\DRIVERS\XLPPoEPC.sys 13:12:23.0161 1916 XLPPoEPC - ok 13:12:23.0213 1916 [ 23EA70694202B7B8905C040E0D4EECD8 ] XLServicePlatform C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll 13:12:23.0214 1916 XLServicePlatform - ok 13:12:23.0220 1916 ================ Scan global =============================== 13:12:23.0253 1916 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 13:12:23.0278 1916 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 13:12:23.0289 1916 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 13:12:23.0317 1916 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 13:12:23.0342 1916 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 13:12:23.0345 1916 [Global] - ok 13:12:23.0345 1916 ================ Scan MBR ================================== 13:12:23.0354 1916 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:12:23.0683 1916 \Device\Harddisk0\DR0 - ok 13:12:23.0684 1916 ================ Scan VBR ================================== 13:12:23.0685 1916 [ 8DBBC10C26800C4C0930A672005F6A13 ] \Device\Harddisk0\DR0\Partition1 13:12:23.0686 1916 \Device\Harddisk0\DR0\Partition1 - ok 13:12:23.0704 1916 [ 01A7400B97E2AA710A81433ED82DBC14 ] \Device\Harddisk0\DR0\Partition2 13:12:23.0705 1916 \Device\Harddisk0\DR0\Partition2 - ok 13:12:23.0705 1916 ============================================================ 13:12:23.0705 1916 Scan finished 13:12:23.0705 1916 ============================================================ 13:12:23.0709 15004 Detected object count: 0 13:12:23.0709 15004 Actual detected object count: 0 13:12:48.0533 15108 Deinitialize success and this is the combofix log: ComboFix 13-04-20.01 - Administrator 04/20/2013 13:17:02.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3552.2230 [GMT 8:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\2345.SCR c:\windows\system32\drivers\npf.sys c:\windows\system32\networkdlllsp.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2013-03-20 to 2013-04-20 ))))))))))))))))))))))))))))))) . . 2013-04-20 05:20 . 2013-04-20 05:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-19 14:32 . 2013-04-19 14:32 51552 ----a-w- c:\windows\system32\drivers\netpackets.sys 2013-04-16 16:14 . 2013-04-16 16:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\TS3Client 2013-04-16 16:14 . 2013-04-16 16:14 -------- d-----w- c:\users\Administrator\AppData\Local\TeamSpeak 3 Client 2013-04-14 06:04 . 2013-04-14 06:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes 2013-04-14 06:03 . 2013-04-14 06:03 -------- d-----w- c:\programdata\Malwarebytes 2013-04-14 06:03 . 2013-04-14 06:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-14 06:03 . 2013-04-04 06:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-14 06:03 . 2013-04-14 06:03 -------- d-----w- c:\users\Administrator\AppData\Local\Programs 2013-04-07 18:24 . 2013-04-07 18:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\NetworkTunnel 2013-04-06 16:13 . 2013-04-07 04:41 -------- d-----w- c:\program files\Common Files\WuShu_0.0.1.034 2013-04-06 16:13 . 2013-04-06 16:13 -------- d-----w- c:\program files\Common Files\AgeofWushu_download 2013-04-05 11:36 . 2013-04-05 11:36 -------- d-----w- c:\program files\Common Files\Skype 2013-04-05 11:34 . 2013-04-06 16:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype 2013-04-05 11:05 . 2013-04-05 11:36 -------- d-----r- c:\program files\Skype 2013-04-01 04:24 . 2013-04-01 04:24 -------- d-----w- c:\windows\system32\wbem\MOF\good 2013-04-01 04:24 . 2013-04-01 04:24 -------- d-----w- c:\windows\system32\wbem\MOF\bad 2013-03-31 16:27 . 2013-03-06 23:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-31 16:27 . 2013-03-06 23:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-30 17:12 . 2013-03-30 17:12 -------- d-----w- c:\users\Administrator\AppData\Local\thunder network 2013-03-29 21:06 . 2013-03-29 21:06 -------- d-----w- c:\windows\system32\wbem\Logs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 05:45 . 2012-10-02 14:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-11 05:45 . 2012-10-02 14:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-06 23:33 . 2012-10-02 16:10 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 23:33 . 2012-10-02 16:10 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 23:33 . 2012-10-02 16:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:33 . 2012-10-02 16:10 60656 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 23:33 . 2012-10-02 16:10 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 23:33 . 2012-10-02 16:10 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 23:32 . 2012-10-02 13:52 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 23:32 . 2012-10-02 16:10 228600 ----a-w- c:\windows\system32\aswBoot.exe 2013-03-06 08:25 . 2013-03-06 08:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-06 08:25 . 2012-10-13 09:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-06 08:25 . 2012-10-13 09:57 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-03 10:05 . 2013-03-03 10:05 2210832 ----a-w- c:\users\Administrator\AppData\Roaming\ssdp_21352594.exe 2013-02-18 19:52 . 2012-12-01 08:49 352168 ----a-w- c:\windows\system32\ASProxy.dll 2012-10-11 01:06 . 2012-10-16 11:05 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E155F23C-9931-47c6-A619-20E6FCA86D75}] 2012-12-11 09:36 307200 ----a-w- c:\program files\CouponMatcher\CouponMatcher.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips] @="{4562B511-62E9-4533-B7B2-56A8BB10B482}" [HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}] 2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(724).dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Steam"="d:\steam\steam.exe" [2013-03-29 1631144] "Spotify Web Helper"="c:\users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-15 1105408] "Spotify"="c:\users\Administrator\AppData\Roaming\Spotify\Spotify.exe" [2013-04-15 4547584] "GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2013-03-13 9655088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI.exe" [2011-12-12 6318696] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "Netkeeper1.0"="c:\chinanetsn\bin\loader.exe" [2011-05-16 45056] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "MWREGICBC.exe"="c:\program files\ICBCEbankTools\MingWah\MWREGICBC.exe" [2012-11-24 50632] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . 2;2 SSDPOptService;SSDP OptService [2013-03-03 667152] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files\Astrill\ASOvpnSvc.exe [x] R3 ASProxy;ASProxy;c:\program files\Astrill\ASProxy.exe [x] R3 aswVmm;aswVmm; [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x] R3 GPU-Z;GPU-Z;c:\users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x] S0 aswRvrt;aswRvrt; [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 netpackets;netpackets;c:\windows\system32\drivers\netpackets.sys [x] S2 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 SSDPOpeService;SSDP OpeServer;c:\users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe [x] S2 XLServicePlatform;XLServicePlatform;c:\windows\system32\svchost [x] S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 XLPPoEPC;Driver for XLPPoEPC Device;c:\windows\system32\DRIVERS\XLPPoEPC.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc XLServicePlatform REG_MULTI_SZ XLServicePlatform sina_live_deamon REG_MULTI_SZ sina_live_deamon . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 12:52 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-02 16:10] . 2013-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-02 16:10] . . ------- Supplementary Scan ------- . uStart Page = hxxp://hao.kankan.com/?id=660115 mStart Page = www.tao678.com uInternet Settings,ProxyOverride = <local> IE: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - c:\program files\Thunder Network\Thunder\BHO\OfflineDownload.htm IE: &ʹÓÃ&ѸÀ×ÏÂÔØ - c:\program files\Thunder Network\Thunder\BHO\geturl.htm IE: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - c:\program files\Thunder Network\Thunder\BHO\GetAllUrl.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\windows\system32\ASProxy.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: icbc.com.cn Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.137.1 TCP: Interfaces\{FDEBBA8C-FE34-43D2-B332-8B6C7CA4014D}: NameServer = 202.96.104.17 202.96.104.27 DPF: {3B3FE354-548D-4DA2-BEC2-52960C31F8E7} - hxxps://b2c.icbc.com.cn/icbc/icbc_mwusbkey.cab DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - hxxps://b2c.icbc.com.cn/icbc/newperbank/AxSafeControls.cab DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll DPF: {E6C2DD02-CD38-41A1-9B69-3D7E3B64AF9A} - hxxps://b2c.icbc.com.cn/icbc/icbc_mwdv.cab FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,fc,0f,97,90,c3,b5,4a,a3,c8,15,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,fc,0f,97,90,c3,b5,4a,a3,c8,15,\ . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3G2" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.3GP" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\7zFM.exe" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ADTS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="KLCP AVI File" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cdda" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipa" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipg" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipsw" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\MagicDisc.exe" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itdb" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ite" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itl" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itlp" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itls" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itms" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itpc" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.m3u" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M4A" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4b" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4r" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice] @Denied: (2) (Administrator) "Progid"="KLCP Matroska File" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MOV" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp3" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="KLCP MP4 File" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M2TS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pcast" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice] @Denied: (2) (Administrator) "Progid"="AcroExch.Document.11" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\mpc-hc.exe" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.TTS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wave" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="KLCP WMV File" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1806284443-3503569266-1374546387-500_Classes\BitTorrent\Shell\O(uQ*Q*ËeΘSb*_å‹B*T*‡eöN(*&*Q*)*\Command] @="\"c:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe\" /BT=\"%1\"" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(980) c:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.38.(724).dll c:\users\Public\Thunder Network\KanKan\Pusher\xappdrv.1.0.0.15.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\alipay\SafeTransaction\AlipaySafeTran.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\windows\system32\conhost.exe c:\chinanetsn\bin\Netkeeper.exe c:\program files\alipay\SafeTransaction\Alipaybsm.exe c:\program files\iPod\bin\iPodService.exe c:\users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe . ************************************************************************** . Completion time: 2013-04-20 13:24:25 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-20 05:24 . Pre-Run: 196,218,470,400 bytes free Post-Run: 197,967,720,448 bytes free . - - End Of File - - 34F54967A987C29AEF9806FA5AE7B339

