Solved Newcomer to this great forum who is anxious to remove malwares

megaboy1

Posts: 59   +0
Hi. I'm really glad to find this great forum.. looking around, there seems to be so many genius solutions by genius minds...
I'd like to follow the 5 step malware removal process.. I hope this is how I do it here..

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.04.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
2nd_Window :: 2ND_WINDOW-PC [administrator]

04/03/2012 11:12:41 AM
mbam-log-2012-03-04 (11-12-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220689
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Quarantined and deleted successfully.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\2nd_Window\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)
------------------------------------------
------------------------------------------


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-04 11:53:09
Windows 6.1.7600 Harddisk2\DR2 -> \Device\0000006a Hitachi_ rev.ST6O
Running: sinyzmwt.exe; Driver: C:\Users\2ND_WI~1\AppData\Local\Temp\kflyruog.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9441F7A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\tdx \Device\Ip AMonTDLH.sys
Device \Driver\tdx \Device\Tcp AMonTDLH.sys
Device \Driver\tdx \Device\Udp AMonTDLH.sys
Device \Driver\tdx \Device\RawIp AMonTDLH.sys

---- EOF - GMER 1.0.15 ----


------------------------------------------
------------------------------------------


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by 2nd_Window at 12:09:05 on 2012-03-04
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.3071.1633 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\USADISK\WEBHARD_Agent.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Users\2nd_Window\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Users\2ND_WI~1\AppData\Local\Temp\nsm2934.tmp\MBR.DAT
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\users\2nd_window\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Media Finder] "c:\program files\media finder\MF.exe" /opentotray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
StartupFolder: c:\users\2nd_wi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
StartupFolder: c:\users\2nd_wi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\2nd_window\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
Trusted Zone: samsungsetup.com\www
DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/CKKeyPro/wooribank/TouchEnkey3104_32k.cab
DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://fx.keb.co.kr/veraport/veraport.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
DPF: {BF6F8114-5DC3-4515-9BC6-16342AE7FDCE} - hxxp://www.usfolder.com/fs_prg/XFShowClient.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D2609B40-9964-43E4-8806-3C75C8B21CA2} - hxxp://www.sojufile.com/mmsv/SojuFileWebControl.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{6EDF2B0B-7768-4AF9-9C28-5F092761D327} : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{DB807610-0C56-42BA-BAAE-892EEDD58842} : DhcpNameServer = 64.71.255.198
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\2nd_window\appdata\roaming\mozilla\firefox\profiles\jum4g5z1.default\
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_440\npaosmgr.dll
FF - plugin: c:\program files\common files\gretech\npgomtvx_nie.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npxecure.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npxwfile.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin.dll
FF - plugin: c:\program files\softforum\xecureweb\activex\npxwebplugin_file.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\2nd_window\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 786e1f08000000000000485b3910853a
FF - user.js: extensions.BabylonToolbar_i.hardId - 786e1f08000000000000485b3910853a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15362
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:34:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 AMonTDLH;AMonTDLH;c:\windows\system32\drivers\AmonTDLh.sys [2011-9-27 90208]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-1-1 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-31 314456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-30 218688]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-31 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-2-18 44768]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-4 2253120]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2010-10-14 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2012-1-29 6321016]
R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\tablet\wacom\Wacom_TouchService.exe [2012-1-29 470904]
R2 USADISK_AGENT;USADISK UPDATE SERVICE;c:\program files\usadisk\WEBHARD_Agent.exe [2011-6-13 155856]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-6-10 1394688]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CdmDrvNt;CdmDrvNt;c:\windows\system32\drivers\CdmDrvNt.sys [2011-9-27 19616]
S3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-11-30 22480]
S3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-9-26 126048]
S3 MfFWEnt;MfFWEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mffwent.sys [2011-9-27 101368]
S3 MfIPSEnt;MfIPSEnt;c:\program files\ahnlab\asp\myfirewall 4.0\mfipsent.sys [2011-9-27 121536]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-24 1343400]
.
=============== Created Last 30 ================
.
2012-03-03 00:26:11 -------- d-----w- c:\program files\ESET
2012-02-13 21:30:19 -------- d-----w- c:\users\2nd_window\appdata\local\{2F71EB05-F19E-46E3-AF95-C42B4FE47C7F}
2012-02-13 21:30:05 -------- d-----w- c:\users\2nd_window\appdata\local\{256A39E1-D2D5-4886-93AF-6ACC8FAAA04F}
2012-02-13 05:49:26 -------- d-----w- c:\program files\DeskPins
2012-02-10 21:14:43 -------- d-----w- c:\users\2nd_window\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-10 20:55:40 -------- d-----w- c:\program files\AutoHotkey
2012-02-10 17:10:49 8 --sh--r- c:\programdata\53958F55BF.sys
2012-02-10 17:10:49 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-10 17:10:21 -------- d-----w- c:\program files\common files\Corel
2012-02-10 17:10:11 -------- d-----w- c:\program files\common files\Protexis
2012-02-10 17:10:10 -------- d-----w- c:\programdata\Corel
2012-02-10 17:08:21 -------- d-----w- c:\program files\Corel
2012-02-10 17:00:35 -------- d-----w- c:\programdata\Alias
2012-02-10 16:56:21 -------- d-----w- C:\Autodesk
2012-02-10 06:07:46 -------- d-----w- c:\users\2nd_window\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-02-10 06:07:46 -------- d-----w- c:\users\2nd_window\appdata\roaming\Adobe Mini Bridge CS5
2012-02-05 18:48:43 53248 ----a-r- c:\users\2nd_window\appdata\roaming\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2012-02-05 18:48:13 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-05 18:46:32 -------- d-----w- c:\users\2nd_window\appdata\roaming\Logishrd
2012-02-04 07:32:33 -------- d-----w- c:\program files\USADISK
.
==================== Find3M ====================
.
2012-01-23 13:38:24 1479032 ----a-w- c:\windows\system32\Wintab32.dll
2012-01-23 13:38:24 1453432 ----a-w- c:\windows\system32\WacomMT.dll
2012-01-23 13:38:24 1428856 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2012-01-23 13:38:24 1422200 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 12:09:22.34 ===============





------------------------------------------
------------------------------------------



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 22/12/2010 2:35:24 PM
System Uptime: 04/03/2012 11:23:33 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-D
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 488 GiB total, 226.762 GiB free.
D: is FIXED (NTFS) - 57 GiB total, 32.399 GiB free.
E: is FIXED (NTFS) - 335 GiB total, 268.77 GiB free.
F: is FIXED (NTFS) - 443 GiB total, 208.445 GiB free.
G: is CDROM (CDFS)
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP93: 18/02/2012 12:45:27 AM - Scheduled Checkpoint
RP94: 20/02/2012 5:06:03 PM - Installed Adobe Reader X (10.1.0).
RP95: 28/02/2012 12:10:10 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat 9 Pro - English, Russian
Adobe Acrobat 9.4.0 - CPSID_83708
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS5
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader X (10.1.2)
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Æ÷Æ®¸®½º2 Forever
AhnLab Online Security
ALTools Update
ALZip
Apple Application Support
Apple Software Update
Autodesk DirectConnect 2009
Autodesk SketchBookPro 2011
AutoHotkey 1.0.48.05
avast! Free Antivirus
Bulk Rename Utility 2.7.1.2
CCleaner
ComicRack v0.9.146
Content
CoreAVC Professional Edition (remove only)
Corel Painter 11
Corel Painter 11 - ICA
Corel Painter 11 - IPM
Crimson Editor SVN286
D3DX10
DAEMON Tools Lite
DeskPins (remove only)
Dropbox
DTS+AC3 Filter
EasyBCD 2.1
EPSON Scan
eReg
ESET Online Scanner v3
FileZilla Client 3.3.5.1
GOM Player
GOMTV Plug-in
Google Chrome
Haali Media Splitter
IconHandler 32 bit
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Mega Codec Pack 7.2.0
Langauge
Logitech SetPoint 6.32
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes Anti-Malware version 1.60.1.1000
Maya 2009
Maya 2009 Documentation (en_US)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mini
Mozilla Firefox 9.0.1 (x86 en-US)
MPEG2 Codec(libmpeg2/mad)
MSVCRT
NetFolder
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.5.20
NVIDIA Update Components
OhCASTra
OpenOffice.org 3.3
PlayReady PC Runtime x86
PS3 Media Server
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Samsung ML-1865W Series
SDM WebHard Program
Simply Accounting by Sage 2006
VeraPort (보안모듈관리 프로그램)
VLC media player 1.1.9
Wacom Tablet
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
XecureWeb Control
ZBrush 4
.
==== Event Viewer Messages From Past Week ========
.
26/02/2012 2:04:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServiceWacom service.
03/03/2012 4:28:53 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Thanks for the quick help!!
The below is the logs.
(And just so you know I got this warning window for Bootkit Remover. )

