Audio ads with no browser open

Solved
By sblackb
Jan 16, 2013
Topic Status:
Not open for further replies.
  1. This problem just started today. I was listening to music on the Windows Media Player and suddenly heard talking coming in and out. There were no other programs open. Thank you so much for your help!

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.16.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Soonhee :: SOONHEE-HP [administrator]
    Protection: Enabled
    1/16/2013 12:50:48 PM
    mbam-log-2013-01-16 (12-50-48).txt
    Scan type: Full scan (C:\|D:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 464859
    Time elapsed: 1 hour(s), 22 minute(s), 7 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 2
    C:\Users\Soonhee\AppData\Roaming\wicinc.dll (Trojan.Medfos) -> Delete on reboot.
    C:\Users\Soonhee\AppData\Roaming\qwauat.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
    Registry Keys Detected: 12
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qwauat (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\Soonhee\AppData\Roaming\qwauat.dll",Term -> Quarantined and deleted successfully.
    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=nv...AyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    Folders Detected: 4
    C:\Users\Soonhee\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.
    Files Detected: 12
    C:\Users\Soonhee\AppData\Roaming\wicinc.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\Roaming\qwauat.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
    C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.
    (end)

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/9/2011 12:00:31 PM
    System Uptime: 1/16/2013 2:34:10 PM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1439
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 448 GiB total, 319.12 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.462 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP238: 12/20/2012 7:43:17 PM - Windows Update
    RP239: 12/21/2012 7:05:57 AM - Installed AVG PC TuneUp
    RP240: 12/25/2012 10:48:30 AM - Installed MediaImpression SE
    RP241: 12/27/2012 10:01:36 PM - Removed MediaImpression SE
    RP242: 12/27/2012 10:03:10 PM - Removed AVG PC TuneUp
    RP243: 12/27/2012 10:04:05 PM - Removed AVG PC TuneUp Language Pack (en-US)
    RP244: 1/4/2013 12:14:29 AM - Scheduled Checkpoint
    RP245: 1/9/2013 3:00:19 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Sansa Media Converter
    64 Bit HP CIO Components Installer
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.3 MUI
    Adobe Shockwave Player 11.5
    Adobe Shockwave Player 11.6
    Amazon MP3 Downloader 1.0.17
    Amazon Music Importer
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    BattleTag
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Bonjour
    bpd_scan
    Broadcom 802.11 Wireless LAN Adapter
    Build-a-lot 2
    Bullzip PDF Printer 7.2.0.1338
    Chuzzle Deluxe
    CinemaNow Media Manager
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    EasyBits GO
    EasyGPS 4.18
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    FamilySearch Indexing 3.12.1
    FATE
    Final Drive Nitro
    Google Chrome
    Google Earth
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.2.1.1
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart SmartMenu
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HP Update
    HP Wireless Assistant
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 20 (64-bit)
    JavaFX 2.1.1
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Keynote Connector
    LabelPrint
    LightScribe System Software
    LightScribe Template Labeler
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Standard Edition 2003
    Microsoft Office Starter 2010 - English
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Web Publishing Wizard 1.52
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Octoshape add-in for Adobe Flash Player
    OverDrive Media Console
    Penguins!
    Personal Ancestral File 5
    PhotoNow!
    Plants vs. Zombies
    Playlist Creator 3.6.2
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PrintMaster
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Roxio CinemaNow 2.0
    RtVOsd
    Sansa Updater
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    SharePort Utility
    Shockwave
    Sibelius Scorch (ActiveX Only)
    Skype Click to Call
    Skype™ 5.10
    swMSM
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Virtual Families
    Virtual Villagers - The Secret City
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    WebIQ Technology Engine
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/16/2013 2:34:57 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    1/14/2013 7:11:23 AM, Error: Schannel [36887] - The following fatal alert was received: 80.
    .
    ==== End Of File ===========================
  2. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Here is the DDS report.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
    Run by Soonhee at 14:38:29 on 2013-01-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1535 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\D-Link\SharePort Utility\Connect.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mStart Page = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [dsnaui] "C:\Windows\System32\rundll32.exe" "C:\Users\Soonhee\AppData\Roaming\dsnaui.dll",UserWarning
    uRun: [wicinc] "C:\Windows\System32\rundll32.exe" "C:\Users\Soonhee\AppData\Roaming\wicinc.dll",Member_GetOne
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Soonhee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHAREP~1.LNK - C:\Program Files\D-Link\SharePort Utility\Connect.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}\7556E646973702055726C69636 : DHCPNameServer = 68.94.156.1 68.94.157.1
    TCP: Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}\E4544574541425 : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Soonhee\AppData\Roaming\Mozilla\Firefox\Profiles\3852lgnw.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-29 09:47; ftdownloader@ftdownloader.com; C:\Users\Soonhee\AppData\Roaming\Mozilla\Firefox\Profiles\3852lgnw.default\extensions\ftdownloader@ftdownloader.com.xpi
    FF - ExtSQL: !HIDDEN! 2013-01-16 14:35; {e415c395-27bf-4fc0-9d92-837b7dfc3483}; C:\Users\Soonhee\AppData\Roaming\Mozilla\Firefox\Profiles\3852lgnw.default\extensions\{e415c395-27bf-4fc0-9d92-837b7dfc3483}.xpi
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409&q=
    FF - user.js: extensions.funmoods.id - 90004E174A749F21
    FF - user.js: extensions.funmoods.instlDay - 15691
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:28:38
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - nv1
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - nv1
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    .
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-24 98208]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-2-9 49152]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-24 13336]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-16 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-16 682344]
    R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-24 2320920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-16 24176]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-2 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-24 225280]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-24 333928]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-11 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-16 17:56:29 -------- d-----w- C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E}
    2013-01-16 17:48:46 -------- d-----w- C:\Users\Soonhee\AppData\Roaming\Malwarebytes
    2013-01-16 17:48:37 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-16 17:48:36 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-16 17:48:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-16 17:48:22 -------- d-----w- C:\Users\Soonhee\AppData\Local\Programs
    2013-01-16 05:56:04 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A}
    2013-01-16 03:44:55 565248 ----a-w- C:\Users\Soonhee\AppData\Roaming\dsnaui.dll
    2013-01-15 17:55:53 -------- d-----w- C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B}
    2013-01-15 05:55:41 -------- d-----w- C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7}
    2013-01-14 17:55:17 -------- d-----w- C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823}
    2013-01-14 05:55:05 -------- d-----w- C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0}
    2013-01-13 17:54:41 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931}
    2013-01-13 05:54:30 -------- d-----w- C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54}
    2013-01-12 17:54:19 -------- d-----w- C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F}
    2013-01-12 05:54:07 -------- d-----w- C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5}
    2013-01-11 17:53:56 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE}
    2013-01-11 05:53:44 -------- d-----w- C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A}
    2013-01-10 17:53:33 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567}
    2013-01-10 05:53:21 -------- d-----w- C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2}
    2013-01-09 17:53:10 -------- d-----w- C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB}
    2013-01-09 07:50:55 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-09 05:52:46 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D}
    2013-01-08 17:52:34 -------- d-----w- C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958}
    2013-01-08 05:52:23 -------- d-----w- C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3}
    2013-01-07 17:52:11 -------- d-----w- C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B}
    2013-01-07 05:51:47 -------- d-----w- C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B}
    2013-01-06 17:51:23 -------- d-----w- C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE}
    2013-01-04 03:00:04 -------- d-----w- C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E}
    2013-01-04 02:59:54 -------- d-----w- C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138}
    2013-01-04 02:13:57 -------- d-----w- C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC}
    2013-01-03 14:13:47 -------- d-----w- C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7}
    2013-01-03 02:17:25 -------- d-----w- C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217}