Edited by steph.l, 19 April 2013 - 11:33 PM.


#5 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 20 April 2013 - 01:22 PM

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.







Next

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is not checked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/





Also tell me how the computer is running now.

#6 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 21 April 2013 - 04:03 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.04.21.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Administrator :: USERSMI-M4AD7ID [administrator] Protection: Disabled 4/21/2013 2:20:31 PM mbam-log-2013-04-21 (14-20-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241982 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) esetscan D:\Download\pes\3.3\PESEdit.com_2013_Patch_3.3\PESEdit.com_2013_Patch_3.3\Installer.exe a variant of Win32/Packed.VMProtect.AAH trojan D:\Program Files\Pro Evolution Soccer 2013\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan D:\Program Files\Pro Evolution Soccer 2013\rld_100.dll a variant of Win32/Packed.VMProtect.AAH trojan The computer feels slower than usual , and sometimes i ran out of memory when playing my games, this maybe because when i open task manager , there is hundreds of cmd.exe , conhost.exe and ping.exe running on my process tab and the physical memory usage is always high

#7 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 21 April 2013 - 05:49 AM

Posted Image FRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]----------

#8 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 22 April 2013 - 10:11 AM

To enter System Recovery Options from the Advanced Boot Options: Restart the computer. As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears. Use the arrow keys to select the Repair your computer menu item. im sorry, but i dont have the Repair your computer menu item from the advanced Boot Options, am i missing something?

#9 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 22 April 2013 - 02:20 PM

Is it not at the top like this?

Posted Image

#10 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 23 April 2013 - 02:54 AM