WARNING
ATA_PASS_THROUGH_DIRECT is not supported by your disk controller.
SCSI_PASS_THROUGH_DIRECT will be use for disk I/O



----------------------------------
----------------------------------



aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-04 16:23:18
-----------------------------
16:23:18.070 OS Version: Windows 6.1.7600
16:23:18.070 Number of processors: 4 586 0xF0B
16:23:18.072 ComputerName: 2ND_WINDOW-PC UserName: 2nd_Window
16:23:25.159 Initialize success
16:23:25.492 AVAST engine defs: 12030400
16:23:34.627 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3
16:23:34.630 Disk 0 Vendor: Maxtor_6Y060L0 YAR41VW0 Size: 58644MB BusType: 3
16:23:34.633 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
16:23:34.635 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 3
16:23:34.639 Disk 2 (boot) \Device\Harddisk2\DR2 -> \Device\0000006a
16:23:34.642 Disk 2 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
16:23:34.657 Disk 2 MBR read successfully
16:23:34.661 Disk 2 MBR scan
16:23:34.665 Disk 2 Windows XP default MBR code
16:23:34.669 Disk 2 Partition 1 00 07 HPFS/NTFS NTFS 499999 MB offset 63
16:23:34.674 Disk 2 Partition - 00 0F Extended LBA 453859 MB offset 1023999165
16:23:34.698 Disk 2 Partition 2 00 07 HPFS/NTFS NTFS 453859 MB offset 1023999228
16:23:34.704 Disk 2 scanning sectors +1953504000
16:23:34.748 Disk 2 scanning C:\Windows\system32\drivers
16:23:43.261 Service scanning
16:24:01.113 Modules scanning
16:24:09.391 Disk 2 trace - called modules:
16:24:09.409 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
16:24:09.414 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0x864619f8]
16:24:09.420 3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x85410b50]
16:24:09.426 5 ACPI.sys[8b0bc3b2] -> nt!IofCallDriver -> \Device\0000006a[0x85410c78]
16:24:10.491 AVAST engine scan C:\Windows
16:24:12.532 AVAST engine scan C:\Windows\system32
16:25:44.442 AVAST engine scan C:\Windows\system32\drivers
16:25:53.974 AVAST engine scan C:\Users\2nd_Window
16:29:39.080 Disk 2 MBR has been saved successfully to "C:\Users\2nd_Window\Desktop\MBR.dat"
16:29:39.093 The log file has been saved successfully to "C:\Users\2nd_Window\Desktop\aswMBR.txt"


------------------------------------------------
-----------------------------------------------



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive2 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive2 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here are the logs,,
(I'm not sure if it is supposed to be this way, but ComboFix ran with reduced functionality because it expired - said so in pop up window before it ran)


-----------------------------



ComboFix 12-02-25.02 - 2nd_Window 04/03/2012 18:24:35.2.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.949.82.1033.18.3071.2624 [GMT -5:00]
Running from: c:\users\2nd_Window\Desktop\whynotworkingcombofx.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 23:26 . 2012-03-04 23:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-04 23:26 . 2012-03-04 23:26 -------- d-----w- c:\users\UpdatusUser.2nd_Window-PC\AppData\Local\temp
2012-03-04 23:26 . 2012-03-04 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 00:26 . 2012-03-03 00:26 -------- d-----w- c:\program files\ESET
2012-02-13 05:49 . 2012-02-13 05:49 -------- d-----w- c:\program files\DeskPins
2012-02-10 21:14 . 2012-02-10 21:14 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-10 20:55 . 2012-02-10 20:55 -------- d-----w- c:\program files\AutoHotkey
2012-02-10 17:10 . 2012-02-10 19:13 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-10 17:10 . 2012-02-10 17:10 8 --sh--r- c:\programdata\53958F55BF.sys
2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Corel
2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\program files\Common Files\Corel
2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\program files\Common Files\Protexis
2012-02-10 17:10 . 2012-02-10 17:10 -------- d-----w- c:\programdata\Corel
2012-02-10 17:08 . 2012-02-10 17:08 -------- d-----w- c:\program files\Corel
2012-02-10 17:00 . 2012-02-10 17:01 -------- d-----w- c:\programdata\Alias
2012-02-10 16:56 . 2012-02-10 16:56 -------- d-----w- C:\Autodesk
2012-02-10 06:07 . 2012-02-10 06:07 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-02-10 06:07 . 2012-02-10 06:07 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Adobe Mini Bridge CS5
2012-02-10 04:53 . 2012-02-10 04:53 -------- d-----w- c:\program files\Adobe Media Player
2012-02-05 18:48 . 2012-02-05 18:48 53248 ----a-r- c:\users\2nd_Window\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-05 18:48 . 2012-02-05 18:48 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Leadertech
2012-02-05 18:48 . 2012-02-05 18:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-05 18:47 . 2012-02-05 18:48 -------- d-----w- c:\programdata\Logishrd
2012-02-05 18:47 . 2012-02-05 18:47 -------- d-----w- c:\program files\Logitech
2012-02-05 18:47 . 2012-02-05 18:48 -------- d-----w- c:\program files\Common Files\Logishrd
2012-02-05 18:46 . 2012-02-05 18:48 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Logitech
2012-02-05 18:46 . 2012-02-05 18:46 -------- d-----w- c:\users\2nd_Window\AppData\Roaming\Logishrd
2012-02-04 07:32 . 2012-03-04 22:48 -------- d-----w- c:\program files\USADISK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 02:36 . 2011-12-26 02:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-15 02:35 . 2011-12-26 02:48 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-02-15 02:35 . 2011-12-04 00:52 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-02 02:47 . 2011-11-28 01:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-02 02:47 . 2011-11-28 01:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-02-02 02:47 . 2011-11-28 01:18 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-23 13:38 . 2012-01-29 05:21 1422200 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2012-01-23 13:38 . 2012-01-29 05:20 1479032 ----a-w- c:\windows\system32\Wintab32.dll
2012-01-23 13:38 . 2012-01-29 05:20 1453432 ----a-w- c:\windows\system32\WacomMT.dll
2012-01-23 13:38 . 2012-01-29 05:20 1428856 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-12-10 20:24 . 2011-03-19 17:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-11 05:27 . 2011-08-22 04:35 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-01-25 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-20 273544]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
.
c:\users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DeskPins.lnk - c:\program files\DeskPins\DeskPins.exe [2004-5-2 62464]
Dropbox.lnk - c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 23:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 09:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 AMonTDLH;AMonTDLH;c:\windows\system32\Drivers\AMonTDLH.sys [2011-05-26 90208]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-01-23 6321016]
R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-01-23 470904]
R2 USADISK_AGENT;USADISK UPDATE SERVICE;c:\program files\USADISK\WEBHARD_Agent.exe [2011-06-13 155856]
R3 ALSysIO;ALSysIO;c:\users\2ND_WI~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 CdmDrvNt;CdmDrvNt;c:\windows\system32\Drivers\CdmDrvNt.sys [2009-07-21 19616]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [x]
R3 JRSUKD25;JRSUKD25;c:\windows\system32\JRSUKD25.SYS [2011-11-30 22480]
R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [2011-09-28 126048]
R3 MfFWEnt;MfFWEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2010-06-28 101368]
R3 MfIPSEnt;MfIPSEnt;c:\program files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2010-06-28 121536]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-24 1343400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-04-30 218688]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000Core.job
- c:\users\2nd_Window\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 16:24]
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000UA.job
- c:\users\2nd_Window\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 64.71.255.198
DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} - hxxp://pib.wooribank.com/com/installer/interezen/WRebw.cab
DPF: {79419762-2D03-48F8-A63E-0544D95143DE} - hxxp://www.x2game.com/Control/AutoPatchOCX.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://fx.keb.co.kr/veraport/veraport.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
DPF: {BF6F8114-5DC3-4515-9BC6-16342AE7FDCE} - hxxp://www.usfolder.com/fs_prg/XFShowClient.cab
DPF: {D2609B40-9964-43E4-8806-3C75C8B21CA2} - hxxp://www.sojufile.com/mmsv/SojuFileWebControl.CAB
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
FF - ProfilePath - c:\users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - user.js: extensions.BabylonToolbar_i.id - 786e1f08000000000000485b3910853a
FF - user.js: extensions.BabylonToolbar_i.hardId - 786e1f08000000000000485b3910853a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15362
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Media Finder - c:\program files\Media Finder\MF.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Bviholetun - c:\users\2nd_Window\AppData\Local\iasxtol.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2032)
c:\users\2nd_Window\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-03-04 18:28:21
ComboFix-quarantined-files.txt 2012-03-04 23:28
.
Pre-Run: 247,900,254,208 bytes free
Post-Run: 247,785,037,824 bytes free
.
- - End Of File - - 77318ADCC3B3E21980824353ACF0F8B0