    2013-01-03 02:13:47 -------- d-----w- C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4}
    2013-01-02 14:13:36 -------- d-----w- C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840}
    2013-01-02 02:13:12 -------- d-----w- C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026}
    2013-01-01 14:12:48 -------- d-----w- C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E}
    2013-01-01 02:12:37 -------- d-----w- C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555}
    2012-12-31 02:16:17 -------- d-----w- C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F}
    2012-12-30 02:12:13 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A}
    2012-12-29 14:11:49 -------- d-----w- C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B}
    2012-12-29 02:11:37 -------- d-----w- C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14}
    2012-12-28 14:11:26 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527}
    2012-12-27 14:10:40 -------- d-----w- C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6}
    2012-12-27 02:14:27 -------- d-----w- C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0}
    2012-12-27 02:10:40 -------- d-----w- C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB}
    2012-12-26 14:10:16 -------- d-----w- C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335}
    2012-12-26 02:10:01 -------- d-----w- C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6}
    2012-12-25 15:51:57 -------- d-----w- C:\Users\Soonhee\AppData\Local\ArcSoft
    2012-12-25 15:49:52 -------- d-----w- C:\ProgramData\ArcSoft
    2012-12-25 15:48:48 22784 ----a-w- C:\Windows\SysWow64\drivers\afc.sys
    2012-12-25 14:09:37 -------- d-----w- C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6}
    2012-12-25 02:09:13 -------- d-----w- C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784}
    2012-12-23 14:08:39 -------- d-----w- C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90}
    2012-12-23 02:08:14 -------- d-----w- C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A}
    2012-12-22 14:07:50 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855}
    2012-12-22 02:07:39 -------- d-----w- C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A}
    2012-12-21 14:07:16 -------- d-----w- C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918}
    2012-12-21 12:06:32 -------- d-----w- C:\Users\Soonhee\AppData\Roaming\AVG
    2012-12-21 12:05:50 -------- d-----w- C:\ProgramData\AVG
    2012-12-21 12:05:46 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-12-21 02:06:51 -------- d-----w- C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C}
    2012-12-21 00:43:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 00:43:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 00:43:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 00:43:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-21 00:02:00 -------- d-----w- C:\Program Files (x86)\Sibelius Software
    2012-12-20 14:06:27 -------- d-----w- C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B}
    2012-12-20 02:06:16 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7}
    2012-12-19 14:05:52 -------- d-----w- C:\Users\Soonhee\AppData\Local\{F467E580-D870-4BD7-9DDE-BCE688B8335D}
    2012-12-19 12:30:02 -------- d-----w- C:\Program Files\iPod
    2012-12-19 12:30:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-19 12:30:01 -------- d-----w- C:\Program Files\iTunes
    2012-12-19 12:30:01 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-12-19 02:05:40 -------- d-----w- C:\Users\Soonhee\AppData\Local\{B058FB32-5D36-49AC-BFC7-AF2608AE57B4}
    2012-12-18 20:07:11 106240 ----a-w- C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
    2012-12-18 14:05:29 -------- d-----w- C:\Users\Soonhee\AppData\Local\{2436B3AB-48DF-48AE-8BA0-4DFA6655AAA7}
    2012-12-18 02:05:04 -------- d-----w- C:\Users\Soonhee\AppData\Local\{B65430F0-D675-4AAD-9ACD-42C1B2BE0E79}
    2012-12-17 22:28:41 -------- d-----w- C:\Users\Soonhee\AppData\Roaming\Funmoods
    2012-12-17 22:28:16 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-12-17 22:28:02 -------- d-----w- C:\Users\Soonhee\AppData\Local\PutLockerDownloader
    .
    ==================== Find3M ====================
    .
    2013-01-08 21:45:38 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-08 21:45:38 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    .
    ============= FINISH: 14:40:59.11 ===============
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  4. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    15:31:38.0537 7120 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    15:31:39.0114 7120 ============================================================
    15:31:39.0114 7120 Current date / time: 2013/01/16 15:31:39.0114
    15:31:39.0114 7120 SystemInfo:
    15:31:39.0114 7120
    15:31:39.0114 7120 OS Version: 6.1.7601 ServicePack: 1.0
    15:31:39.0114 7120 Product type: Workstation
    15:31:39.0129 7120 ComputerName: SOONHEE-HP
    15:31:39.0129 7120 UserName: Soonhee
    15:31:39.0129 7120 Windows directory: C:\Windows
    15:31:39.0129 7120 System windows directory: C:\Windows
    15:31:39.0129 7120 Running under WOW64
    15:31:39.0129 7120 Processor architecture: Intel x64
    15:31:39.0129 7120 Number of processors: 4
    15:31:39.0129 7120 Page size: 0x1000
    15:31:39.0129 7120 Boot type: Normal boot
    15:31:39.0129 7120 ============================================================
    15:31:39.0753 7120 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:31:39.0769 7120 ============================================================
    15:31:39.0769 7120 \Device\Harddisk0\DR0:
    15:31:39.0769 7120 MBR partitions:
    15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380DC800
    15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38140800, BlocksNum 0x2211800
    15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
    15:31:39.0769 7120 ============================================================
    15:31:39.0800 7120 C: <-> \Device\Harddisk0\DR0\Partition2
    15:31:39.0831 7120 D: <-> \Device\Harddisk0\DR0\Partition3
    15:31:39.0831 7120 ============================================================
    15:31:39.0831 7120 Initialize success
    15:31:39.0831 7120 ============================================================
    15:32:07.0459 3644 ============================================================
    15:32:07.0459 3644 Scan started
    15:32:07.0459 3644 Mode: Manual; SigCheck; TDLFS;
    15:32:07.0459 3644 ============================================================
    15:32:08.0239 3644 ================ Scan system memory ========================
    15:32:08.0239 3644 System memory - ok
    15:32:08.0239 3644 ================ Scan services =============================
    15:32:08.0426 3644 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    15:32:08.0629 3644 1394ohci - ok
    15:32:08.0723 3644 ACDaemon - ok
    15:32:08.0770 3644 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    15:32:08.0801 3644 ACPI - ok
    15:32:08.0832 3644 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    15:32:08.0910 3644 AcpiPmi - ok
    15:32:09.0066 3644 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:32:09.0113 3644 AdobeFlashPlayerUpdateSvc - ok
    15:32:09.0160 3644 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    15:32:09.0175 3644 adp94xx - ok
    15:32:09.0222 3644 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    15:32:09.0238 3644 adpahci - ok
    15:32:09.0269 3644 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    15:32:09.0300 3644 adpu320 - ok
    15:32:09.0331 3644 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    15:32:09.0487 3644 AeLookupSvc - ok
    15:32:09.0565 3644 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    15:32:09.0581 3644 AERTFilters - ok
    15:32:09.0659 3644 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
    15:32:09.0690 3644 Afc - ok
    15:32:09.0737 3644 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    15:32:09.0815 3644 AFD - ok
    15:32:09.0862 3644 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    15:32:10.0002 3644 AgereSoftModem - ok
    15:32:10.0033 3644 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    15:32:10.0064 3644 agp440 - ok
    15:32:10.0096 3644 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    15:32:10.0174 3644 ALG - ok
    15:32:10.0205 3644 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    15:32:10.0220 3644 aliide - ok
    15:32:10.0236 3644 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    15:32:10.0252 3644 amdide - ok
    15:32:10.0283 3644 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    15:32:10.0345 3644 AmdK8 - ok
    15:32:10.0361 3644 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    15:32:10.0408 3644 AmdPPM - ok
    15:32:10.0454 3644 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    15:32:10.0486 3644 amdsata - ok
    15:32:10.0501 3644 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    15:32:10.0517 3644 amdsbs - ok
    15:32:10.0532 3644 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    15:32:10.0548 3644 amdxata - ok
    15:32:10.0610 3644 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    15:32:10.0688 3644 AppID - ok
    15:32:10.0720 3644 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    15:32:10.0844 3644 AppIDSvc - ok
    15:32:10.0876 3644 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    15:32:10.0938 3644 Appinfo - ok
    15:32:11.0047 3644 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:32:11.0063 3644 Apple Mobile Device - ok
    15:32:11.0094 3644 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    15:32:11.0125 3644 arc - ok
    15:32:11.0125 3644 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    15:32:11.0156 3644 arcsas - ok
    15:32:11.0172 3644 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    15:32:11.0297 3644 AsyncMac - ok
    15:32:11.0344 3644 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    15:32:11.0359 3644 atapi - ok
    15:32:11.0406 3644 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    15:32:11.0515 3644 athr - ok
    15:32:11.0578 3644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    15:32:11.0671 3644 AudioEndpointBuilder - ok
    15:32:11.0671 3644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    15:32:11.0718 3644 AudioSrv - ok
    15:32:11.0983 3644 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    15:32:12.0124 3644 AVGIDSAgent - ok
    15:32:12.0170 3644 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    15:32:12.0202 3644 AVGIDSDriver - ok