oh yeah , there is. I'm sorry i must be pressing the wrong button. here is the log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02 Ran by SYSTEM on 23-04-2013 16:42:24 Running from E:\ Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [USB3MON] "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation) HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s [6318696 2011-12-12] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software) HKLM\...\Run: [Netkeeper1.0] C:\ChinaNetSn\bin\loader.exe [45056 2011-05-15] () HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM\...\Run: [MWREGICBC.exe] "C:\Program Files\ICBCEbankTools\MingWah\MWREGICBC.exe" [50632 2012-11-24] (ICBC OEM From Mingwah Technologies Co., Ltd) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.) HKLM\...\Winlogon: [System] HKU\Administrator\...\Run: [Steam] "D:\Steam\steam.exe" -silent [x] HKU\Administrator\...\Run: [Spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [x] HKU\Administrator\...\Run: [Spotify] "C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [ 2013-04-15] (Spotify Ltd) HKU\Administrator\...\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch [ 2013-03-13] () HKU\Administrator\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex [ 2013-04-10] (Adobe Systems Incorporated) ========================== Services (Whitelisted) ================= S2 AlipaySecSvc; C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe [319840 2013-01-21] (Alipay Inc. ) S3 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [434928 2012-05-25] (Astrill) S3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [1918888 2013-02-18] (Astrill) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software) S2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [430720 2011-12-26] () S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation) S2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] () S2 SSDPOpeService; C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe [523864 2012-12-04] () S2 SSDPOptService; C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe [667152 2013-03-03] () S2 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [88080 2012-09-13] (ShenZhen Xunlei Networking Technologies,LTD) ==================== Drivers (Whitelisted) ==================== S3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [25856 2012-02-29] (Astrill) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-06] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-06] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [60656 2013-03-06] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-06] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-06] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-06] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-06] (AVAST Software) S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-06] () S0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-04] (Intel Corporation) S3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [347928 2012-01-04] (Intel Corporation) S3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [789272 2012-01-04] (Intel Corporation) S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [31360 2012-07-20] (The OpenVPN Project) S3 XLPPoEPC; C:\Windows\System32\DRIVERS\XLPPoEPC.sys [13824 2011-04-08] (??????????) S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x] S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x] S3 GPU-Z; \??\C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys [x] S4 netpackets; system32\drivers\netpackets.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-23 16:42 - 2013-04-23 16:42 - 00000000 ____D C:\FRST 2013-04-22 07:38 - 2013-04-22 07:38 - 00000000 ____D C:\Users\Administrator\Desktop\leo 2013-04-22 02:18 - 2013-04-22 02:18 - 01147723 ____A (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2013-04-21 01:59 - 2013-04-21 01:59 - 00000338 ____A C:\Users\Administrator\Desktop\esetscan.txt 2013-04-20 23:00 - 2013-04-20 23:00 - 00000000 ____D C:\Program Files\ESET 2013-04-20 22:59 - 2013-04-20 22:59 - 02347384 ____A (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe 2013-04-19 21:24 - 2013-04-19 21:24 - 00034396 ____A C:\ComboFix.txt 2013-04-19 21:15 - 2013-04-19 21:24 - 00000000 ____D C:\Qoobox 2013-04-19 21:15 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2013-04-19 21:15 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2013-04-19 21:15 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-04-19 21:15 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-04-19 21:15 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-04-19 21:15 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2013-04-19 21:15 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2013-04-19 21:15 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2013-04-19 21:13 - 2013-04-19 21:23 - 00000000 ____D C:\Windows\erdnt 2013-04-19 09:15 - 2013-04-19 21:13 - 05057575 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe 2013-04-19 09:13 - 2013-02-11 02:51 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\TDSSKiller.exe 2013-04-19 09:13 - 2010-12-31 09:14 - 00002254 ___RA C:\Users\Administrator\Desktop\eula.txt 2013-04-19 09:12 - 2013-04-19 09:13 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip 2013-04-17 08:48 - 2013-04-17 09:47 - 00000167 ____A C:\Users\Administrator\Desktop\age.txt 2013-04-16 08:14 - 2013-04-19 22:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TS3Client 2013-04-16 08:14 - 2013-04-16 08:14 - 00001238 ____A C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk 2013-04-16 08:14 - 2013-04-16 08:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\TeamSpeak 3 Client 2013-04-13 22:28 - 2013-04-13 22:28 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe 2013-04-13 22:27 - 2013-04-13 22:27 - 00625664 ____A C:\Users\Administrator\Desktop\dds.scr 2013-04-13 22:04 - 2013-04-13 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-04-13 22:03 - 2013-04-13 22:03 - 00001027 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-13 22:03 - 2013-04-13 22:03 - 00000000 ____D C:ProgramData\Malwarebytes 2013-04-13 22:03 - 2013-04-13 22:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-04-13 22:03 - 2013-04-03 22:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-13 22:01 - 2013-04-13 22:01 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe 2013-04-12 04:18 - 2013-04-12 04:18 - 00000000 ____A C:\Users\Administrator\Desktop\087875294455den.txt 2013-04-07 10:24 - 2013-04-07 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NetworkTunnel 2013-04-07 07:45 - 2013-04-07 07:45 - 00000000 ____A C:\Users\Administrator\Desktop\087875294455.txt 2013-04-06 23:01 - 2013-04-06 23:01 - 00000665 ____A C:\Users\Public\Desktop\Age of Wushu.lnk 2013-04-06 08:13 - 2013-04-06 20:41 - 00000000 ____D C:\Program Files\Common Files\WuShu_0.0.1.034 2013-04-06 08:13 - 2013-04-06 08:13 - 00000000 ____D C:\Program Files\Common Files\AgeofWushu_download 2013-04-05 03:36 - 2013-04-05 03:36 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk 2013-04-05 03:36 - 2013-04-05 03:36 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-04-05 03:34 - 2013-04-06 08:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2013-04-05 03:05 - 2013-04-05 03:36 - 00000000 ___RD C:\Program Files\Skype 2013-04-05 03:05 - 2013-04-05 03:05 - 00000000 ____D C:\Windows\System32\appmgmt 2013-04-05 03:03 - 2013-04-05 03:28 - 00000168 ____A C:\22.log 2013-03-31 08:27 - 2013-03-06 15:33 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys 2013-03-31 08:27 - 2013-03-06 15:33 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys 2013-03-30 19:03 - 2013-04-06 05:21 - 00006731 ____A C:\Users\Administrator\Documents\TombRaider.log 2013-03-30 09:12 - 2013-03-30 09:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\thunder network ==================== One Month Modified Files and Folders ======== 2013-04-23 16:42 - 2013-04-23 16:42 - 00000000 ____D C:\FRST 2013-04-23 00:39 - 2012-12-04 21:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SSDPOpt 2013-04-23 00:39 - 2012-10-01 16:59 - 00630554 ____A C:\Windows\WindowsUpdate.log 2013-04-23 00:38 - 2012-10-01 05:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent 2013-04-23 00:22 - 2012-10-02 08:11 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-22 21:22 - 2012-10-02 08:11 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-22 20:14 - 2012-11-22 03:28 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc 2013-04-22 09:33 - 2009-07-13 20:34 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-22 09:33 - 2009-07-13 20:34 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-22 09:28 - 2012-10-02 20:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GarenaPlus 2013-04-22 09:28 - 2012-10-02 20:06 - 00000000 ____D C:ProgramData\GarenaMessenger 2013-04-22 09:26 - 2012-10-08 08:09 - 00000000 __SHD C:\Users\Administrator\wc 2013-04-22 09:26 - 2012-10-01 19:31 - 00000000 ____D C:\ChinaNetSn 2013-04-22 09:24 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-22 09:24 - 2009-07-13 20:39 - 00103798 ____A C:\Windows\setupact.log 2013-04-22 08:15 - 2010-11-20 13:01 - 00785302 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-22 08:09 - 2012-12-14 10:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Spotify 2013-04-22 08:03 - 2012-12-14 10:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Spotify 2013-04-22 07:38 - 2013-04-22 07:38 - 00000000 ____D C:\Users\Administrator\Desktop\leo 2013-04-22 02:52 - 2012-10-10 06:23 - 00000600 ____A C:\Users\Administrator\AppData\Local\PUTTY.RND 2013-04-22 02:18 - 2013-04-22 02:18 - 01147723 ____A (Farbar) C:\Users\Administrator\Desktop\FRST.exe 2013-04-21 01:59 - 2013-04-21 01:59 - 00000338 ____A C:\Users\Administrator\Desktop\esetscan.txt 2013-04-20 23:00 - 2013-04-20 23:00 - 00000000 ____D C:\Program Files\ESET 2013-04-20 22:59 - 2013-04-20 22:59 - 02347384 ____A (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe 2013-04-20 22:59 - 2012-12-01 00:50 - 00003582 ____A C:\Windows\System32\ASProxy.ini 2013-04-20 22:59 - 2012-12-01 00:50 - 00001976 ____A C:\Windows\System32\ASProxyOff.ini 2013-04-19 22:40 - 2013-04-16 08:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TS3Client 2013-04-19 21:24 - 2013-04-19 21:24 - 00034396 ____A C:\ComboFix.txt 2013-04-19 21:24 - 2013-04-19 21:15 - 00000000 ____D C:\Qoobox 2013-04-19 21:24 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default 2013-04-19 21:24 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public 2013-04-19 21:23 - 2013-04-19 21:13 - 00000000 ____D C:\Windows\erdnt 2013-04-19 21:22 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini 2013-04-19 21:21 - 2010-11-20 13:48 - 00043102 ____A C:\Windows\PFRO.log 2013-04-19 21:20 - 2009-07-13 18:03 - 42205184 ____A C:\Windows\System32\config\SOFTWARE.bak 2013-04-19 21:20 - 2009-07-13 18:03 - 18874368 ____A C:\Windows\System32\config\SYSTEM.bak 2013-04-19 21:20 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak 2013-04-19 21:20 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\SAM.bak 2013-04-19 21:20 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak 2013-04-19 21:13 - 2013-04-19 09:15 - 05057575 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe 2013-04-19 09:13 - 2013-04-19 09:12 - 02218636 ____A C:\Users\Administrator\Desktop\tdsskiller.zip 2013-04-17 09:47 - 2013-04-17 08:48 - 00000167 ____A C:\Users\Administrator\Desktop\age.txt 2013-04-16 08:14 - 2013-04-16 08:14 - 00001238 ____A C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk 2013-04-16 08:14 - 2013-04-16 08:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\TeamSpeak 3 Client 2013-04-14 23:59 - 2012-10-02 20:07 - 00000000 ____D C:\Program Files\Garena Plus 2013-04-13 22:28 - 2013-04-13 22:28 - 00602112 ____A (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe 2013-04-13 22:27 - 2013-04-13 22:27 - 00625664 ____A C:\Users\Administrator\Desktop\dds.scr 2013-04-13 22:04 - 2013-04-13 22:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes 2013-04-13 22:03 - 2013-04-13 22:03 - 00001027 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-13 22:03 - 2013-04-13 22:03 - 00000000 ____D C:ProgramData\Malwarebytes 2013-04-13 22:03 - 2013-04-13 22:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-04-13 22:01 - 2013-04-13 22:01 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe 2013-04-12 04:18 - 2013-04-12 04:18 - 00000000 ____A C:\Users\Administrator\Desktop\087875294455den.txt 2013-04-10 21:45 - 2012-10-02 06:47 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-04-10 21:45 - 2012-10-02 06:47 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-04-09 08:48 - 2012-10-01 05:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2013-04-09 08:47 - 2012-10-06 20:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2013-04-07 10:24 - 2013-04-07 10:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NetworkTunnel 2013-04-07 10:20 - 2012-11-24 09:04 - 00000000 __SHD C:\Users\Administrator\AppData\Local\icsxml 2013-04-07 10:09 - 2012-10-08 08:09 - 00000998 ____A C:\Users\Public\Desktop\BattlePing.lnk 2013-04-07 10:09 - 2012-10-08 08:09 - 00000000 ____D C:\Program Files\BattlePing 2013-04-07 07:45 - 2013-04-07 07:45 - 00000000 ____A C:\Users\Administrator\Desktop\087875294455.txt 2013-04-06 23:01 - 2013-04-06 23:01 - 00000665 ____A C:\Users\Public\Desktop\Age of Wushu.lnk 2013-04-06 23:01 - 2012-10-01 17:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-04-06 20:41 - 2013-04-06 08:13 - 00000000 ____D C:\Program Files\Common Files\WuShu_0.0.1.034 2013-04-06 08:15 - 2013-04-05 03:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype 2013-04-06 08:13 - 2013-04-06 08:13 - 00000000 ____D C:\Program Files\Common Files\AgeofWushu_download 2013-04-06 05:21 - 2013-03-30 19:03 - 00006731 ____A C:\Users\Administrator\Documents\TombRaider.log 2013-04-05 03:36 - 2013-04-05 03:36 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk 2013-04-05 03:36 - 2013-04-05 03:36 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-04-05 03:36 - 2013-04-05 03:05 - 00000000 ___RD C:\Program Files\Skype 2013-04-05 03:36 - 2012-10-01 05:48 - 00000000 ____D C:ProgramData\Skype 2013-04-05 03:35 - 2012-10-20 12:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Old_Skype 2013-04-05 03:28 - 2013-04-05 03:03 - 00000168 ____A C:\22.log 2013-04-05 03:10 - 2012-12-01 00:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Astrill 2013-04-05 03:05 - 2013-04-05 03:05 - 00000000 ____D C:\Windows\System32\appmgmt 2013-04-04 10:48 - 2012-12-01 00:48 - 00000909 ____A C:\Users\Public\Desktop\Astrill.lnk 2013-04-04 10:48 - 2012-12-01 00:48 - 00000000 ____D C:\Program Files\Astrill 2013-04-03 22:50 - 2013-04-13 22:03 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-03 03:04 - 2012-11-20 19:28 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-03-31 20:24 - 2009-07-13 20:33 - 00399192 ____A C:\Windows\System32\FNTCACHE.DAT 2013-03-31 20:24 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\spool 2013-03-31 08:27 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt 2013-03-30 19:03 - 2012-10-18 04:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\SKIDROW 2013-03-30 09:12 - 2013-03-30 09:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\thunder network 2013-03-30 00:00 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles 2013-03-29 13:06 - 2012-10-01 16:58 - 00108824 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT 2013-03-29 13:01 - 2012-11-30 09:27 - 00000000 ____D C:\Windows\System32\Adobe 2013-03-29 13:01 - 2012-10-24 21:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Ubisoft Game Launcher 2013-03-29 13:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\winevt 2013-03-29 13:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\SMI 2013-03-29 13:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\MUI 2013-03-29 13:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\com 2013-03-29 13:00 - 2012-10-18 04:49 - 00000000 ____D C:\Users\Administrator\Documents\My Games ==================== Known DLLs (ALL) ========================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-05 03:04:57 Restore point made on: 2013-04-05 03:28:12 Restore point made on: 2013-04-05 03:35:44 Restore point made on: 2013-04-06 23:01:23 Restore point made on: 2013-04-17 01:40:33 Restore point made on: 2013-04-19 21:15:54 ==================== Memory info =========================== Percentage of memory in use: 6% Total physical RAM: 8143.8 MB Available physical RAM: 7634.64 MB Total Pagefile: 8142.09 MB Available Pagefile: 7638.02 MB Total Virtual: 2047.88 MB Available Virtual: 1954.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:224.6 GB) (Free:182.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:241.16 GB) (Free:82.92 GB) NTFS Drive e: (KINGSTON) (Removable) (Total:14.94 GB) (Free:14.94 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 1024 KB Disk 1 Online 14 GB 0 B Partitions of Disk 0: =============== Disk ID: BBC11510 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 224 GB 31 KB Partition 0 Extended 241 GB 224 GB Partition 2 Logical 241 GB 224 GB ================================================================================ == Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 C NTFS Partition 224 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D NTFS Partition 241 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: 04030201 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 5192 KB ================================================================================ == Disk: 1 Partition 1 Type : 0C Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 E KINGSTON FAT32 Removable 14 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: BBC11510) Partition 1: (Active) - (Size=225 GB) - (Type=07) (NTFS) Partition 2: (Not Active) - (Size=241 GB) - (Type=OF) (Extended) ==================================================================== Disk: 1 (Size: 15 GB) (Disk ID: 04030201) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) Last Boot: 2013-04-17 01:33 ==================== End Of Log ============================