-------------------------------------
-------------------------------------




This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/03/2012 at 17:53:41.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Users\2nd_Window\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\2nd_Window\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\taskeng.exe


Rkill completed on 04/03/2012 at 17:53:45.
 
Strange.. when I run Combofix it says i need to disable Avast although i already disabled it. after okaying it warns 2nd time and says it will run anyway. Then it runs but it doesn't proceed after the line "However, scan ti for badly infected machines may easily double"
It was like this earlier so i chose to go 2nd option with rkill. and i downloaded combofix from 2nd link at that time and it worked in safe mode, except combofix in reduced function.

Now i downloaded the combofix fresh one from the first link... in safe mode with rkill,, it shows same result., doesnt proceed after "However, scan ti for badly infected machines may easily double"

should i uninstall Avast?
 
I ran overnight.. and it doesn't proceed after the line "However, scan for badly infected machines may easily double"
The clock's ticking, but there is no activity in CPU & RAM usage.
I will try different combination of Rkill files and ComboFix.. but I'm not confident...
 
What are the current computer issues?

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
I don't have serious issue as of now.. except for Babylon popping up whenever I create new tabs in Internet Explorer.
I assumed this is malware.. It doesn't go away even after uninstalling..
Plus I thought I may have many other hidden malewares since I'm not very good at computing..

And here is the log.