    15:32:12.0233 3644 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    15:32:12.0248 3644 AVGIDSHA - ok
    15:32:12.0295 3644 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    15:32:12.0326 3644 Avgldx64 - ok
    15:32:12.0342 3644 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    15:32:12.0358 3644 Avgloga - ok
    15:32:12.0389 3644 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    15:32:12.0389 3644 Avgmfx64 - ok
    15:32:12.0420 3644 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    15:32:12.0420 3644 Avgrkx64 - ok
    15:32:12.0467 3644 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    15:32:12.0498 3644 Avgtdia - ok
    15:32:12.0529 3644 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    15:32:12.0545 3644 avgwd - ok
    15:32:12.0592 3644 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    15:32:12.0685 3644 AxInstSV - ok
    15:32:12.0732 3644 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    15:32:12.0779 3644 b06bdrv - ok
    15:32:12.0810 3644 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:32:12.0841 3644 b57nd60a - ok
    15:32:12.0950 3644 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    15:32:13.0044 3644 BCM43XX - ok
    15:32:13.0075 3644 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    15:32:13.0138 3644 BDESVC - ok
    15:32:13.0153 3644 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    15:32:13.0231 3644 Beep - ok
    15:32:13.0309 3644 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    15:32:13.0403 3644 BFE - ok
    15:32:13.0450 3644 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    15:32:13.0528 3644 BITS - ok
    15:32:13.0559 3644 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    15:32:13.0590 3644 blbdrive - ok
    15:32:13.0699 3644 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    15:32:13.0730 3644 Bonjour Service - ok
    15:32:13.0777 3644 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    15:32:13.0824 3644 bowser - ok
    15:32:13.0855 3644 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:32:13.0918 3644 BrFiltLo - ok
    15:32:13.0933 3644 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:32:13.0949 3644 BrFiltUp - ok
    15:32:13.0980 3644 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    15:32:14.0042 3644 Browser - ok
    15:32:14.0074 3644 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    15:32:14.0136 3644 Brserid - ok
    15:32:14.0152 3644 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    15:32:14.0214 3644 BrSerWdm - ok
    15:32:14.0245 3644 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:32:14.0292 3644 BrUsbMdm - ok
    15:32:14.0339 3644 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    15:32:14.0354 3644 BrUsbSer - ok
    15:32:14.0417 3644 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    15:32:14.0495 3644 BthEnum - ok
    15:32:14.0510 3644 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    15:32:14.0557 3644 BTHMODEM - ok
    15:32:14.0588 3644 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    15:32:14.0651 3644 BthPan - ok
    15:32:14.0682 3644 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    15:32:14.0744 3644 BTHPORT - ok
    15:32:14.0776 3644 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    15:32:14.0869 3644 bthserv - ok
    15:32:14.0900 3644 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    15:32:14.0947 3644 BTHUSB - ok
    15:32:14.0994 3644 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    15:32:15.0072 3644 cdfs - ok
    15:32:15.0119 3644 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    15:32:15.0166 3644 cdrom - ok
    15:32:15.0228 3644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    15:32:15.0306 3644 CertPropSvc - ok
    15:32:15.0353 3644 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    15:32:15.0384 3644 CinemaNow Service - ok
    15:32:15.0415 3644 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    15:32:15.0431 3644 circlass - ok
    15:32:15.0462 3644 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    15:32:15.0493 3644 CLFS - ok
    15:32:15.0571 3644 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:32:15.0587 3644 clr_optimization_v2.0.50727_32 - ok
    15:32:15.0634 3644 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:32:15.0649 3644 clr_optimization_v2.0.50727_64 - ok
    15:32:15.0758 3644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:32:15.0774 3644 clr_optimization_v4.0.30319_32 - ok
    15:32:15.0836 3644 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    15:32:15.0852 3644 clr_optimization_v4.0.30319_64 - ok
    15:32:15.0883 3644 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    15:32:15.0930 3644 CmBatt - ok
    15:32:15.0961 3644 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    15:32:15.0992 3644 cmdide - ok
    15:32:16.0024 3644 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    15:32:16.0070 3644 CNG - ok
    15:32:16.0086 3644 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    15:32:16.0102 3644 Compbatt - ok
    15:32:16.0148 3644 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    15:32:16.0195 3644 CompositeBus - ok
    15:32:16.0211 3644 COMSysApp - ok
    15:32:16.0242 3644 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    15:32:16.0273 3644 crcdisk - ok
    15:32:16.0304 3644 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    15:32:16.0367 3644 CryptSvc - ok
    15:32:16.0445 3644 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    15:32:16.0492 3644 cvhsvc - ok
    15:32:16.0523 3644 [ DE28371013ED2ECCD4FF17F9526B9F27 ] D-Link SharePort Helper C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
    15:32:16.0554 3644 D-Link SharePort Helper ( UnsignedFile.Multi.Generic ) - warning
    15:32:16.0554 3644 D-Link SharePort Helper - detected UnsignedFile.Multi.Generic (1)
    15:32:16.0616 3644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    15:32:16.0710 3644 DcomLaunch - ok
    15:32:16.0726 3644 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    15:32:16.0804 3644 defragsvc - ok
    15:32:16.0850 3644 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    15:32:16.0897 3644 DfsC - ok
    15:32:16.0928 3644 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    15:32:16.0991 3644 Dhcp - ok
    15:32:17.0038 3644 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    15:32:17.0116 3644 discache - ok
    15:32:17.0162 3644 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    15:32:17.0178 3644 Disk - ok
    15:32:17.0209 3644 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    15:32:17.0272 3644 Dnscache - ok
    15:32:17.0303 3644 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    15:32:17.0396 3644 dot3svc - ok
    15:32:17.0428 3644 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    15:32:17.0474 3644 Dot4 - ok
    15:32:17.0521 3644 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
    15:32:17.0568 3644 Dot4Print - ok
    15:32:17.0584 3644 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    15:32:17.0630 3644 dot4usb - ok
    15:32:17.0677 3644 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    15:32:17.0755 3644 DPS - ok
    15:32:17.0786 3644 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    15:32:17.0818 3644 drmkaud - ok
    15:32:17.0864 3644 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    15:32:17.0911 3644 DXGKrnl - ok
    15:32:17.0942 3644 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    15:32:18.0005 3644 EapHost - ok
    15:32:18.0083 3644 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    15:32:18.0161 3644 ebdrv - ok
    15:32:18.0208 3644 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    15:32:18.0254 3644 EFS - ok
    15:32:18.0317 3644 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    15:32:18.0410 3644 ehRecvr - ok
    15:32:18.0426 3644 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    15:32:18.0488 3644 ehSched - ok
    15:32:18.0535 3644 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    15:32:18.0566 3644 elxstor - ok
    15:32:18.0613 3644 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    15:32:18.0644 3644 ErrDev - ok
    15:32:18.0691 3644 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    15:32:18.0769 3644 EventSystem - ok
    15:32:18.0816 3644 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    15:32:18.0878 3644 exfat - ok
    15:32:18.0894 3644 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    15:32:18.0941 3644 fastfat - ok
    15:32:18.0988 3644 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    15:32:19.0081 3644 Fax - ok
    15:32:19.0112 3644 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    15:32:19.0144 3644 fdc - ok
    15:32:19.0190 3644 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    15:32:19.0253 3644 fdPHost - ok
    15:32:19.0253 3644 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    15:32:19.0315 3644 FDResPub - ok
    15:32:19.0331 3644 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    15:32:19.0346 3644 FileInfo - ok
    15:32:19.0362 3644 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    15:32:19.0424 3644 Filetrace - ok
    15:32:19.0440 3644 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    15:32:19.0456 3644 flpydisk - ok
    15:32:19.0487 3644 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    15:32:19.0518 3644 FltMgr - ok
    15:32:19.0565 3644 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    15:32:19.0612 3644 FontCache - ok
    15:32:19.0674 3644 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:32:19.0690 3644 FontCache3.0.0.0 - ok
    15:32:19.0721 3644 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    15:32:19.0736 3644 FsDepends - ok
    15:32:19.0783 3644 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    15:32:19.0799 3644 fssfltr - ok
    15:32:19.0955 3644 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    15:32:20.0017 3644 fsssvc - ok
    15:32:20.0064 3644 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    15:32:20.0080 3644 Fs_Rec - ok
    15:32:20.0126 3644 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    15:32:20.0173 3644 fvevol - ok
    15:32:20.0189 3644 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:32:20.0204 3644 gagp30kx - ok
    15:32:20.0251 3644 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    15:32:20.0251 3644 GameConsoleService - ok
    15:32:20.0314 3644 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:32:20.0314 3644 GEARAspiWDM - ok