    Advertisements

Register to Remove


#11 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 23 April 2013 - 05:16 AM

Not seeing much so far.


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.





  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the Scan button to start scan
  • On completion of the scan click Save Log, save it to your Desktop and post in your next reply


#12 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 24 April 2013 - 12:40 AM

OTL logfile created on: 4/24/2013 2:29:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 53.32% Memory free
10.62 Gb Paging File | 1.96 Gb Available in Paging File | 18.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.60 Gb Total Space | 185.49 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive D: | 241.16 Gb Total Space | 82.91 Gb Free Space | 34.38% Space Free | Partition Type: NTFS

Computer Name: USERSMI-M4AD7ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe ()
PRC - C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe (Alipay Inc. )
PRC - C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe (Alipay Inc. )
PRC - C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe (Alipay Inc. )
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe ()
PRC - C:\ChinaNetSn\bin\NetKeeper.exe (XI AN XINLI SOFTWARE TECHNOLOGY CO.,LTD)
PRC - C:\Program Files\ICBCEbankTools\MingWah\MWREGICBC.exe (ICBC OEM From Mingwah Technologies Co., Ltd)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe ()
PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PING.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files\Garena Plus\ggspawn.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\273389de0b6e286cb2bdc83ecb428704\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4cfa42c8b69a64e192f3255ec900457d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Users\Public\Thunder Network\KanKan\Pusher\xappdrv.1.0.0.15.dll ()
MOD - C:\ChinaNetSn\bin\xinliPPPoE.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\ChinaNetSn\bin\StringList.dll ()


========== Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SSDPOptService) -- C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ASProxy) -- C:\Program Files\Astrill\ASProxy.exe (Astrill)
SRV - (AlipaySecSvc) -- C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe (Alipay Inc. )
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SSDPOpeService) -- C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (XLServicePlatform) -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll (ShenZhen Xunlei Networking Technologies,LTD)
SRV - (ASOVPNHelper) -- C:\Program Files\Astrill\ASOvpnSvc.exe (Astrill)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (ICBC Daemon Service) -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (GPU-Z) -- C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Plus\Room\safedrv.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (netpackets) -- C:\Windows\System32\drivers\netpackets.sys (Blues (18390160))
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (asvpndrv) -- C:\Windows\System32\drivers\asvpndrv.sys (Astrill)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (iusb3hcs) -- C:\Windows\System32\drivers\iusb3hcs.sys (Intel Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (XLPPoEPC) -- C:\Windows\System32\drivers\XLPPoEPC.sys (西安信利软件系统公司)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tao678.com
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT3220468

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hao.kankan.com/?id=660115
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8DDFFFA8-1C3F-454c-B7BC-6D6CBBA86EC7}: "URL" = http://www.soso.com/...;cid=union.s.wh
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT3220468
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...tn=09030047_adr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: addon@astrill.com:1.6.2
FF - prefs.js..extensions.enabledAddons: {d12b4ac5-7cfd-4189-9422-6a44f564d17c}:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\aliedit\3.3.0.0\npaliedit.dll (Alipay.com co.,ltd)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npAliSecCtrl: C:\Windows\system32\aliedit\3.3.0.0\npAliSecCtrl.dll (Alipay.com Inc. )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.37\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/01 00:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/16 19:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/04 00:33:08 | 000,000,000 | ---D | M]

[2012/10/16 19:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/12/29 14:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\extensions
[2012/12/23 19:05:39 | 000,000,000 | ---D | M] (Coupon Matcher) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\extensions\{d12b4ac5-7cfd-4189-9422-6a44f564d17c}
[2012/11/30 20:49:37 | 000,000,000 | ---D | M] ("Astrill Proxy Switcher") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\extensions\addon@astrill.com
[2012/10/16 19:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/11 09:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/11 09:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 09:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/20 13:22:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CouponMatcher) - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files\CouponMatcher\CouponMatcher.dll (CouponMatcher)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MWREGICBC.exe] C:\Program Files\ICBCEbankTools\MingWah\MWREGICBC.exe (ICBC OEM From Mingwah Technologies Co., Ltd)
O4 - HKLM..\Run: [Netkeeper1.0] C:\ChinaNetSn\bin\loader.exe ()
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\ASProxy.dll (Astrill)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: icbc.com.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {3B3FE354-548D-4DA2-BEC2-52960C31F8E7} https://b2c.icbc.com...bc_mwusbkey.cab (icbc_mwusbkeyCtl Class)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://b2c.icbc.com...afeControls.cab (AxSubmitControl Class)
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://b2c.icbc.com...CBC_NetSign.dll (InfoSecICBCNetSign Class)
O16 - DPF: {E6C2DD02-CD38-41A1-9B69-3D7E3B64AF9A} https://b2c.icbc.com...c/icbc_mwdv.cab (icbc_mwdvctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D978D0-1554-4883-BFB2-FF4150B2E601}: DhcpNameServer = 198.18.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EFA8360-8903-4550-8B53-0FD96BF628A9}: NameServer = 202.96.104.17 202.96.104.27
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/24 08:42:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/23 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/23 16:59:48 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/23 16:59:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/23 16:59:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/23 16:49:15 | 000,051,552 | ---- | C] (Blues (18390160)) -- C:\Windows\System32\drivers\netpackets.sys
[2013/04/22 23:38:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\leo
[2013/04/22 18:18:21 | 001,147,723 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2013/04/21 15:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/21 14:59:45 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013/04/20 13:22:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/20 13:20:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/20 13:15:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/20 13:15:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/20 13:15:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/20 13:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/20 13:15:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/20 13:13:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/20 01:15:01 | 005,057,575 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/04/20 01:13:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2013/04/17 00:14:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2013/04/17 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013/04/17 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\TeamSpeak 3 Client
[2013/04/14 14:28:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/04/14 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013/04/14 14:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/14 14:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/14 14:03:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/14 14:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2013/04/14 14:01:02 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/08 02:24:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NetworkTunnel
[2013/04/08 02:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BattlePing
[2013/04/07 15:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snail Games USA
[2013/04/07 00:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WuShu_0.0.1.034
[2013/04/07 00:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AgeofWushu_download
[2013/04/05 19:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/04/05 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 19:34:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype
[2013/04/05 19:05:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/04/05 19:05:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/03/31 01:12:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\thunder network