------------------------------
------------------------------


03:07:21.0851 5692 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
03:07:22.0297 5692 ============================================================
03:07:22.0297 5692 Current date / time: 2012/03/06 03:07:22.0297
03:07:22.0297 5692 SystemInfo:
03:07:22.0297 5692
03:07:22.0297 5692 OS Version: 6.1.7600 ServicePack: 0.0
03:07:22.0297 5692 Product type: Workstation
03:07:22.0297 5692 ComputerName: 2ND_WINDOW-PC
03:07:22.0297 5692 UserName: 2nd_Window
03:07:22.0297 5692 Windows directory: C:\Windows
03:07:22.0297 5692 System windows directory: C:\Windows
03:07:22.0297 5692 Processor architecture: Intel x86
03:07:22.0297 5692 Number of processors: 4
03:07:22.0297 5692 Page size: 0x1000
03:07:22.0297 5692 Boot type: Normal boot
03:07:22.0297 5692 ============================================================
03:07:23.0413 5692 Drive \Device\Harddisk0\DR0 - Size: 0xE51424000 (57.27 Gb), SectorSize: 0x200, Cylinders: 0x1D34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:07:23.0438 5692 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:07:23.0448 5692 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:07:23.0454 5692 Drive \Device\Harddisk3\DR3 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
03:07:23.0456 5692 \Device\Harddisk0\DR0:
03:07:23.0463 5692 MBR used
03:07:23.0463 5692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7289800
03:07:23.0463 5692 \Device\Harddisk1\DR1:
03:07:23.0471 5692 MBR used
03:07:23.0471 5692 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x29EB3000
03:07:23.0471 5692 \Device\Harddisk2\DR2:
03:07:23.0471 5692 MBR used
03:07:23.0471 5692 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3D08FC7E
03:07:23.0489 5692 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3D08FCFC, BlocksNum 0x37671E04
03:07:23.0489 5692 \Device\Harddisk3\DR3:
03:07:23.0490 5692 MBR used
03:07:23.0490 5692 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
03:07:23.0554 5692 Initialize success
03:07:23.0554 5692 ============================================================
03:07:25.0475 5664 ============================================================
03:07:25.0475 5664 Scan started
03:07:25.0475 5664 Mode: Manual;
03:07:25.0475 5664 ============================================================
03:07:26.0554 5664 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
03:07:26.0556 5664 1394ohci - ok
03:07:26.0589 5664 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
03:07:26.0592 5664 ACPI - ok
03:07:26.0619 5664 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
03:07:26.0620 5664 AcpiPmi - ok
03:07:26.0747 5664 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
03:07:26.0753 5664 adp94xx - ok
03:07:26.0777 5664 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
03:07:26.0781 5664 adpahci - ok
03:07:26.0799 5664 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
03:07:26.0802 5664 adpu320 - ok
03:07:26.0834 5664 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
03:07:26.0838 5664 AFD - ok
03:07:26.0927 5664 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
03:07:26.0929 5664 agp440 - ok
03:07:26.0955 5664 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
03:07:26.0957 5664 aic78xx - ok
03:07:27.0002 5664 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
03:07:27.0003 5664 aliide - ok
03:07:27.0080 5664 ALSysIO - ok
03:07:27.0169 5664 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
03:07:27.0171 5664 amdagp - ok
03:07:27.0185 5664 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
03:07:27.0187 5664 amdide - ok
03:07:27.0210 5664 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
03:07:27.0211 5664 AmdK8 - ok
03:07:27.0220 5664 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
03:07:27.0222 5664 AmdPPM - ok
03:07:27.0264 5664 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
03:07:27.0266 5664 amdsata - ok
03:07:27.0282 5664 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
03:07:27.0285 5664 amdsbs - ok
03:07:27.0369 5664 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
03:07:27.0370 5664 amdxata - ok
03:07:27.0432 5664 AMonTDLH (fec7a4e71710d4776f32f8700190b9eb) C:\Windows\system32\Drivers\AMonTDLH.sys
03:07:27.0434 5664 AMonTDLH - ok
03:07:27.0471 5664 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
03:07:27.0472 5664 AppID - ok
03:07:27.0596 5664 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
03:07:27.0598 5664 arc - ok
03:07:27.0626 5664 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
03:07:27.0628 5664 arcsas - ok
03:07:27.0697 5664 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
03:07:27.0699 5664 aswFsBlk - ok
03:07:27.0795 5664 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
03:07:27.0797 5664 aswMonFlt - ok
03:07:27.0827 5664 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
03:07:27.0829 5664 aswRdr - ok
03:07:27.0866 5664 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
03:07:27.0872 5664 aswSnx - ok
03:07:27.0890 5664 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
03:07:27.0894 5664 aswSP - ok
03:07:27.0979 5664 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
03:07:27.0981 5664 aswTdi - ok
03:07:28.0030 5664 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
03:07:28.0031 5664 AsyncMac - ok
03:07:28.0044 5664 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
03:07:28.0045 5664 atapi - ok
03:07:28.0131 5664 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
03:07:28.0137 5664 b06bdrv - ok
03:07:28.0191 5664 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:07:28.0194 5664 b57nd60x - ok
03:07:28.0273 5664 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
03:07:28.0274 5664 Beep - ok
03:07:28.0329 5664 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
03:07:28.0330 5664 blbdrive - ok
03:07:28.0383 5664 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
03:07:28.0385 5664 bowser - ok
03:07:28.0404 5664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:07:28.0405 5664 BrFiltLo - ok
03:07:28.0424 5664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:07:28.0425 5664 BrFiltUp - ok
03:07:28.0480 5664 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
03:07:28.0482 5664 BridgeMP - ok
03:07:28.0552 5664 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
03:07:28.0569 5664 Brserid - ok
03:07:28.0606 5664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
03:07:28.0608 5664 BrSerWdm - ok
03:07:28.0646 5664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:07:28.0647 5664 BrUsbMdm - ok
03:07:28.0684 5664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
03:07:28.0686 5664 BrUsbSer - ok
03:07:28.0695 5664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
03:07:28.0697 5664 BTHMODEM - ok
03:07:28.0763 5664 catchme - ok
03:07:28.0828 5664 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
03:07:28.0830 5664 cdfs - ok
03:07:28.0929 5664 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\Windows\system32\Drivers\CdmDrvNt.sys
03:07:28.0946 5664 CdmDrvNt - ok
03:07:29.0043 5664 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
03:07:29.0045 5664 cdrom - ok
03:07:29.0088 5664 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
03:07:29.0089 5664 circlass - ok
03:07:29.0126 5664 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
03:07:29.0130 5664 CLFS - ok
03:07:29.0228 5664 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
03:07:29.0229 5664 CmBatt - ok
03:07:29.0245 5664 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
03:07:29.0247 5664 cmdide - ok
03:07:29.0271 5664 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
03:07:29.0276 5664 CNG - ok
03:07:29.0289 5664 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
03:07:29.0291 5664 Compbatt - ok
03:07:29.0308 5664 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
03:07:29.0310 5664 CompositeBus - ok
03:07:29.0486 5664 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\Windows\system32\drivers\cpuz135_x32.sys
03:07:29.0510 5664 cpuz135 - ok
03:07:29.0546 5664 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
03:07:29.0547 5664 crcdisk - ok
03:07:29.0577 5664 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
03:07:29.0581 5664 CSC - ok
03:07:29.0613 5664 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
03:07:29.0615 5664 DfsC - ok
03:07:29.0632 5664 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
03:07:29.0633 5664 discache - ok
03:07:29.0731 5664 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
03:07:29.0733 5664 Disk - ok
03:07:29.0805 5664 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
03:07:29.0807 5664 Dot4 - ok
03:07:29.0854 5664 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:07:29.0856 5664 Dot4Print - ok
03:07:29.0956 5664 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
03:07:29.0957 5664 dot4usb - ok
03:07:30.0005 5664 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
03:07:30.0006 5664 drmkaud - ok
03:07:30.0046 5664 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
03:07:30.0049 5664 dtsoftbus01 - ok
03:07:30.0149 5664 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
03:07:30.0158 5664 DXGKrnl - ok
03:07:30.0265 5664 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
03:07:30.0297 5664 ebdrv - ok
03:07:30.0389 5664 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
03:07:30.0394 5664 elxstor - ok
03:07:30.0427 5664 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
03:07:30.0428 5664 ErrDev - ok
03:07:30.0466 5664 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
03:07:30.0469 5664 exfat - ok
03:07:30.0498 5664 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
03:07:30.0500 5664 fastfat - ok
03:07:30.0574 5664 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
03:07:30.0576 5664 fdc - ok
03:07:30.0597 5664 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
03:07:30.0599 5664 FileInfo - ok
03:07:30.0637 5664 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
03:07:30.0638 5664 Filetrace - ok
03:07:30.0663 5664 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
03:07:30.0664 5664 flpydisk - ok
03:07:30.0688 5664 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
03:07:30.0692 5664 FltMgr - ok
03:07:30.0774 5664 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
03:07:30.0776 5664 FsDepends - ok
03:07:30.0788 5664 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
03:07:30.0790 5664 Fs_Rec - ok
03:07:30.0841 5664 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
03:07:30.0844 5664 fvevol - ok
03:07:30.0866 5664 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:07:30.0867 5664 gagp30kx - ok
03:07:30.0968 5664 HCW85BDA (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
03:07:30.0984 5664 HCW85BDA - ok
03:07:31.0022 5664 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
03:07:31.0024 5664 hcw85cir - ok
03:07:31.0075 5664 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
03:07:31.0079 5664 HdAudAddService - ok
03:07:31.0149 5664 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:07:31.0151 5664 HDAudBus - ok
03:07:31.0165 5664 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
03:07:31.0166 5664 HidBatt - ok
03:07:31.0180 5664 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
03:07:31.0182 5664 HidBth - ok
03:07:31.0223 5664 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
03:07:31.0224 5664 HidIr - ok
03:07:31.0311 5664 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
03:07:31.0312 5664 HidUsb - ok
03:07:31.0361 5664 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
03:07:31.0363 5664 HpSAMD - ok
03:07:31.0409 5664 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
03:07:31.0415 5664 HTTP - ok
03:07:31.0428 5664 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
03:07:31.0430 5664 hwpolicy - ok
03:07:31.0510 5664 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
03:07:31.0512 5664 i8042prt - ok
03:07:31.0573 5664 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
03:07:31.0578 5664 iaStorV - ok
03:07:31.0635 5664 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
03:07:31.0636 5664 iirsp - ok
03:07:31.0710 5664 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
03:07:31.0711 5664 intelide - ok
03:07:31.0764 5664 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
03:07:31.0781 5664 intelppm - ok
03:07:31.0821 5664 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:07:31.0823 5664 IpFilterDriver - ok
03:07:31.0853 5664 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:07:31.0855 5664 IPMIDRV - ok
03:07:31.0888 5664 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
03:07:31.0891 5664 IPNAT - ok
03:07:31.0941 5664 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
03:07:31.0943 5664 IRENUM - ok
03:07:31.0985 5664 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
03:07:31.0986 5664 isapnp - ok
03:07:32.0022 5664 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
03:07:32.0025 5664 iScsiPrt - ok
03:07:32.0068 5664 JRSKD24 - ok
03:07:32.0124 5664 JRSUKD25 (139d9d538284ec721d759df7238b8850) C:\Windows\system32\JRSUKD25.SYS
03:07:32.0128 5664 JRSUKD25 - ok
03:07:32.0192 5664 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:07:32.0194 5664 kbdclass - ok
03:07:32.0238 5664 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
03:07:32.0240 5664 kbdhid - ok
03:07:32.0299 5664 kcrtx86 (cbbc332b9a94d9eb16e3328b50760587) C:\Windows\system32\kcrtx86.sys
03:07:32.0303 5664 kcrtx86 - ok
03:07:32.0374 5664 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
03:07:32.0376 5664 KSecDD - ok
03:07:32.0429 5664 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
03:07:32.0432 5664 KSecPkg - ok
03:07:32.0538 5664 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
03:07:32.0541 5664 LHidFilt - ok
03:07:32.0604 5664 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
03:07:32.0606 5664 lltdio - ok
03:07:32.0631 5664 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
03:07:32.0633 5664 LMouFilt - ok
03:07:32.0683 5664 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:07:32.0685 5664 LSI_FC - ok
03:07:32.0714 5664 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:07:32.0748 5664 LSI_SAS - ok
03:07:32.0804 5664 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:07:32.0805 5664 LSI_SAS2 - ok
03:07:32.0825 5664 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:07:32.0827 5664 LSI_SCSI - ok
03:07:32.0875 5664 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
03:07:32.0877 5664 luafv - ok
03:07:32.0913 5664 LUsbFilt (ddfa88e36d5f8db5fbdbdddc4969db0a) C:\Windows\system32\Drivers\LUsbFilt.Sys
03:07:32.0915 5664 LUsbFilt - ok
03:07:32.0970 5664 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
03:07:32.0972 5664 megasas - ok
03:07:33.0024 5664 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
03:07:33.0028 5664 MegaSR - ok
03:07:33.0137 5664 MfFWEnt (5a60a55f6b8af51a6b7642b8981fd834) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
03:07:33.0140 5664 MfFWEnt - ok
03:07:33.0149 5664 MfIPSEnt (99c7209b747e4d25afaf241a140e4be5) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
03:07:33.0151 5664 MfIPSEnt - ok
03:07:33.0252 5664 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
03:07:33.0254 5664 Modem - ok
03:07:33.0293 5664 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
03:07:33.0294 5664 monitor - ok
03:07:33.0315 5664 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
03:07:33.0317 5664 mouclass - ok
03:07:33.0347 5664 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
03:07:33.0348 5664 mouhid - ok
03:07:33.0523 5664 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
03:07:33.0525 5664 mountmgr - ok
03:07:33.0648 5664 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
03:07:33.0651 5664 mpio - ok
03:07:33.0668 5664 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
03:07:33.0669 5664 mpsdrv - ok
03:07:33.0695 5664 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
03:07:33.0697 5664 MRxDAV - ok
03:07:33.0753 5664 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:07:33.0755 5664 mrxsmb - ok
03:07:33.0815 5664 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:07:33.0818 5664 mrxsmb10 - ok
03:07:33.0859 5664 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:07:33.0861 5664 mrxsmb20 - ok
03:07:33.0905 5664 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
03:07:33.0907 5664 msahci - ok
03:07:33.0924 5664 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
03:07:33.0926 5664 msdsm - ok
03:07:33.0996 5664 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
03:07:33.0997 5664 Msfs - ok
03:07:34.0039 5664 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