    15:32:20.0360 3644 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    15:32:20.0454 3644 gpsvc - ok
    15:32:20.0579 3644 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:32:20.0594 3644 gupdate - ok
    15:32:20.0610 3644 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:32:20.0626 3644 gupdatem - ok
    15:32:20.0641 3644 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    15:32:20.0672 3644 hcw85cir - ok
    15:32:20.0704 3644 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    15:32:20.0750 3644 HdAudAddService - ok
    15:32:20.0813 3644 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    15:32:20.0860 3644 HDAudBus - ok
    15:32:20.0906 3644 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    15:32:20.0938 3644 HECIx64 - ok
    15:32:20.0953 3644 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    15:32:20.0969 3644 HidBatt - ok
    15:32:21.0000 3644 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    15:32:21.0016 3644 HidBth - ok
    15:32:21.0031 3644 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    15:32:21.0047 3644 HidIr - ok
    15:32:21.0062 3644 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    15:32:21.0125 3644 hidserv - ok
    15:32:21.0156 3644 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    15:32:21.0172 3644 HidUsb - ok
    15:32:21.0203 3644 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    15:32:21.0281 3644 hkmsvc - ok
    15:32:21.0328 3644 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    15:32:21.0390 3644 HomeGroupListener - ok
    15:32:21.0437 3644 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    15:32:21.0484 3644 HomeGroupProvider - ok
    15:32:21.0593 3644 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    15:32:21.0624 3644 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
    15:32:21.0624 3644 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
    15:32:21.0686 3644 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    15:32:21.0718 3644 HP Wireless Assistant Service - ok
    15:32:21.0780 3644 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    15:32:21.0827 3644 hpqwmiex - ok
    15:32:21.0874 3644 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    15:32:21.0889 3644 HpSAMD - ok
    15:32:21.0967 3644 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    15:32:21.0983 3644 HPWMISVC - ok
    15:32:22.0030 3644 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    15:32:22.0108 3644 HTTP - ok
    15:32:22.0139 3644 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    15:32:22.0170 3644 hwpolicy - ok
    15:32:22.0217 3644 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    15:32:22.0248 3644 i8042prt - ok
    15:32:22.0295 3644 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    15:32:22.0326 3644 iaStor - ok
    15:32:22.0373 3644 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    15:32:22.0388 3644 IAStorDataMgrSvc - ok
    15:32:22.0420 3644 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    15:32:22.0466 3644 iaStorV - ok
    15:32:22.0529 3644 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:32:22.0576 3644 idsvc - ok
    15:32:22.0794 3644 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:32:23.0059 3644 igfx - ok
    15:32:23.0075 3644 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    15:32:23.0090 3644 iirsp - ok
    15:32:23.0122 3644 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    15:32:23.0200 3644 IKEEXT - ok
    15:32:23.0278 3644 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    15:32:23.0340 3644 IntcAzAudAddService - ok
    15:32:23.0387 3644 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    15:32:23.0449 3644 IntcDAud - ok
    15:32:23.0496 3644 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    15:32:23.0512 3644 intelide - ok
    15:32:23.0558 3644 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    15:32:23.0621 3644 intelppm - ok
    15:32:23.0668 3644 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    15:32:23.0761 3644 IPBusEnum - ok
    15:32:23.0792 3644 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:32:23.0855 3644 IpFilterDriver - ok
    15:32:23.0902 3644 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    15:32:23.0980 3644 iphlpsvc - ok
    15:32:24.0026 3644 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    15:32:24.0073 3644 IPMIDRV - ok
    15:32:24.0104 3644 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    15:32:24.0167 3644 IPNAT - ok
    15:32:24.0292 3644 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    15:32:24.0323 3644 iPod Service - ok
    15:32:24.0354 3644 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    15:32:24.0510 3644 IRENUM - ok
    15:32:24.0557 3644 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    15:32:24.0572 3644 isapnp - ok
    15:32:24.0604 3644 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    15:32:24.0650 3644 iScsiPrt - ok
    15:32:24.0682 3644 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    15:32:24.0697 3644 kbdclass - ok
    15:32:24.0728 3644 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    15:32:24.0744 3644 kbdhid - ok
    15:32:24.0760 3644 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    15:32:24.0775 3644 KeyIso - ok
    15:32:24.0806 3644 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    15:32:24.0838 3644 KSecDD - ok
    15:32:24.0869 3644 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    15:32:24.0884 3644 KSecPkg - ok
    15:32:24.0931 3644 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    15:32:25.0025 3644 ksthunk - ok
    15:32:25.0056 3644 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    15:32:25.0150 3644 KtmRm - ok
    15:32:25.0196 3644 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    15:32:25.0274 3644 LanmanServer - ok
    15:32:25.0306 3644 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    15:32:25.0368 3644 LanmanWorkstation - ok
    15:32:25.0430 3644 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    15:32:25.0430 3644 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
    15:32:25.0430 3644 LightScribeService - detected UnsignedFile.Multi.Generic (1)
    15:32:25.0508 3644 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    15:32:25.0586 3644 lltdio - ok
    15:32:25.0633 3644 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    15:32:25.0727 3644 lltdsvc - ok
    15:32:25.0742 3644 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    15:32:25.0774 3644 lmhosts - ok
    15:32:25.0836 3644 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    15:32:25.0867 3644 LMS - ok
    15:32:25.0898 3644 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:32:25.0914 3644 LSI_FC - ok
    15:32:25.0976 3644 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:32:26.0008 3644 LSI_SAS - ok
    15:32:26.0054 3644 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:32:26.0086 3644 LSI_SAS2 - ok
    15:32:26.0117 3644 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:32:26.0132 3644 LSI_SCSI - ok
    15:32:26.0179 3644 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    15:32:26.0273 3644 luafv - ok
    15:32:26.0351 3644 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    15:32:26.0366 3644 MBAMProtector - ok
    15:32:26.0460 3644 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    15:32:26.0507 3644 MBAMScheduler - ok
    15:32:26.0522 3644 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    15:32:26.0554 3644 MBAMService - ok
    15:32:26.0585 3644 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    15:32:26.0632 3644 Mcx2Svc - ok
    15:32:26.0663 3644 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    15:32:26.0678 3644 megasas - ok
    15:32:26.0725 3644 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    15:32:26.0756 3644 MegaSR - ok
    15:32:26.0788 3644 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    15:32:26.0819 3644 MMCSS - ok
    15:32:26.0850 3644 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    15:32:26.0912 3644 Modem - ok
    15:32:26.0944 3644 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    15:32:27.0006 3644 monitor - ok
    15:32:27.0037 3644 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    15:32:27.0053 3644 mouclass - ok
    15:32:27.0162 3644 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    15:32:27.0193 3644 mouhid - ok
    15:32:27.0240 3644 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    15:32:27.0271 3644 mountmgr - ok
    15:32:27.0318 3644 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    15:32:27.0365 3644 mpio - ok
    15:32:27.0396 3644 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    15:32:27.0458 3644 mpsdrv - ok
    15:32:27.0490 3644 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    15:32:27.0599 3644 MpsSvc - ok
    15:32:27.0630 3644 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    15:32:27.0677 3644 MRxDAV - ok
    15:32:27.0708 3644 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:32:27.0802 3644 mrxsmb - ok
    15:32:27.0833 3644 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:32:27.0880 3644 mrxsmb10 - ok
    15:32:27.0895 3644 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:32:27.0911 3644 mrxsmb20 - ok
    15:32:27.0973 3644 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    15:32:28.0004 3644 msahci - ok
    15:32:28.0051 3644 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    15:32:28.0082 3644 msdsm - ok
    15:32:28.0114 3644 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    15:32:28.0160 3644 MSDTC - ok
    15:32:28.0223 3644 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    15:32:28.0301 3644 Msfs - ok
    15:32:28.0316 3644 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    15:32:28.0379 3644 mshidkmdf - ok
    15:32:28.0410 3644 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    15:32:28.0426 3644 msisadrv - ok
    15:32:28.0457 3644 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    15:32:28.0504 3644 MSiSCSI - ok
    15:32:28.0504 3644 msiserver - ok
    15:32:28.0535 3644 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    15:32:28.0597 3644 MSKSSRV - ok
    15:32:28.0628 3644 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    15:32:28.0722 3644 MSPCLOCK - ok
    15:32:28.0738 3644 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    15:32:28.0800 3644 MSPQM - ok
    15:32:28.0831 3644 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    15:32:28.0878 3644 MsRPC - ok
  5. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Sorry, I didn't realize there was so much text. The tdsskiller log should be attached.