========== Files - Modified Within 30 Days ==========

[2013/04/24 14:22:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/24 13:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/23 22:40:14 | 000,003,582 | ---- | M] () -- C:\Windows\System32\ASProxy.ini
[2013/04/23 22:40:14 | 000,001,976 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini
[2013/04/23 16:53:39 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 16:53:39 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 16:50:27 | 000,664,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/23 16:50:27 | 000,122,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/23 16:49:15 | 000,051,552 | ---- | M] (Blues (18390160)) -- C:\Windows\System32\drivers\netpackets.sys
[2013/04/23 16:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/23 16:46:11 | 2793,250,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/22 18:52:15 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2013/04/22 18:18:23 | 001,147,723 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2013/04/21 14:59:55 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013/04/20 13:22:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/20 13:13:46 | 005,057,575 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/04/20 01:13:05 | 002,218,636 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2013/04/17 00:14:30 | 000,001,238 | ---- | M] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk
[2013/04/14 14:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/04/14 14:27:56 | 000,625,664 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2013/04/14 14:03:25 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/14 14:01:50 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/12 02:54:26 | 000,106,496 | ---- | M] () -- C:\Users\Administrator\Desktop\image.png
[2013/04/11 13:45:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/11 13:45:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/08 02:09:24 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\BattlePing.lnk
[2013/04/07 15:01:26 | 000,000,665 | ---- | M] () -- C:\Users\Public\Desktop\Age of Wushu.lnk
[2013/04/05 19:36:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/04/05 02:48:29 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Astrill.lnk
[2013/04/05 00:07:19 | 001,355,547 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG-20130404-00492.jpg
[2013/04/04 23:35:27 | 000,045,804 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG-20130404-00913.jpg
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/01 12:24:33 | 000,399,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/01 00:27:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2013/04/20 13:15:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/20 13:15:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/20 13:15:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/20 13:15:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/20 13:15:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/20 01:12:41 | 002,218,636 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2013/04/17 00:14:30 | 000,001,238 | ---- | C] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk
[2013/04/14 14:27:47 | 000,625,664 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2013/04/14 14:03:25 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/12 02:54:20 | 000,106,496 | ---- | C] () -- C:\Users\Administrator\Desktop\image.png
[2013/04/07 15:01:26 | 000,000,665 | ---- | C] () -- C:\Users\Public\Desktop\Age of Wushu.lnk
[2013/04/05 19:36:43 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/04/04 23:35:22 | 001,355,547 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG-20130404-00492.jpg
[2013/04/04 22:56:09 | 000,045,804 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG-20130404-00913.jpg
[2013/04/01 00:27:05 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/01 00:27:04 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/03 18:05:08 | 002,210,832 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ssdp_21352594.exe
[2012/12/15 19:25:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/12/13 16:19:56 | 000,000,400 | ---- | C] () -- C:\ProgramData\TestPreferences
[2012/12/10 21:54:27 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2012/12/05 13:37:32 | 002,177,624 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ssdp_42902701.exe
[2012/12/01 16:50:07 | 000,003,582 | ---- | C] () -- C:\Windows\System32\ASProxy.ini
[2012/12/01 16:50:07 | 000,001,976 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini
[2012/11/24 21:52:16 | 000,001,078 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\base64.cer
[2012/11/24 21:31:52 | 000,174,208 | ---- | C] () -- C:\Windows\System32\icbcclean.dll
[2012/11/24 21:31:52 | 000,113,792 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2012/11/24 21:31:52 | 000,072,832 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2012/10/10 22:23:59 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2012/10/09 00:24:30 | 000,007,603 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/10/09 00:09:19 | 000,000,037 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/10/02 21:47:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/10/02 09:08:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/02 09:07:04 | 000,015,128 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012/10/02 09:04:55 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/10/02 09:04:21 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/10/02 09:03:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/02 09:03:25 | 000,034,575 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/10/02 09:01:37 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/10/02 09:01:37 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/10/02 09:01:36 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/10/01 21:48:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/10/01 21:48:34 | 000,593,920 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/10/01 21:48:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/10/01 21:48:34 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/09/28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/13 10:39:42 | 001,636,560 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
[2012/07/13 10:39:42 | 000,308,432 | ---- | C] () -- C:\Windows\System32\InputControl.dll
[2012/05/23 23:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/03/05 20:59:04 | 003,737,794 | ---- | C] () -- C:\Windows\WindowsLoader.exe
[2012/03/03 23:39:52 | 000,001,062 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2012/02/03 13:08:06 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/05 19:10:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Astrill
[2012/12/23 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Coupon Matcher
[2012/10/04 20:55:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garena
[2013/04/23 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2012/12/23 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Go PDF Reader
[2013/04/08 02:24:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NetworkTunnel
[2013/04/05 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Old_Skype
[2012/11/01 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012/10/25 13:16:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PunkBuster
[2012/11/05 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rockstar Games
[2012/11/08 14:39:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2013/04/23 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2013/04/23 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SSDPOpt
[2012/11/24 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2012/11/23 01:32:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tencent
[2013/04/20 14:40:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2012/12/08 02:52:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tunngle
[2013/04/23 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/10/09 00:26:50 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 12:53:46 | 000,032,656 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/10/03 00:11:01 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 00:11:02 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >







--------------------------------------------------------------------------------------------------------------------------
extras:











OTL Extras logfile created on: 4/24/2013 2:29:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 53.32% Memory free
10.62 Gb Paging File | 1.96 Gb Available in Paging File | 18.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.60 Gb Total Space | 185.49 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive D: | 241.16 Gb Total Space | 82.91 Gb Free Space | 34.38% Space Free | Partition Type: NTFS