03:07:34.0040 5664 mshidkmdf - ok
03:07:34.0049 5664 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
03:07:34.0051 5664 msisadrv - ok
03:07:34.0108 5664 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
03:07:34.0109 5664 MSKSSRV - ok
03:07:34.0124 5664 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
03:07:34.0125 5664 MSPCLOCK - ok
03:07:34.0177 5664 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
03:07:34.0178 5664 MSPQM - ok
03:07:34.0192 5664 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
03:07:34.0195 5664 MsRPC - ok
03:07:34.0228 5664 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
03:07:34.0229 5664 mssmbios - ok
03:07:34.0280 5664 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
03:07:34.0281 5664 MSTEE - ok
03:07:34.0302 5664 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
03:07:34.0304 5664 MTConfig - ok
03:07:34.0389 5664 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
03:07:34.0390 5664 MTsensor - ok
03:07:34.0418 5664 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
03:07:34.0420 5664 Mup - ok
03:07:34.0467 5664 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
03:07:34.0471 5664 NativeWifiP - ok
03:07:34.0538 5664 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
03:07:34.0546 5664 NDIS - ok
03:07:34.0587 5664 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
03:07:34.0589 5664 NdisCap - ok
03:07:34.0610 5664 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
03:07:34.0612 5664 NdisTapi - ok
03:07:34.0626 5664 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
03:07:34.0628 5664 Ndisuio - ok
03:07:34.0686 5664 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
03:07:34.0688 5664 NdisWan - ok
03:07:34.0716 5664 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
03:07:34.0718 5664 NDProxy - ok
03:07:34.0766 5664 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
03:07:34.0768 5664 NetBIOS - ok
03:07:34.0786 5664 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
03:07:34.0789 5664 NetBT - ok
03:07:34.0882 5664 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
03:07:34.0884 5664 nfrd960 - ok
03:07:34.0930 5664 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
03:07:34.0931 5664 Npfs - ok
03:07:34.0954 5664 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
03:07:34.0955 5664 nsiproxy - ok
03:07:34.0992 5664 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
03:07:35.0006 5664 Ntfs - ok
03:07:35.0054 5664 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
03:07:35.0056 5664 Null - ok
03:07:35.0124 5664 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
03:07:35.0130 5664 NVENETFD - ok
03:07:35.0325 5664 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:07:35.0480 5664 nvlddmkm - ok
03:07:35.0588 5664 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
03:07:35.0590 5664 nvraid - ok
03:07:35.0610 5664 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
03:07:35.0611 5664 nvstor - ok
03:07:35.0657 5664 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
03:07:35.0659 5664 nv_agp - ok
03:07:35.0679 5664 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
03:07:35.0681 5664 ohci1394 - ok
03:07:35.0813 5664 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
03:07:35.0816 5664 Parport - ok
03:07:35.0850 5664 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
03:07:35.0852 5664 partmgr - ok
03:07:35.0863 5664 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
03:07:35.0865 5664 Parvdm - ok
03:07:35.0887 5664 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
03:07:35.0890 5664 pci - ok
03:07:35.0904 5664 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
03:07:35.0905 5664 pciide - ok
03:07:35.0982 5664 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
03:07:35.0985 5664 pcmcia - ok
03:07:36.0021 5664 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
03:07:36.0023 5664 pcw - ok
03:07:36.0049 5664 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
03:07:36.0057 5664 PEAUTH - ok
03:07:36.0147 5664 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
03:07:36.0149 5664 PptpMiniport - ok
03:07:36.0184 5664 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
03:07:36.0186 5664 Processor - ok
03:07:36.0236 5664 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
03:07:36.0238 5664 Psched - ok
03:07:36.0314 5664 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
03:07:36.0330 5664 ql2300 - ok
03:07:36.0367 5664 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
03:07:36.0369 5664 ql40xx - ok
03:07:36.0402 5664 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
03:07:36.0404 5664 QWAVEdrv - ok
03:07:36.0416 5664 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
03:07:36.0418 5664 RasAcd - ok
03:07:36.0469 5664 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:07:36.0471 5664 RasAgileVpn - ok
03:07:36.0488 5664 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:07:36.0490 5664 Rasl2tp - ok
03:07:36.0516 5664 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
03:07:36.0517 5664 RasPppoe - ok
03:07:36.0552 5664 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
03:07:36.0554 5664 RasSstp - ok
03:07:36.0591 5664 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
03:07:36.0595 5664 rdbss - ok
03:07:36.0631 5664 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
03:07:36.0632 5664 rdpbus - ok
03:07:36.0650 5664 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:07:36.0653 5664 RDPCDD - ok
03:07:36.0683 5664 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
03:07:36.0686 5664 RDPDR - ok
03:07:36.0770 5664 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
03:07:36.0771 5664 RDPENCDD - ok
03:07:36.0812 5664 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
03:07:36.0814 5664 RDPREFMP - ok
03:07:36.0851 5664 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
03:07:36.0854 5664 RDPWD - ok
03:07:36.0903 5664 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
03:07:36.0906 5664 rdyboost - ok
03:07:36.0944 5664 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
03:07:36.0946 5664 rspndr - ok
03:07:37.0030 5664 RTL8187B (ca5a4fbfe341f13733955b8aac98f0b5) C:\Windows\system32\DRIVERS\RTL8187B.sys
03:07:37.0035 5664 RTL8187B - ok
03:07:37.0050 5664 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
03:07:37.0052 5664 s3cap - ok
03:07:37.0198 5664 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\Sandra.sys
03:07:37.0199 5664 SANDRA - ok
03:07:37.0269 5664 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
03:07:37.0271 5664 sbp2port - ok
03:07:37.0328 5664 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
03:07:37.0330 5664 scfilter - ok
03:07:37.0363 5664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:07:37.0365 5664 secdrv - ok
03:07:37.0402 5664 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
03:07:37.0403 5664 Serenum - ok
03:07:37.0460 5664 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
03:07:37.0462 5664 Serial - ok
03:07:37.0523 5664 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
03:07:37.0524 5664 sermouse - ok
03:07:37.0552 5664 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
03:07:37.0554 5664 sffdisk - ok
03:07:37.0569 5664 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:07:37.0570 5664 sffp_mmc - ok
03:07:37.0601 5664 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
03:07:37.0603 5664 sffp_sd - ok
03:07:37.0619 5664 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
03:07:37.0621 5664 sfloppy - ok
03:07:37.0692 5664 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
03:07:37.0694 5664 sisagp - ok
03:07:37.0767 5664 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:07:37.0768 5664 SiSRaid2 - ok
03:07:37.0788 5664 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
03:07:37.0790 5664 SiSRaid4 - ok
03:07:37.0805 5664 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
03:07:37.0807 5664 Smb - ok
03:07:37.0885 5664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
03:07:37.0886 5664 spldr - ok
03:07:37.0961 5664 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
03:07:37.0965 5664 srv - ok
03:07:37.0983 5664 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
03:07:37.0988 5664 srv2 - ok
03:07:38.0010 5664 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
03:07:38.0013 5664 srvnet - ok
03:07:38.0139 5664 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
03:07:38.0140 5664 SSPORT - ok
03:07:38.0169 5664 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
03:07:38.0170 5664 stexstor - ok
03:07:38.0200 5664 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
03:07:38.0202 5664 storflt - ok
03:07:38.0219 5664 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
03:07:38.0221 5664 storvsc - ok
03:07:38.0285 5664 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
03:07:38.0286 5664 swenum - ok
03:07:38.0398 5664 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
03:07:38.0400 5664 taphss - ok
03:07:38.0527 5664 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
03:07:38.0543 5664 Tcpip - ok
03:07:38.0576 5664 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
03:07:38.0585 5664 TCPIP6 - ok
03:07:38.0621 5664 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
03:07:38.0622 5664 tcpipreg - ok
03:07:38.0654 5664 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
03:07:38.0656 5664 TDPIPE - ok
03:07:38.0674 5664 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
03:07:38.0675 5664 TDTCP - ok
03:07:38.0803 5664 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
03:07:38.0805 5664 tdx - ok
03:07:38.0843 5664 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
03:07:38.0845 5664 TermDD - ok
03:07:38.0895 5664 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:07:38.0896 5664 tssecsrv - ok
03:07:38.0947 5664 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
03:07:38.0949 5664 tunnel - ok
03:07:38.0992 5664 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
03:07:38.0994 5664 uagp35 - ok
03:07:39.0064 5664 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
03:07:39.0068 5664 udfs - ok
03:07:39.0101 5664 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
03:07:39.0103 5664 uliagpkx - ok
03:07:39.0154 5664 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
03:07:39.0156 5664 umbus - ok
03:07:39.0199 5664 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
03:07:39.0201 5664 UmPass - ok
03:07:39.0268 5664 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
03:07:39.0271 5664 usbccgp - ok
03:07:39.0312 5664 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
03:07:39.0314 5664 usbcir - ok
03:07:39.0371 5664 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
03:07:39.0373 5664 usbehci - ok
03:07:39.0421 5664 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
03:07:39.0425 5664 usbhub - ok
03:07:39.0448 5664 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
03:07:39.0450 5664 usbohci - ok
03:07:39.0499 5664 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
03:07:39.0501 5664 usbprint - ok
03:07:39.0549 5664 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
03:07:39.0552 5664 usbscan - ok
03:07:39.0575 5664 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:07:39.0576 5664 USBSTOR - ok
03:07:39.0612 5664 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
03:07:39.0614 5664 usbuhci - ok
03:07:39.0704 5664 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
03:07:39.0705 5664 vdrvroot - ok
03:07:39.0743 5664 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
03:07:39.0745 5664 vga - ok
03:07:39.0789 5664 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
03:07:39.0791 5664 VgaSave - ok
03:07:39.0810 5664 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
03:07:39.0813 5664 vhdmp - ok
03:07:39.0876 5664 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
03:07:39.0878 5664 viaagp - ok
03:07:39.0897 5664 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
03:07:39.0899 5664 ViaC7 - ok
03:07:39.0927 5664 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
03:07:39.0929 5664 viaide - ok
03:07:39.0972 5664 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
03:07:39.0975 5664 vmbus - ok
03:07:40.0002 5664 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
03:07:40.0004 5664 VMBusHID - ok
03:07:40.0024 5664 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
03:07:40.0026 5664 volmgr - ok
03:07:40.0046 5664 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
03:07:40.0051 5664 volmgrx - ok
03:07:40.0100 5664 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
03:07:40.0104 5664 volsnap - ok
03:07:40.0176 5664 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
03:07:40.0179 5664 vsmraid - ok
03:07:40.0203 5664 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
03:07:40.0204 5664 vwifibus - ok
03:07:40.0236 5664 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
03:07:40.0238 5664 wacommousefilter - ok
03:07:40.0282 5664 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
03:07:40.0284 5664 WacomPen - ok
03:07:40.0360 5664 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
03:07:40.0362 5664 wacomvhid - ok
03:07:40.0398 5664 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
03:07:40.0400 5664 WANARP - ok
03:07:40.0405 5664 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
03:07:40.0407 5664 Wanarpv6 - ok
03:07:40.0473 5664 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
03:07:40.0475 5664 Wd - ok
03:07:40.0497 5664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:07:40.0502 5664 Wdf01000 - ok
03:07:40.0583 5664 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
03:07:40.0584 5664 WfpLwf - ok
03:07:40.0602 5664 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
03:07:40.0604 5664 WIMMount - ok
03:07:40.0716 5664 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
03:07:40.0742 5664 WinUsb - ok
03:07:40.0815 5664 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
03:07:40.0817 5664 WmiAcpi - ok
03:07:40.0857 5664 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
03:07:40.0859 5664 ws2ifsl - ok
03:07:40.0890 5664 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
03:07:40.0892 5664 WudfPf - ok
03:07:40.0906 5664 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:07:40.0908 5664 WUDFRd - ok
03:07:40.0937 5664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:07:40.0960 5664 \Device\Harddisk0\DR0 - ok
03:07:40.0981 5664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
03:07:41.0006 5664 \Device\Harddisk1\DR1 - ok
03:07:41.0020 5664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
03:07:41.0023 5664 \Device\Harddisk2\DR2 - ok
03:07:41.0029 5664 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
03:07:41.0033 5664 \Device\Harddisk3\DR3 - ok
03:07:41.0038 5664 Boot (0x1200) (60b4f17cab3aa2bb6b90d217b6996728) \Device\Harddisk0\DR0\Partition0
03:07:41.0039 5664 \Device\Harddisk0\DR0\Partition0 - ok
03:07:41.0056 5664 Boot (0x1200) (4be64327a8e0661588982428e4fb61ce) \Device\Harddisk1\DR1\Partition0
03:07:41.0057 5664 \Device\Harddisk1\DR1\Partition0 - ok
03:07:41.0061 5664 Boot (0x1200) (325c37512a99d9aa35ec347deab82d62) \Device\Harddisk2\DR2\Partition0
03:07:41.0061 5664 \Device\Harddisk2\DR2\Partition0 - ok
03:07:41.0078 5664 Boot (0x1200) (3a91685aa1cb3ec61b735c5f8af1d558) \Device\Harddisk2\DR2\Partition1
03:07:41.0079 5664 \Device\Harddisk2\DR2\Partition1 - ok
03:07:41.0083 5664 Boot (0x1200) (606b9cd197e8812b877456e29779cc04) \Device\Harddisk3\DR3\Partition0
03:07:41.0084 5664 \Device\Harddisk3\DR3\Partition0 - ok
03:07:41.0085 5664 ============================================================
03:07:41.0085 5664 Scan finished
03:07:41.0085 5664 ============================================================
03:07:41.0093 5532 Detected object count: 0
03:07:41.0093 5532 Actual detected object count: 0
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 06/03/2012 4:46:22 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\2nd_Window\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.37% Memory free
6.00 Gb Paging File | 4.94 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488.28 Gb Total Space | 229.24 Gb Free Space | 46.95% Space Free | Partition Type: NTFS
Drive D: | 57.27 Gb Total Space | 32.26 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 268.22 Gb Free Space | 79.98% Space Free | Partition Type: NTFS
Drive F: | 443.22 Gb Total Space | 208.44 Gb Free Space | 47.03% Space Free | Partition Type: NTFS
Drive G: | 244.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.45 Gb Total Space | 5.99 Gb Free Space | 80.42% Space Free | Partition Type: FAT32