    Attached Files:

  6. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Here is the report from ComboFix:
    ComboFix 13-01-16.01 - Soonhee 01/16/2013 15:51:23.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2329 [GMT -5:00]
    Running from: c:\users\Soonhee\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Soonhee\AppData\Roaming\dsnaui.dll
    c:\windows\rapidui.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-16 20:58 . 2013-01-16 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\users\Soonhee\AppData\Roaming\Malwarebytes
    2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-16 17:48 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\users\Soonhee\AppData\Local\Programs
    2013-01-11 14:04 . 2013-01-11 14:04 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2013-01-09 07:50 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-12-25 15:51 . 2012-12-25 15:51 -------- d-----w- c:\users\Soonhee\AppData\Local\ArcSoft
    2012-12-25 15:49 . 2012-12-25 22:04 -------- d-----w- c:\programdata\ArcSoft
    2012-12-25 15:48 . 2006-11-14 16:31 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
    2012-12-25 15:48 . 2012-12-28 03:02 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
    2012-12-25 15:48 . 2012-12-25 22:04 -------- d-----w- c:\users\Soonhee\AppData\Roaming\ArcSoft
    2012-12-21 12:06 . 2012-12-21 12:06 -------- d-----w- c:\users\Soonhee\AppData\Roaming\AVG
    2012-12-21 12:05 . 2012-12-21 12:07 -------- d-----w- c:\programdata\AVG
    2012-12-21 12:05 . 2012-12-21 12:05 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-12-21 00:43 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 00:43 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 00:43 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 00:43 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 00:02 . 2012-12-21 00:02 -------- d-----w- c:\program files (x86)\Sibelius Software
    2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\program files\iPod
    2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\program files\iTunes
    2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\program files (x86)\Internet Explorer\plugins\nppdf32.dll
    2012-12-17 22:28 . 2012-12-17 22:28 -------- d-----w- c:\users\Soonhee\AppData\Roaming\Funmoods
    2012-12-17 22:28 . 2012-12-18 13:29 -------- d-----w- c:\programdata\Tarma Installer
    2012-12-17 22:28 . 2012-12-17 22:28 -------- d-----w- c:\users\Soonhee\AppData\Local\PutLockerDownloader
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-09 08:03 . 2011-02-11 19:30 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-08 21:45 . 2012-04-03 22:00 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-08 21:45 . 2011-05-19 20:32 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
    2012-11-30 04:45 . 2013-01-09 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-16 04:33 . 2012-11-16 04:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-11-14 07:06 . 2012-12-13 08:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-13 08:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-13 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-13 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-13 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-13 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-13 08:01 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-13 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-13 08:01 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-13 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-13 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-13 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-13 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-13 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-13 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-13 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-13 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-13 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-13 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 11:10 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 11:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-02 05:59 . 2012-12-12 11:09 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 11:09 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    .
    c:\users\Soonhee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    SharePort Utility.lnk - c:\program files\D-Link\SharePort Utility\Connect.exe [2011-2-9 399208]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [2011-02-09 49152]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2011-02-09 291336]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 39697321
    *Deregistered* - 39697321
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-10 18:09 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:45]
    .
    2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 02:47]
    .
    2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 02:47]
    .
    2013-01-14 c:\windows\Tasks\HPCeeScheduleForSoonhee.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-17 6486120]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-dsnaui - c:\users\Soonhee\AppData\Roaming\dsnaui.dll
    Wow6432Node-HKCU-Run-wicinc - c:\users\Soonhee\AppData\Roaming\wicinc.dll
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-56107308.sys
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-16 16:00:36
    ComboFix-quarantined-files.txt 2013-01-16 21:00
    .
    Pre-Run: 347,705,094,144 bytes free
    Post-Run: 348,345,364,480 bytes free
    .
    - - End Of File - - C23F4C14E12CEC076C2AAC27F8C47131
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi again. Did you install some fonts a few weeks ago?