Computer Name: USERSMI-M4AD7ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45367419-8C77-4026-A2A7-E88702161608}" = lport=50000 | protocol=17 | dir=in | name=sina_live |
"{B2767314-FF66-4FA2-906C-995B9A8A8786}" = lport=6002 | protocol=6 | dir=in | name=sina_live |
"{C0AD885D-C92D-431D-98CE-D0F1A00895E2}" = lport=6001 | protocol=6 | dir=in | name=sina_live |
"{E0446D69-542B-46BF-AEC4-E069B3336052}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
"{E5359070-BC42-490D-A083-5E9890C87248}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E9AAB652-C7EB-4FD6-A593-34DE934E4978}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
"{ED0EFC71-C6E0-48A0-A3E3-37CA702DF9FD}" = lport=50001 | protocol=17 | dir=in | name=sina_live |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01321D75-B837-432F-9055-16FD3FD7BAF2}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3editor.exe |
"{03098914-16A6-4FA5-946C-189FE9B0565A}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderliveud.exe |
"{0334425D-D30B-4112-A1C4-25ABE097DE29}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{05407371-3486-452D-9C73-C681C44BEDDF}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\xlbugreport.exe |
"{062EE273-6C72-42F1-9808-44E9155587D2}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{0D65CD37-CFAA-4C3C-AD1B-D00F614A9827}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\xbrowser.exe |
"{0E5FDA82-0AEE-4F98-94E7-196CB9EDD389}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{0FC3CAED-B6D5-48AE-B88A-A0BF9818A5E7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\planetside 2\awesomium_process.exe |
"{111E5E5E-4404-49B8-A17B-6AD44B81028E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{135F29D4-538D-4E8A-B67C-CA432E980B1C}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3updater.exe |
"{1381D1E9-4398-4AE1-8FF6-B79BA5AB86A4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{18A3D59A-7C4E-472F-891D-B497A53BD691}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\xbrowser.exe |
"{1A697D2F-6FC7-463E-9E14-9953318C9364}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\bindkw49.exe |
"{1E792421-C76D-4442-9BD1-C7E3B1B23C33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20D08D4C-D4FF-4A6D-B554-6D288287BE9A}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderbhostat.exe |
"{2333DA44-7954-4BF1-9063-64EAADD1ADF5}" = protocol=6 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{24808B09-8A72-4A1A-BCA0-E910891F4E0B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{27D9291B-CD78-4A81-A8A9-AAFA1445A226}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3.exe |
"{290B21D1-C885-47E6-84DB-E8647B0A2B65}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderliveud.exe |
"{2A4CF271-6CBE-4BDC-9D77-C46CDEB9BCFD}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\nspcc87.tmp\qqpcdetector.exe |
"{2D3F9066-98DF-41B1-98E2-689F871D1E0E}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2DA8D9DF-3556-4BC3-B729-E3B86E82CA13}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\bindkw49.exe |
"{2ECA49FA-9FAE-4510-9FBF-E66B58D12070}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe |
"{2FC63273-7CC0-47FA-85A9-99F2066593A7}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{317101A3-5E7F-47E9-A14C-7A87A7D26FBA}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\xmpboot.exe |
"{31887C24-0B50-49B7-99DA-C963AFA1D2EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{31C9C9AC-A689-442C-8C18-F70E1812A80F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3440E4E5-2467-41A3-B397-323EA6A48915}" = protocol=6 | dir=in | app=c:\chinanetsn\bin\stupdate.exe |
"{3669FB98-A8D2-4B79-AB71-3D61922FA852}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3updater.exe |
"{3FED8F96-D69D-4FF7-BBAD-DAAEE297F885}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\planetside 2\planetside2.exe |
"{40A71359-7454-4E5A-9A2E-A15E124F5955}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\recinstalldl\recinst.exe |
"{410DD72D-DF00-4B3D-89C6-F9F0FDF7334E}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{4E443B7D-4D51-4C43-AF54-AF2834A28BD6}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\nspcc87.tmp\qqpcdetector.exe |
"{4E93160B-CCE2-4CDD-BA7A-F791F94E93AD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50E1EAAD-379D-4D88-B9A6-753573F0E2C5}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{521255FC-2660-4259-BDFC-56ADEA5289E9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5825C4EB-B227-4847-AA51-CAC98E74745F}" = protocol=17 | dir=in | app=d:\program files\fifa 13\game\fifa13.exe |
"{58D9B614-1A50-4428-9385-27A8E662B907}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\recinstalldl\recinst.exe |
"{5A34637C-1895-4025-BA54-68B2C574D757}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{5F28F860-38F1-4149-86AB-9661F718C720}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{61444B02-F38F-4C94-8FA5-496B542E6EC5}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{6859473F-BCA3-4C43-A50B-3721215EE069}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\planetside 2\planetside2.exe |
"{685BA929-1B27-479F-9D5F-26D6E9DD2D90}" = protocol=6 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{6B03833E-D822-4711-AA85-1183AF066AFC}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{6C2D0673-9DFC-4D30-AADD-0D8A2FCCBD71}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\xlbugreport.exe |
"{6CFCDF3C-9892-4282-9042-C0EF3B62F58B}" = protocol=17 | dir=in | app=d:\program files\ubisoft\assassin's creed revelations\acrmp.exe |
"{6EB08F06-EEF3-4DEC-B7FA-97E293261A83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6F7C506C-67E5-4694-A8EB-9B65CF735D50}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{6FF82E48-C5D6-4EFA-89D2-54D49CDB2EE1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{70F57DC0-1E88-4AE4-8C58-35C4E85668E4}" = protocol=17 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{741D3BA5-7896-4F02-9982-4C7A0C8135A2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8059FE55-3C86-4BA1-8631-4FF33571AEB4}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{93BAEE1D-F511-470B-8AE8-224650A849B3}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{981AD97B-B7FD-480F-BDC3-1E4E5F3CA1A8}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\filelink\xlfilelink.exe |
"{9A29668E-74BE-4ECB-8310-C76D3768C2EF}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\program\xmp.exe |
"{9C48C16C-0DE0-42B0-8F6F-E88FB47CDA1C}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
"{9FC2FFD7-A184-458E-AA20-6BFFB0AE17DE}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{A0963212-AD15-4DA4-BAFA-E89EE28784E2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A3403F7B-D1BB-452B-8297-EEA046717629}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{A3D043D9-9F3A-4724-9BC7-8392D4DC785A}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
"{AA425C54-E885-48C3-9409-8014132E9F1B}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{B14BB00A-F3FB-4BC5-897D-ED62AB6666AB}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{BAC9BA4E-690B-4A62-84DB-E8E1E40D1F98}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\planetside 2\awesomium_process.exe |
"{BC3B46B9-AC8E-476C-8A78-2427BD6D4B8C}" = protocol=17 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{BCF70033-A61C-4EEE-9FB1-19670E71EDA8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C2989693-5EED-47B3-8455-E24A3EE8E6F9}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{C738786E-E4F6-43E4-8AF5-985B275BFBC8}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3.exe |
"{C95CE6BF-8365-44B3-8B8D-19017C4E46F6}" = protocol=6 | dir=in | app=d:\program files\ubisoft\assassin's creed revelations\acrmp.exe |
"{CC357405-2527-4EA2-91CC-7E8E0DB7D706}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{CD58B15B-E406-4621-A526-30AB49F98655}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3editor.exe |
"{CD98C46D-4ADE-4D39-975D-E6279E349896}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{CDD91512-45F2-4742-9664-F606E5740B7D}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\program\xmp.exe |
"{D0C6F552-DB2C-4175-88D1-9076A407ADC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D2C51A7D-014C-4D23-A8DC-2CB9B5F9C297}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{D841CF2B-40FD-4FEC-9983-C31048566EBB}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{DB1B2B66-A5F4-4C0A-A697-6104FF4C0CA1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DB9FE7C8-931E-4170-A8F1-367866CB79C5}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\filelink\xlfilelink.exe |
"{E3351D7F-9C30-4AB0-A74C-7B40934D53E6}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\xmpboot.exe |
"{E6415863-71E3-436E-BCB3-B87F98121BBE}" = protocol=17 | dir=in | app=c:\chinanetsn\bin\stupdate.exe |
"{EC8944FF-5F6A-4C13-907E-E222E505C637}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{EF36052B-E977-4E44-B615-2B0405404D9A}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
"{F123608F-C005-4F7C-881A-1383159CDBDA}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe |
"{F17CB571-EE91-402A-9575-EA378E1863CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F575D12B-A2AB-4A6E-8AEC-D3B7C2BE77AC}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
"{F6A09686-B7D4-4424-8C50-8C972495E6F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F791E6D2-92AC-4B76-93D5-03E68EBD1B23}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderbhostat.exe |
"{F87EA511-79BD-4337-8499-A2E4C8ED1144}" = protocol=6 | dir=in | app=d:\program files\fifa 13\game\fifa13.exe |
"TCP Query User{1441724C-013D-4622-A1D0-F3522F10A33A}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"TCP Query User{14EF886B-CF51-4F09-8894-15A4727DE71B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{19865F4D-17C3-47A0-8EDB-B501160335B2}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{27D3C05E-18DA-47B9-BEE4-55485D1C7A28}D:\program files\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\program files\max payne 3\maxpayne3.exe |
"TCP Query User{2B7F3FDC-EC04-4B3F-A3E7-14029B859DC5}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{345085FC-4658-4C86-B4C2-8A9CBC856359}D:\program files\garenahon\gamedata\apps\hon\hon.exe" = protocol=6 | dir=in | app=d:\program files\garenahon\gamedata\apps\hon\hon.exe |
"TCP Query User{492028F3-F330-445F-9760-7453774321F3}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{57DECCE3-970F-45FD-A2EB-F3AEDD7E3FC5}D:\download\honinstaller.exe" = protocol=6 | dir=in | app=d:\download\honinstaller.exe |
"TCP Query User{5F18A758-ED0B-4A05-AEAD-FEBDDE17E877}C:\program files\battleping\battleping.exe" = protocol=6 | dir=in | app=c:\program files\battleping\battleping.exe |
"TCP Query User{649CC5D8-A9A1-422E-B047-D5D262BF63F2}D:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{76EBB2DC-D829-4BDB-BA0D-9DCA33033E4D}D:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe" = protocol=6 | dir=in | app=d:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe |
"TCP Query User{7901FA78-0962-4C83-BAC8-5C79205272F3}D:\download\fifa.13-3dm\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\download\fifa.13-3dm\fifa 13\game\fifa13.exe |
"TCP Query User{A325E1C6-0EC6-42C7-8048-A116F520210B}D:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{A7BA0000-05D8-4CDF-AC39-93F0AC9A6E0A}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe |
"TCP Query User{AEE20B31-5DDC-4CA4-8326-99C0AF932A9F}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=d:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{B157E334-9200-4B13-BE00-DBFA2194D66F}D:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{B20D63D7-3053-4E78-B03B-A23DE04DCC16}D:\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=d:\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{EAF6E626-FD20-45B0-BF57-F36D06A833BA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F36D9A46-ABE7-421A-84AF-37CD0C68E1D0}C:\program files\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\garenamessenger.exe |
"TCP Query User{F80F1A71-D2E3-459A-963E-DF681056FB6A}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=d:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{2224086F-0671-45E2-9FFF-A0DCEAE546BE}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{25303401-20EE-40AD-AFD8-2ABC6540DA87}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=d:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{265653D1-3B32-4C27-B813-C978D99AD4B5}D:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{326792CC-410E-44A0-BCF6-BD281C644DAA}D:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{34DD6A67-E931-4BB9-8716-B98B6C32231D}C:\program files\battleping\battleping.exe" = protocol=17 | dir=in | app=c:\program files\battleping\battleping.exe |
"UDP Query User{381528F8-67DA-46D0-B0BA-6351ADD92AF7}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{4C4BC5DE-65FD-4184-86F4-4E5228577507}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{64C76B1C-1545-4E16-9E1A-1FF7A7F0E8BC}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{701DA910-04C2-47A1-A581-C5EAC9D585E9}D:\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=d:\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{91506DB6-FE80-4AE0-A3EC-3A043B8896E8}D:\download\fifa.13-3dm\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\download\fifa.13-3dm\fifa 13\game\fifa13.exe |
"UDP Query User{997A0D4E-1675-4845-9A39-55F8730A97BA}C:\program files\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\garenamessenger.exe |
"UDP Query User{A0AC446E-47B1-4624-9649-A6AC9E1042BC}D:\program files\garenahon\gamedata\apps\hon\hon.exe" = protocol=17 | dir=in | app=d:\program files\garenahon\gamedata\apps\hon\hon.exe |
"UDP Query User{B4730E12-085C-430E-AED7-71B2D3D5FA84}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe |
"UDP Query User{B9994AFC-CE94-450A-8179-E1BA37D99863}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C211F5BF-7E7F-4AF1-B2CC-BB2CE8A91BF8}D:\program files\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\program files\max payne 3\maxpayne3.exe |
"UDP Query User{C41B9A3F-ECE3-4B2C-8931-662D375E6AA5}D:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe" = protocol=17 | dir=in | app=d:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe |
"UDP Query User{C9CB9876-86C6-4D2D-BFCD-0B794394C170}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=d:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{D0469653-5098-4520-AF15-6454BEB9AD00}D:\download\honinstaller.exe" = protocol=17 | dir=in | app=d:\download\honinstaller.exe |
"UDP Query User{DCDF4759-3F6B-44D8-9CBA-6B705FE6274D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DF8A1DC2-3761-47DF-AF4E-FCE7CD2B3438}D:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3561742A-2478-4FAB-A44B-38A26E1FE14F}" = ICBCChromeExtension
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3E7D839E-A6E7-B6F8-F855-CF69756E6331}" = AMD Media Foundation Decoders
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5180FB30-2AC7-1627-9856-AA0AE6ACB7E7}" = ccc-utility
"{51A66ED3-200E-4147-8D1E-E8D30936FD26}" = Intel® Trusted Connect Service Client
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{876B50AF-D46A-ED35-C625-20F326FE0C49}" = AMD Accelerated Video Transcoding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{949AF9A1-772E-4D93-96B7-0AC18648C3F3}" = ICBCEBankAssist
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}" = Age of Wushu
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1" = Astrill
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D137E548-E288-46E8-BAC7-D232F77766F5}" = 中国工商银行防钓鱼软件
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5068813-9F8D-9F7A-92C0-A3EECBA2D82B}" = AMD Catalyst Install Manager
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"alieditplus" = Ö§¸¶±¦°²È«¿Ø¼þ 3.7.0.0
"AlipayDHC" = AlipayDHC 1.0.0.0
"AlipaySafeTransaction" = SafeTransaction 5.3.0.0
"AlipaySecControl" = Alipay security control 3.3.0.0
"avast" = avast! Free Antivirus
"BattlePing" = BattlePing 1.3.2.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Matcher" = Coupon Matcher
"CouponMatcher" = CouponMatcher
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HoN" = Garena - Heroes of Newerth
"ICBC_MW_UShield2" = Guide to ICBC USB-Shield program (Minghua) Uninstall
"im" = Garena Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.1.0 Full
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netkeeper" = Netkeeper 1.0(Only use remove)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Pro Evolution Soccer 2013_is1" = Pro Evolution Soccer 2013
"Steam App 570" = Dota 2
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"thunder_is1" = ѸÀ×7
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR archiver
"新浪Live" = 新浪Live