Computer Name: 2ND_WINDOW-PC | User Name: 2nd_Window | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 16:44:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
PRC - [2012/01/25 14:59:06 | 000,758,224 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
PRC - [2012/01/23 08:38:24 | 006,321,016 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
PRC - [2012/01/23 08:38:24 | 003,591,544 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
PRC - [2012/01/23 08:38:24 | 001,609,080 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
PRC - [2012/01/23 08:38:24 | 000,470,904 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/02 11:18:16 | 001,000,288 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/07 04:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 14:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/07/20 17:55:55 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/06 02:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/06/13 04:05:28 | 000,155,856 | ---- | M] () -- C:\Program Files\USADISK\WEBHARD_Agent.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2004/05/02 12:02:51 | 000,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/25 14:59:06 | 000,758,224 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
MOD - [2012/01/23 08:38:24 | 000,963,448 | ---- | M] () -- C:\Program Files\Tablet\Wacom\libxml2.dll
MOD - [2011/10/07 04:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/07/06 02:28:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2010/11/21 09:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/23 08:38:24 | 006,321,016 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012/01/23 08:38:24 | 000,470,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/06/13 04:05:28 | 000,155,856 | ---- | M] () [Auto | Running] -- C:\Program Files\USADISK\WEBHARD_Agent.exe -- (USADISK_AGENT)
SRV - [2011/03/02 10:25:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/23 23:46:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/12 03:20:08 | 000,095,896 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011/11/30 01:18:42 | 000,022,480 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/14 10:29:44 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2011/11/14 10:29:42 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/09/27 20:05:04 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2011/09/21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/07/26 12:49:12 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/26 11:23:00 | 000,090,208 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\AmonTDLh.sys -- (AMonTDLH)
DRV - [2011/04/30 16:33:05 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/10/14 20:41:44 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/06/28 02:54:00 | 000,121,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2010/06/28 02:54:00 | 000,101,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/08/07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/07/20 20:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 17:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/07/13 17:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/13 17:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20120310,16969,0,8,0
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 6D BD B0 9D C3 CC 01 [binary data]
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes,DefaultScope = {4569E15C-7C54-4B19-B059-D052E07268C4}
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes\{27091A39-DF8E-4CC3-B3D2-DA9625C2F1CE}: "URL" = http://ca.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120310,16967,0,8,0
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes\{4569E15C-7C54-4B19-B059-D052E07268C4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_440\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll (Gretech Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\2nd_Window\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\2nd_Window\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/15 20:39:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 00:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 17:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/11 00:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/20 17:07:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6399FACC-F586-4E5B-95F5-C6A670BDF3A4}: C:\Users\2nd_Window\AppData\Local\{6399FACC-F586-4E5B-95F5-C6A670BDF3A4}