    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.
  8. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Thank you for all of your help. I do not recall installing any new fonts in the last few weeks.
    Here is the Adware report:
    # AdwCleaner v2.106 - Logfile created 01/17/2013 at 13:03:27
    # Updated 17/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Soonhee - SOONHEE-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Soonhee\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Folder Deleted : C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Folder Deleted : C:\Users\Soonhee\AppData\Roaming\Funmoods
    ***** [Registry] *****
    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\InstallCore
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
    Key Deleted : HKLM\Software\SweetIM
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409 --> hxxp://www.google.com
    -\\ Google Chrome v24.0.1312.52
    File : C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[S1].txt - [2619 octets] - [17/01/2013 13:03:27]
    ########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########
  9. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Here is the Junkware report:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.3 (01.15.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Soonhee on Thu 01/17/2013 at 13:11:00.00
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    ~~~ Files
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

    ~~~ Folders
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

    ~~~ Chrome
    Successfully deleted: [Folder] C:\Users\Soonhee\appdata\local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Successfully deleted: [Folder] C:\Users\Soonhee\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/17/2013 at 13:17:32.88
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go to www.virustotal.com and submit the following file for scanning by hitting first the Choose File button, look for c:\windows\Fonts\RPRSTITL.FOT, and hitting Scan It!

    Once done, post the URL from the address bar for the result, in your next reply.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  11. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    I can't find the file c:\windows\fonts\rprstitl.fot. Should it come up in a search of the c: drive? When I click on Choose File and paste the file name in, nothing happens.

    Here is the first half of the OTL log:


    OTL logfile created on: 1/18/2013 5:04:22 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soonhee\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 33.83% Memory free
    7.60 Gb Paging File | 5.20 Gb Available in Paging File | 68.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 448.43 Gb Total Space | 322.74 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
    Drive D: | 17.03 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

    Computer Name: SOONHEE-HP | User Name: Soonhee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/18 17:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soonhee\Downloads\OTL.exe
    PRC - [2013/01/08 15:45:54 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/09 03:43:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
    MOD - [2013/01/09 03:35:44 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
    MOD - [2013/01/09 03:35:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/09 03:35:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
    MOD - [2013/01/09 03:35:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/09 03:34:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/09 03:34:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/09 03:34:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/09 03:34:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/09 03:34:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/02/09 16:26:03 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
    SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/08 16:45:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/17 09:34:38 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/02/09 16:26:04 | 000,291,336 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
    DRV:64bit: - [2011/01/24 14:41:46 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/05/31 14:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-notebook.us.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}
    IE - HKCU\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKCU\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKCU\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKCU\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}: "URL" = http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)