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCTVPlayer" = CCTV Player Uninstall
"SOE-C:/Users/Administrator/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2013 3:53:23 AM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2013 6:52:14 AM | Computer Name = USERSMI-M4AD7ID | Source = Application Error | ID = 1000
Description = Faulting application name: SSDPOptServer.exe, version: 3.0.6.9, time
stamp: 0x51306620 Faulting module name: SSDPOptServer.exe, version: 3.0.6.9, time
stamp: 0x51306620 Exception code: 0xc0000005 Fault offset: 0x00004667 Faulting process
id: 0x8dc Faulting application start time: 0x01ce3f2e3b7bb7e9 Faulting application
path: C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe Faulting
module path: C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe Report
Id: b0f0a5c4-ab3a-11e2-80f5-10bf48b899de

Error - 4/22/2013 12:01:22 PM | Computer Name = USERSMI-M4AD7ID | Source = SSDPOptService | ID = 0
Description =

Error - 4/22/2013 12:04:14 PM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2013 12:06:50 PM | Computer Name = USERSMI-M4AD7ID | Source = SSDPOptService | ID = 0
Description =

Error - 4/22/2013 12:09:50 PM | Computer Name = USERSMI-M4AD7ID | Source = Application Hang | ID = 1002
Description = The program spotify.exe version 0.9.0.117 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1268 Start
Time: 01ce3f73c7a4599d Termination Time: 16 Application Path: C:\Users\Administrator\AppData\Roaming\Spotify\spotify.exe

Report
Id: 0b5e8451-ab67-11e2-80f2-10bf48b899de

Error - 4/22/2013 12:10:46 PM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2013 1:26:10 PM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =

Error - 4/23/2013 4:48:04 AM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =

Error - 4/23/2013 5:17:16 AM | Computer Name = USERSMI-M4AD7ID | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/22/2013 6:52:15 AM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7031
Description = The SSDP OptService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 4/22/2013 12:01:26 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 4/22/2013 12:06:54 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 4/22/2013 12:06:54 PM | Computer Name = USERSMI-M4AD7ID | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147943515.

Error - 4/22/2013 12:06:54 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147023781.

Error - 4/22/2013 12:08:04 PM | Computer Name = USERSMI-M4AD7ID | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147943515.

Error - 4/22/2013 12:08:04 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147023781.