[2011/01/25 10:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Extensions
[2012/03/05 11:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions
[2012/03/05 11:53:45 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/05/03 15:55:14 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\2nd_Window\AppData\Roaming\Mozilla\Firefox\Profiles\jum4g5z1.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/12/17 23:34:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/15 20:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}
[2012/01/11 00:27:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/08 16:54:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/04 07:58:50 | 000,090,112 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\mozilla firefox\plugins\npxecure.dll
[2010/02/04 07:58:48 | 000,073,728 | ---- | M] (SoftForum Co., Ltd.) -- C:\Program Files\mozilla firefox\plugins\npxwfile.dll
[2012/01/11 00:26:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/11 00:26:57 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\2nd_Window\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2011/03/02 10:41:16 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-206085528-472393337-1987398177-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-206085528-472393337-1987398177-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} http://pib.wooribank.com/com/installer/interezen/WRebw.cab (WRebw Module)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/wooribank/TouchEnkey3104_32k.cab (Reg Error: Key error.)
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.com/Control/AutoPatchOCX.cab (AutoPatchOCX Control)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} http://download.softforum.co.kr/Published/XecureWeb/v7.2.5.0/xw_install.cab (XecureWeb 4.0 Client Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} http://fx.keb.co.kr/veraport/veraport.cab (AXMObjectCtl Class)
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} https://v3d.kcp.co.kr/file/kcp_ansimclick.cab (V3D Client Control)
O16 - DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} http://www.usadisk.com/mmsv/USAControl.CAB (USADISK File Share Control 5)
O16 - DPF: {BF6F8114-5DC3-4515-9BC6-16342AE7FDCE} http://www.usfolder.com/fs_prg/XFShowClient.cab (AxFShowClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D2609B40-9964-43E4-8806-3C75C8B21CA2} http://www.sojufile.com/mmsv/SojuFileWebControl.CAB (SojufileShareShare Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab (KvpIspCtlD Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EDF2B0B-7768-4AF9-9C28-5F092761D327}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB807610-0C56-42BA-BAAE-892EEDD58842}: DhcpNameServer = 64.71.255.198
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/10 11:56:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/12/10 13:20:46 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/06/12 23:09:50 | 000,000,613 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - I:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 16:44:03 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
[2012/03/06 03:06:39 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
[2012/03/05 14:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/03/05 14:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/03/05 14:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/03/05 14:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/03/05 14:56:40 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2012/03/05 14:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/03/05 14:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/03/05 13:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/03/05 13:38:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012/03/05 13:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012/03/05 13:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012/03/05 11:51:16 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\Evernote
[2012/03/05 11:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/03/05 11:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2012/03/04 20:42:10 | 000,000,000 | --SD | C] -- C:\CfMy
[2012/03/04 18:42:30 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\2nd_Window\Desktop\CfMy.exe
[2012/03/04 18:27:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/04 18:26:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/04 17:05:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/04 17:05:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/04 17:05:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/04 17:05:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/04 17:03:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/04 16:31:18 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\2nd_Window\Desktop\boot_cleaner.exe
[2012/03/04 16:21:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
[2012/03/04 11:54:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\2nd_Window\Desktop\dds.scr
[2012/03/04 11:10:00 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/03 00:02:33 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\Avartar
[2012/03/02 21:09:22 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\희진 지식창고
[2012/03/02 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\New Zealand
[2012/03/02 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/02 19:23:45 | 002,322,184 | ---- | C] (ESET) -- C:\Users\2nd_Window\Desktop\esetsmartinstaller_enu.exe
[2012/02/18 20:05:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
[2012/02/13 16:30:19 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\{2F71EB05-F19E-46E3-AF95-C42B4FE47C7F}
[2012/02/13 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Local\{256A39E1-D2D5-4886-93AF-6ACC8FAAA04F}
[2012/02/13 00:49:26 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins
[2012/02/13 00:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeskPins
[2012/02/13 00:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\DeskPins
[2012/02/10 16:14:43 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/10 15:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/02/10 15:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\AutoHotkey
[2012/02/10 14:31:02 | 406,919,696 | ---- | C] (Acresso Software Inc. ) -- C:\Users\2nd_Window\Desktop\CorelPainter12_TBYB_EN.exe
[2012/02/10 12:10:48 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Corel
[2012/02/10 12:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012/02/10 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/02/10 12:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/02/10 12:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/02/10 12:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
[2012/02/10 11:56:21 | 000,000,000 | ---D | C] -- C:\Autodesk
[2012/02/10 01:07:46 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/02/10 01:07:46 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\AppData\Roaming\Adobe Mini Bridge CS5
[2012/02/09 23:53:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2012/02/09 02:28:58 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Documents\Updater
[2012/02/07 11:21:16 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Desktop\[뉴에이지] 피아노 연주곡 400곡 모음
[2012/02/07 02:55:34 | 000,000,000 | ---D | C] -- C:\Users\2nd_Window\Documents\그림
[2011/04/07 18:56:54 | 000,114,688 | -HS- | C] (Microsoft Corporation) -- C:\Users\2nd_Window\AppData\Local\ixu.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========