    ========== Chrome ==========

    CHR - homepage: http://hp-notebook.us.msn.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://hp-notebook.us.msn.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Seashells = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdibpgknlnbmlmikbbifpeienojmkea\1_0\
    CHR - Extension: Gmail = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/16 15:58:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
  12. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - Startup: C:\Users\Soonhee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Utility.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...on&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/18 10:11:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{8A1168FA-5F24-4EA3-BF6A-C8C01270985E}
    [2013/01/17 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{6EE1CBEF-D601-444F-ADB2-2D410A530498}
    [2013/01/17 13:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/17 13:10:44 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/17 13:10:38 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
    [2013/01/17 13:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/17 10:10:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DA4CDC8C-DF33-4B25-A67F-141C2E6617AF}
    [2013/01/16 16:00:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/16 15:49:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/16 15:49:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/16 15:49:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/16 15:49:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/16 15:49:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/16 15:36:38 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
    [2013/01/16 12:56:29 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E}
    [2013/01/16 12:48:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\Malwarebytes
    [2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/16 12:48:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/01/16 12:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/16 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\Programs
    [2013/01/16 00:56:04 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A}
    [2013/01/15 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B}
    [2013/01/15 00:55:41 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7}
    [2013/01/14 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823}
    [2013/01/14 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0}
    [2013/01/13 12:54:41 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931}
    [2013/01/13 00:54:30 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54}
    [2013/01/12 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F}
    [2013/01/12 00:54:07 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5}
    [2013/01/11 12:53:56 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE}
    [2013/01/11 09:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/01/11 00:53:44 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A}
    [2013/01/10 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567}
    [2013/01/10 00:53:21 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2}
    [2013/01/09 12:53:10 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB}
    [2013/01/09 00:52:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D}
    [2013/01/08 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958}
    [2013/01/08 00:52:23 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3}
    [2013/01/07 12:52:11 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B}
    [2013/01/07 00:51:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B}
    [2013/01/06 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/06 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE}
    [2013/01/03 22:00:04 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E}
    [2013/01/03 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138}
    [2013/01/03 21:13:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC}
    [2013/01/03 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7}
    [2013/01/02 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217}
    [2013/01/02 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4}
    [2013/01/02 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840}
    [2013/01/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026}
    [2013/01/01 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E}
    [2012/12/31 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555}
    [2012/12/30 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F}
    [2012/12/29 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A}
    [2012/12/29 09:11:49 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B}
    [2012/12/28 21:11:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14}
    [2012/12/28 09:11:26 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527}
    [2012/12/27 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6}
    [2012/12/26 21:14:27 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0}
    [2012/12/26 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB}
    [2012/12/26 09:10:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335}
    [2012/12/25 21:10:01 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6}
    [2012/12/25 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\ArcSoft
    [2012/12/25 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2012/12/25 10:48:48 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
    [2012/12/25 10:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
    [2012/12/25 10:48:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\ArcSoft
    [2012/12/25 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\Documents\zm1
    [2012/12/25 09:09:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6}
    [2012/12/24 21:09:13 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784}
    [2012/12/23 09:08:39 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90}
    [2012/12/22 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A}
    [2012/12/22 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855}
    [2012/12/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A}
    [2012/12/21 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918}
    [2012/12/21 07:06:32 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\AVG
    [2012/12/21 07:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012/12/21 07:05:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/12/20 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C}
    [2012/12/20 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
    [2012/12/20 09:06:27 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B}
    [2012/12/19 21:06:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7}
    [1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/18 17:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/18 16:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/17 23:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/17 13:27:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/17 13:27:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/17 13:19:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/17 13:19:41 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/17 13:10:44 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
    [2013/01/17 13:02:50 | 000,574,677 | ---- | M] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
    [2013/01/16 15:58:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/16 15:52:38 | 000,006,527 | ---- | M] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
    [2013/01/16 15:37:07 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
    [2013/01/16 12:48:38 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/13 21:30:49 | 000,002,251 | ---- | M] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
    [2013/01/13 21:30:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSoonhee.job
    [2013/01/09 03:29:53 | 000,516,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 03:08:20 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/09 03:08:20 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/09 03:08:20 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/07 10:41:03 | 000,134,656 | ---- | M] () -- C:\Users\Soonhee\Documents\february.cal
    [2013/01/06 16:15:22 | 000,000,102 | ---- | M] () -- C:\Users\Soonhee\jobq.dat
    [2012/12/26 16:10:30 | 005,039,834 | ---- | M] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
    [2012/12/25 10:31:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
    [1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/17 13:02:25 | 000,574,677 | ---- | C] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
    [2013/01/16 15:49:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/16 15:49:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/16 15:49:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/16 15:49:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/16 15:49:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/16 12:48:38 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 22:45:14 | 000,006,527 | ---- | C] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
    [2013/01/06 17:39:30 | 000,002,251 | ---- | C] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
    [2012/12/26 16:10:30 | 005,039,834 | ---- | C] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
    [2012/12/25 10:31:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
    [2012/02/11 20:50:12 | 000,000,102 | ---- | C] () -- C:\Users\Soonhee\jobq.dat
    [2011/03/03 07:54:18 | 000,001,854 | ---- | C] () -- C:\Users\Soonhee\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/19 00:17:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/10 21:21:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/02/09 16:21:47 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/24 14:41:09 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2011/01/24 14:41:09 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/02/10 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Amazon
    [2012/12/21 07:06:32 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG
    [2012/12/11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG2013
    [2012/03/16 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\BattleTag
    [2011/08/23 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Catalina Marketing Corp
    [2012/10/30 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\com.amazon.music.uploader
    [2011/03/17 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\GetRightToGo
    [2011/07/28 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\go
    [2011/04/22 16:29:17 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Keynote Systems
    [2012/05/13 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\OverDrive
    [2012/01/18 17:20:38 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\PDF Writer
    [2011/03/17 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Playlist Creator for SanDisk Sansa Fuze
    [2011/02/26 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Rovio
    [2012/02/07 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SanDisk
    [2013/01/13 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SoftGrid Client
    [2011/02/09 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TP
    [2012/12/24 21:51:07 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TuneUp Software
    [2011/02/13 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:B1FBBD09
    @Alternate Data Stream - 143 bytes -> C:\Users\Soonhee\Documents\FamilyNews 2011.nws:OECustomProperty
    < End of report >
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
     
  14. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Thank you for all of your help so far. Here is the log:

    All processes killed
    ========== OTL ==========
    ADS C:\ProgramData\Temp:B1FBBD09 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{756E955F-433D-4104-8ACE-E010EEB1676F}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{756E955F-433D-4104-8ACE-E010EEB1676F}\ not found.
    C:\Users\Soonhee\AppData\Local\{8A1168FA-5F24-4EA3-BF6A-C8C01270985E} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{6EE1CBEF-D601-444F-ADB2-2D410A530498} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{DA4CDC8C-DF33-4B25-A67F-141C2E6617AF} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B} folder moved successfully.
    C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7} folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Soonhee\Downloads\cmd.bat deleted successfully.
    C:\Users\Soonhee\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Soonhee
    ->Temp folder emptied: 2043225 bytes
    ->Temporary Internet Files folder emptied: 1100177850 bytes
    ->Java cache emptied: 945091 bytes
    ->Google Chrome cache emptied: 104347785 bytes
    ->Flash cache emptied: 1826175 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5484 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,153.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01192013_125855
    Files\Folders moved on Reboot...
    C:\Users\Soonhee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Soonhee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTMQ8OER\bind[1].htm not found!
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Next OTL log please, to verify infection is gone...
  16. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    This is the latest OTL log that I have. Should I have run another scan?
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run another Quick Scan. :)
  18. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Okay, thanks!

    OTL logfile created on: 1/19/2013 4:03:37 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soonhee\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.39% Memory free
    7.60 Gb Paging File | 5.57 Gb Available in Paging File | 73.27% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 448.43 Gb Total Space | 326.60 Gb Free Space | 72.83% Space Free | Partition Type: NTFS
    Drive D: | 17.03 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

    Computer Name: SOONHEE-HP | User Name: Soonhee | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/18 17:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soonhee\Downloads\OTL.exe
    PRC - [2013/01/08 15:45:54 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/09 03:43:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
    MOD - [2013/01/09 03:35:44 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
    MOD - [2013/01/09 03:35:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/09 03:35:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
    MOD - [2013/01/09 03:35:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
    MOD - [2013/01/09 03:34:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
    MOD - [2013/01/09 03:34:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
    MOD - [2013/01/09 03:34:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
    MOD - [2013/01/09 03:34:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
    MOD - [2013/01/09 03:34:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/02/09 16:26:03 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
    SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/08 16:45:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/17 09:34:38 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/02/09 16:26:04 | 000,291,336 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
    DRV:64bit: - [2011/01/24 14:41:46 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/05/31 14:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-notebook.us.msn.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}
    IE - HKCU\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKCU\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKCU\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKCU\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}: "URL" = http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)