Error - 4/22/2013 12:08:04 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%1115

Error - 4/23/2013 4:39:23 AM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7000
Description = The SSDP OpeServer service failed to start due to the following error:
%%109

Error - 4/23/2013 4:39:23 AM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7000
Description = The SSDP OpeServer service failed to start due to the following error:
%%109


< End of report >

#13 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 24 April 2013 - 01:02 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-24 14:41:54 ----------------------------- 14:41:54.900 OS Version: Windows 6.1.7601 Service Pack 1 14:41:54.900 Number of processors: 4 586 0x3A09 14:41:54.901 ComputerName: USERSMI-M4AD7ID UserName: Administrator 14:41:56.140 Initialize success 14:41:57.177 AVAST engine defs: 13042301 14:42:02.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5 14:42:02.558 Disk 0 Vendor: WDC_WD5000AAKX-00ERMA0 15.01H15 Size: 476940MB BusType: 3 14:42:02.659 Disk 0 MBR read successfully 14:42:02.662 Disk 0 MBR scan 14:42:02.666 Disk 0 Windows 7 default MBR code 14:42:02.669 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 229993 MB offset 63 14:42:02.673 Disk 0 Partition - 00 0F Extended LBA 246944 MB offset 471025800 14:42:02.689 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 246944 MB offset 471025863 14:42:02.695 Disk 0 scanning sectors +976768065 14:42:02.754 Disk 0 scanning C:\Windows\system32\drivers 14:42:10.531 Service scanning 14:42:24.307 Modules scanning 14:42:30.039 Disk 0 trace - called modules: 14:42:30.055 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 14:42:30.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8697d258] 14:42:30.065 3 CLASSPNP.SYS[8c98159e] -> nt!IofCallDriver -> [0x85aa5918] 14:42:30.071 5 ACPI.sys[8c4c53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0x86468030] 14:42:30.755 AVAST engine scan C:\Windows 14:42:32.464 AVAST engine scan C:\Windows\system32 14:43:40.037 AVAST engine scan C:\Windows\system32\drivers 14:43:46.189 AVAST engine scan C:\Users\Administrator 14:46:27.742 File: C:\Users\Administrator\AppData\Roaming\ssdp_21352594.exe **INFECTED** Win32:Malware-gen 14:46:48.126 AVAST engine scan C:\ProgramData 14:47:27.272 Scan finished successfully 15:00:03.759 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat" 15:00:03.762 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#14 mowman

mowman

    SuperMember

  • Malware Team
  • 2,669 posts

Posted 24 April 2013 - 04:04 AM

You may need to go into control panel and set to show hidden files and folders.

Please scan the following files


  • Please visit Virus Total by clicking here.
  • Click the Browse button and search for the following file: c:\windows\system32\drivers\netpackets.sys
  • Click Open.
  • Then click Send File.
  • Please be patient while the file is scanned.
  • If Virus Total tells you that the file has already been scanned, click "reanalyse now".

  • Once the scan results appear, copy and paste them into Notepad and repeat the procedure for the following file(s):

  • c:\users\Administrator\AppData\Roaming\ssdp_21352594.exe
  • C:\Users\Administrator\AppData\Roaming\ssdp_42902701.exe
  • C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe

  • Please provide the results from the scans in your next reply.






Download CKScanner by askey127 from here & save it to your Desktop.

Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

#15 steph.l

steph.l

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 24 April 2013 - 11:15 AM

SHA256: 31455b49b3d771af51733126db8a0d8e713a603893c2f2e050158fc8667921d7 File name: netpackets.sys Detection ratio: 0 / 46 SHA256: dfeb9e5d4487ba49addc3007c8f118d1efceeca8b95f775e5db17aba2ee3f3db File name: OptInstall.exe (ssdp_21352594.exe) Detection ratio: 4 / 46 Agnitum Packed/PECompact Avast Win32:Malware-gen GData Win32:Malware-gen Jiangmin Trojan/Agent.folm SHA256: 76d3d78e98f86015cb3311b60de57b41e56c60b1f7edcade77ad13329580137c File name: OptInstall.exe (ssdp_42902701.exe) Detection ratio: 2 / 46 Agnitum Packed/PECompact Jiangmin Trojan/Agent.folm SHA256: 29e093959c2e5a01b02b6bfcb80586478a91f41a2ce9653d9da6cfdd45302dfd File name: SSDPOptServer.exe Detection ratio: 2 / 46 Agnitum Packed/PECompact Jiangmin Trojan/Agent.folm ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- CKScanner 2.1 - Additional Security Risks - These are not necessarily bad scanner sequence 3.MN.11.OJAPFR ----- EOF ----- do i need to put the additional information from the virustotal.com? like this one for netpacket.sys : ssdeep 768:jdTXDcm/TFkklw1q7R2i5aOnFHSe9I2Id8QnXRVpJ26t+PmdIILcAt:jdTg4TKkgq7RdaUFye6Ra0R4U++NAAt TrID Win32 Dynamic Link Library (generic) (31.0%) Win32 Executable (generic) (30.6%) Win16/32 Executable Delphi generic (9.7%) Clipper DOS Executable (9.5%) Generic Win/DOS Executable (9.4%) ExifTool SubsystemVersion.........: 5.1 LinkerVersion............: 8.0 ImageVersion.............: 6.0 FileSubtype..............: 0 FileVersionNumber........: 1.0.0.0 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f CharacterSet.............: Unicode InitializedDataSize......: 8832 FileOS...................: Windows NT 32-bit MIMEType.................: application/octet-stream LegalCopyright...........: Copyright © 2012 Blues 18390160 FileVersion..............: 1.0.0.0 Built By: WinDDK TimeStamp................: 2012:02:10 12:09:42+00:00 FileType.................: Win32 EXE PEType...................: PE32 InternalName.............: netpackets.sys FileAccessDate...........: 2013:04:24 12:39:38+01:00 ProductVersion...........: 1.0.0.0 FileDescription..........: XPNetFilters - TDI NetPacket Driver OSVersion................: 6.0 FileCreateDate...........: 2013:04:24 12:39:38+01:00 OriginalFilename.........: netpackets.sys Subsystem................: Native MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Blues (18390160) CodeSize.................: 34048 ProductName..............: XP NetFilters ProductVersionNumber.....: 1.0.0.0 EntryPoint...............: 0x9b05 ObjectFileType...........: Driver Sigcheck publisher................: Blues (18390160) product..................: XP NetFilters internal name............: netpackets.sys copyright................: Copyright © 2012 Blues 18390160 signing date.............: 5:01 AM 8/29/2012 original name............: netpackets.sys signers..................: ??????????; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5 file version.............: 1.0.0.0 Built By: WinDDK description..............: XPNetFilters - TDI NetPacket Driver Portable Executable structural information Compilation timedatestamp.....: 2012-02-10 12:09:42 Target machine................: Intel 386 or later processors and compatible processors Entry point address...........: 0x00009B05 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 1152 32858 32896 6.37 c57188364a3abf10d043f9be262c772c .rdata 34048 281 384 3.58 440a688d56933eb2bb078e8f2d1c6da4 .data 34432 5136 5248 0.02 a3f3d60dcd4fe2a41c7f6f03b700d483 INIT 39680 1076 1152 5.18 3a7e582466b7555449fbb57a1d01600e .rsrc 40832 924 1024 3.05 5a9a4808d3b5b0cc24a3df38fae5b8fe .reloc 41856 2166 2176 6.41 3cf187152a12a6c9d3f4c497c39873c9 PE Imports....................: [[HAL.dll]] KfAcquireSpinLock, KfReleaseSpinLock [[TDI.SYS]] TdiMapUserRequest [[ntoskrnl.exe]] IoAllocateIrp, RtlInitUnicodeString, IoDetachDevice, IoGetDeviceObjectPointer, memset, MmMapLockedPagesSpecifyCache, IoBuildDeviceIoControlRequest, IoCreateDevice, IoDeleteDevice, KeTickCount, ExAllocatePoolWithTag, IoFreeIrp, MmBuildMdlForNonPagedPool, IofCompleteRequest, IoReleaseCancelSpinLock, IoDeleteSymbolicLink, KeSetTimer, KeInitializeTimer, KeInsertQueueDpc, ObfDereferenceObject, IoAttachDeviceToDeviceStack, ExFreePoolWithTag, KeInitializeDpc, memcpy, RtlAppendUnicodeToString, IoAllocateMdl, IoCreateSymbolicLink, _aullrem, PsGetCurrentProcessId, ObReferenceObjectByHandle, KeBugCheckEx, IofCallDriver, IoFreeMdl PE Resources..................: Resource type Number of resources RT_VERSION 1 Resource language Number of resources ENGLISH US 1 First seen by VirusTotal 2013-04-24 11:39:41 UTC ( 5 hours, 35 minutes ago ) Last seen by VirusTotal 2013-04-24 11:39:41 UTC ( 5 hours, 35 minutes ago ) File names (max. 25) netpackets.sys

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users