    ========== Chrome ==========

    CHR - homepage: http://hp-notebook.us.msn.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://hp-notebook.us.msn.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Seashells = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdibpgknlnbmlmikbbifpeienojmkea\1_0\
    CHR - Extension: Gmail = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
  19. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    File: ([2013/01/16 15:58:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - Startup: C:\Users\Soonhee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Utility.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...on&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
    O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/19 12:58:55 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/19 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F0145D01-49D3-4380-8DE6-AD5012D194FF}
    [2013/01/18 22:11:36 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D6E842DF-8BD8-497F-A26E-52A5E2D15BCE}
    [2013/01/17 13:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/17 13:10:44 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/17 13:10:38 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
    [2013/01/17 13:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/16 16:00:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/16 15:49:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/16 15:49:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/16 15:49:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/16 15:49:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/16 15:49:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/16 15:36:38 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
    [2013/01/16 12:48:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\Malwarebytes
    [2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/16 12:48:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/01/16 12:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/16 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\Programs
    [2013/01/11 09:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/01/06 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/12/25 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\ArcSoft
    [2012/12/25 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
    [2012/12/25 10:48:48 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
    [2012/12/25 10:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
    [2012/12/25 10:48:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\ArcSoft
    [2012/12/25 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\Documents\zm1
    [2012/12/21 07:06:32 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\AVG
    [2012/12/21 07:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012/12/21 07:05:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/12/20 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
    [1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/19 15:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/19 15:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/19 13:12:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/19 13:12:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/19 13:05:36 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/19 13:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/19 13:05:09 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/19 11:36:06 | 000,514,048 | ---- | M] () -- C:\Users\Soonhee\Documents\february.cal
    [2013/01/17 13:10:44 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
    [2013/01/17 13:02:50 | 000,574,677 | ---- | M] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
    [2013/01/16 15:58:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/16 15:52:38 | 000,006,527 | ---- | M] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
    [2013/01/16 15:37:07 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
    [2013/01/16 12:48:38 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/13 21:30:49 | 000,002,251 | ---- | M] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
    [2013/01/13 21:30:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSoonhee.job
    [2013/01/09 03:29:53 | 000,516,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 03:08:20 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/09 03:08:20 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/09 03:08:20 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/06 16:15:22 | 000,000,102 | ---- | M] () -- C:\Users\Soonhee\jobq.dat
    [2012/12/26 16:10:30 | 005,039,834 | ---- | M] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
    [2012/12/25 10:31:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
    [1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/17 13:02:25 | 000,574,677 | ---- | C] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
    [2013/01/16 15:49:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/16 15:49:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/16 15:49:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/16 15:49:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/16 15:49:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/16 12:48:38 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/15 22:45:14 | 000,006,527 | ---- | C] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
    [2013/01/06 17:39:30 | 000,002,251 | ---- | C] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
    [2012/12/26 16:10:30 | 005,039,834 | ---- | C] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
    [2012/12/25 10:31:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
    [2012/02/11 20:50:12 | 000,000,102 | ---- | C] () -- C:\Users\Soonhee\jobq.dat
    [2011/03/03 07:54:18 | 000,001,854 | ---- | C] () -- C:\Users\Soonhee\AppData\Roaming\GhostObjGAFix.xml
    [2011/02/19 00:17:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/10 21:21:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/02/09 16:21:47 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/24 14:41:09 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2011/01/24 14:41:09 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/02/10 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Amazon
    [2012/12/21 07:06:32 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG
    [2012/12/11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG2013
    [2012/03/16 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\BattleTag
    [2011/08/23 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Catalina Marketing Corp
    [2012/10/30 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\com.amazon.music.uploader
    [2011/03/17 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\GetRightToGo
    [2011/07/28 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\go
    [2011/04/22 16:29:17 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Keynote Systems
    [2012/05/13 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\OverDrive
    [2012/01/18 17:20:38 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\PDF Writer
    [2011/03/17 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Playlist Creator for SanDisk Sansa Fuze
    [2011/02/26 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Rovio
    [2012/02/07 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SanDisk
    [2013/01/13 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SoftGrid Client
    [2011/02/09 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TP
    [2012/12/24 21:51:07 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TuneUp Software
    [2011/02/13 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 143 bytes -> C:\Users\Soonhee\Documents\FamilyNews 2011.nws:OECustomProperty
    < End of report >
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  21. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    Good morning! Here is the MBR info:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-21 09:21:19
    -----------------------------
    09:21:19.289 OS Version: Windows x64 6.1.7601 Service Pack 1
    09:21:19.289 Number of processors: 4 586 0x2505
    09:21:19.289 ComputerName: SOONHEE-HP UserName: Soonhee
    09:21:22.316 Initialize success
    09:21:53.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    09:21:53.625 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
    09:21:53.641 Disk 0 MBR read successfully
    09:21:53.656 Disk 0 MBR scan
    09:21:53.656 Disk 0 unknown MBR code
    09:21:53.672 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    09:21:53.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459193 MB offset 409600
    09:21:53.719 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17443 MB offset 940836864
    09:21:53.719 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    09:21:53.750 Disk 0 scanning C:\Windows\system32\drivers
    09:22:01.706 Service scanning
    09:22:21.331 Modules scanning
    09:22:21.347 Scan finished successfully
    09:22:42.937 Disk 0 MBR has been saved successfully to "C:\Users\Soonhee\Desktop\MBR.dat"
    09:22:42.937 The log file has been saved successfully to "C:\Users\Soonhee\Desktop\aswMBR.txt"

    Attached Files:

  22. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    #1

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Soonhee [Admin rights]
    Mode : Scan -- Date : 01/21/2013 09:27:35
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
    [TASK][ROGUE ST] 4902 : wscript.exe C:\Users\Soonhee\AppData\Local\Temp\launchie.vbs //B -> FOUND
    [TASK][SUSP PATH] Funmoods : C:\Users\Soonhee\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> FOUND
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
    --- User ---
    [MBR] 374e3325c1c1847b6fa1b4f93c8dd912
    [BSP] f3075bc5a2f280d1fda7138b61330516 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459193 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940836864 | Size: 17443 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_01212013_02d0927.txt >>
    RKreport[1]_S_01212013_02d0927.txt
  23. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    #2

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Soonhee [Admin rights]
    Mode : Remove -- Date : 01/21/2013 09:28:41
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 11 ¤¤¤
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> DELETED
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
    [TASK][ROGUE ST] 4902 : wscript.exe C:\Users\Soonhee\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [TASK][SUSP PATH] Funmoods : C:\Users\Soonhee\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> DELETED
    [TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> ERROR
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
    --- User ---
    [MBR] 374e3325c1c1847b6fa1b4f93c8dd912
    [BSP] f3075bc5a2f280d1fda7138b61330516 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459193 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940836864 | Size: 17443 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_01212013_02d0928.txt >>
    RKreport[1]_S_01212013_02d0927.txt ; RKreport[2]_D_01212013_02d0928.txt
  24. sblackb

    sblackb Newcomer, in training Topic Starter Posts: 21

    #3

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Soonhee [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/21/2013 09:30:52
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 7 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 2012 / Fail 0
    My documents: Success 4 / Fail 4
    My favorites: Success 0 / Fail 0
    My pictures: Success 84 / Fail 0
    My music: Success 1237 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 81 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped
    [Q:] \Device\SftVol -- 0x3 --> Restored
    Finished : << RKreport[3]_SC_01212013_02d0930.txt >>
    RKreport[1]_S_01212013_02d0927.txt ; RKreport[2]_D_01212013_02d0928.txt ; RKreport[3]_SC_01212013_02d0930.txt
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Kaspersky GetSystemInfo Scan

    Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

    Note: please close all other applications running on your system.

    Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

    Click the Settings button.[​IMG]

    [​IMG]

    Set the slider to Maximum.

    [​IMG]

    IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


    [​IMG]

    On the General tab, make sure all of the boxes are checked.


    [​IMG]

    On the Misc tab, make sure all the checkboxes are checked.

    Then, click OK on the windows that you launched.


    [​IMG]
    Click Create Report to run it.

    [​IMG]
    It will begin scanning.

    It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

    It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

    It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.