[2012/03/06 16:44:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
[2012/03/06 16:30:58 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/06 16:30:58 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 16:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 16:26:19 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 14:10:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000UA.job
[2012/03/06 12:02:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 12:02:00 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 02:45:41 | 002,044,980 | ---- | M] () -- C:\Users\2nd_Window\Desktop\tdsskiller.zip
[2012/03/06 02:06:11 | 222,358,468 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/05 14:58:32 | 000,001,117 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Core Temp.lnk
[2012/03/05 14:40:04 | 000,000,128 | ---- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.ldb
[2012/03/05 13:38:35 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1.lnk
[2012/03/05 11:52:07 | 000,001,113 | ---- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/03/05 11:45:57 | 000,000,890 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Evernote.lnk
[2012/03/05 10:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
[2012/03/04 22:10:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000Core.job
[2012/03/04 18:42:33 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\CfMy.exe
[2012/03/04 17:50:59 | 001,008,141 | ---- | M] () -- C:\Users\2nd_Window\Desktop\rkill.com
[2012/03/04 16:30:14 | 000,044,607 | ---- | M] () -- C:\Users\2nd_Window\Desktop\bootkit_remover.zip
[2012/03/04 16:29:39 | 000,000,512 | ---- | M] () -- C:\Users\2nd_Window\Desktop\MBR.dat
[2012/03/04 16:21:22 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
[2012/03/04 11:54:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\dds.scr
[2012/03/04 11:14:24 | 000,302,592 | ---- | M] () -- C:\Users\2nd_Window\Desktop\sinyzmwt.exe
[2012/03/04 11:11:50 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 11:10:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.60.1.1000.exe
[2012/03/02 19:23:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\2nd_Window\Desktop\esetsmartinstaller_enu.exe
[2012/02/28 11:34:15 | 000,437,034 | ---- | M] () -- C:\Users\2nd_Window\Desktop\weeknews_feb242012.pdf
[2012/02/20 17:07:19 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/18 20:19:04 | 1568,896,766 | ---- | M] () -- C:\Users\2nd_Window\Desktop\I.love.you.2011.KOR.DVDRip.XViD-CiNE21i.avi
[2012/02/18 20:04:32 | 026,089,336 | ---- | M] () -- C:\Users\2nd_Window\Desktop\WacomTablet_6.2.0w5.exe
[2012/02/18 18:41:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/13 00:49:26 | 000,001,017 | ---- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
[2012/02/12 23:26:03 | 003,853,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/10 15:56:26 | 000,001,352 | ---- | M] () -- C:\Users\2nd_Window\Documents\AutoHotkey.ahk
[2012/02/10 14:36:08 | 000,210,426 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Keymaker-CORE.zip
[2012/02/10 14:36:07 | 406,919,696 | ---- | M] (Acresso Software Inc. ) -- C:\Users\2nd_Window\Desktop\CorelPainter12_TBYB_EN.exe
[2012/02/10 14:13:08 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/10 12:57:26 | 001,918,852 | ---- | M] () -- C:\Users\2nd_Window\Desktop\Income_For_Life_For_Canadians_eBook.pdf
[2012/02/10 12:10:49 | 000,000,008 | RHS- | M] () -- C:\ProgramData\53958F55BF.sys
[2012/02/10 12:00:37 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
[2012/02/10 00:19:11 | 000,001,108 | ---- | M] () -- C:\Users\2nd_Window\Desktop\USÆú´õ.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 02:45:38 | 002,044,980 | ---- | C] () -- C:\Users\2nd_Window\Desktop\tdsskiller.zip
[2012/03/05 14:58:32 | 000,001,117 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Core Temp.lnk
[2012/03/05 13:44:21 | 011,296,768 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.mdb
[2012/03/05 13:44:21 | 000,000,128 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Sandra.ldb
[2012/03/05 13:38:35 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\SiSoftware Sandra Lite 2012.SP1.lnk
[2012/03/05 11:52:07 | 000,001,113 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012/03/05 11:45:57 | 000,000,890 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Evernote.lnk
[2012/03/04 17:50:51 | 001,008,141 | ---- | C] () -- C:\Users\2nd_Window\Desktop\rkill.com
[2012/03/04 17:05:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/04 17:05:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/04 17:05:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/04 17:05:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/04 17:05:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/04 16:30:14 | 000,044,607 | ---- | C] () -- C:\Users\2nd_Window\Desktop\bootkit_remover.zip
[2012/03/04 16:29:39 | 000,000,512 | ---- | C] () -- C:\Users\2nd_Window\Desktop\MBR.dat
[2012/03/04 11:14:18 | 000,302,592 | ---- | C] () -- C:\Users\2nd_Window\Desktop\sinyzmwt.exe
[2012/03/04 11:11:50 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/28 11:34:10 | 000,437,034 | ---- | C] () -- C:\Users\2nd_Window\Desktop\weeknews_feb242012.pdf
[2012/02/20 17:07:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/20 17:07:19 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/02/18 20:04:08 | 026,089,336 | ---- | C] () -- C:\Users\2nd_Window\Desktop\WacomTablet_6.2.0w5.exe
[2012/02/18 19:56:49 | 1568,896,766 | ---- | C] () -- C:\Users\2nd_Window\Desktop\I.love.you.2011.KOR.DVDRip.XViD-CiNE21i.avi
[2012/02/13 00:49:26 | 000,001,017 | ---- | C] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk
[2012/02/10 15:56:26 | 000,001,352 | ---- | C] () -- C:\Users\2nd_Window\Documents\AutoHotkey.ahk
[2012/02/10 14:36:07 | 000,210,426 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Keymaker-CORE.zip
[2012/02/10 12:57:18 | 001,918,852 | ---- | C] () -- C:\Users\2nd_Window\Desktop\Income_For_Life_For_Canadians_eBook.pdf
[2012/02/10 12:10:49 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/10 12:10:49 | 000,000,008 | RHS- | C] () -- C:\ProgramData\53958F55BF.sys
[2012/02/10 12:08:51 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter 11.lnk
[2012/02/10 12:00:37 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk SketchBookPro 2011.lnk
[2012/02/10 00:24:12 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2012/02/09 23:53:54 | 000,001,236 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/02/08 23:36:58 | 000,001,108 | ---- | C] () -- C:\Users\2nd_Window\Desktop\USÆú´õ.lnk
[2012/01/18 19:18:20 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/01/18 19:17:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp8ml3.dll
[2012/01/16 21:00:48 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll
[2011/11/02 19:29:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/07/20 22:46:40 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/07/20 22:46:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/20 22:46:36 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/07/20 22:46:36 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/20 22:46:36 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/07/05 16:49:38 | 000,000,686 | ---- | C] () -- C:\Windows\cedt.INI
[2011/06/19 23:00:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\cosa.dll
[2011/05/19 11:01:24 | 001,266,880 | ---- | C] () -- C:\Windows\System32\ISPPopUpDlg.exe
[2011/04/07 18:56:54 | 000,014,426 | -HS- | C] () -- C:\Users\2nd_Window\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
[2011/04/07 18:56:54 | 000,000,948 | -HS- | C] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
[2011/03/29 22:52:58 | 000,000,398 | ---- | C] () -- C:\Windows\miniMBC.INI
[2011/03/07 22:41:06 | 000,000,405 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/03/07 22:40:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2011/02/22 15:24:26 | 000,339,968 | ---- | C] () -- C:\Windows\System32\KvpUpCom.dll
[2011/02/15 22:54:42 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011/01/18 11:56:27 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw52.bin

========== LOP Check ==========

[2011/09/27 20:18:57 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\AhnLab
[2012/02/10 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Autodesk
[2012/01/23 13:34:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Babylon
[2012/02/10 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/02 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Clunet
[2011/10/29 23:54:29 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\cYo
[2011/04/30 16:34:51 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\DAEMON Tools Lite
[2012/03/05 14:11:37 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Dropbox
[2011/01/18 12:01:19 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\EPSON
[2012/03/02 03:22:16 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\FileZilla
[2012/01/25 00:56:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\gtk-2.0
[2011/03/29 22:48:05 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\iMBC
[2012/02/05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Leadertech
[2011/04/28 21:31:26 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Lingoes
[2012/01/28 20:02:27 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Media Finder
[2011/03/08 16:57:19 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\OpenOffice.org
[2012/02/02 11:23:04 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Samsung
[2012/01/30 15:02:23 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Softarium.com
[2012/02/10 01:07:46 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/12/22 17:37:23 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Toon Boom Animation
[2012/02/02 11:22:25 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser.2nd_Window-PC\AppData\Roaming\Samsung
[2010/01/01 00:26:41 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/03/06 16:26:19 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/07 22:40:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/09/26 21:43:14 | 000,006,688 | ---- | M] () -- C:\keypro_log.txt
[2011/03/07 22:40:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/06 16:26:37 | 3219,709,952 | -HS- | M] () -- C:\pagefile.sys
[2012/03/04 17:53:45 | 000,000,517 | ---- | M] () -- C:\rkill.log
[2012/03/06 03:12:04 | 000,086,550 | ---- | M] () -- C:\TDSSKiller.2.7.19.0_06.03.2012_03.07.21_log.txt
[2012/01/23 13:34:08 | 000,000,237 | ---- | M] () -- C:\user.js
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/07/29 07:43:21 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\ssb6mpc.dll
[2011/06/17 02:48:59 | 000,024,576 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\ssp8mpc.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/12/22 16:31:44 | 000,000,221 | -HS- | M] () -- C:\Users\2nd_Window\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/04 16:21:22 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\2nd_Window\Desktop\aswMBR.exe
[2012/02/03 14:24:05 | 002,047,357 | ---- | M] () -- C:\Users\2nd_Window\Desktop\AutoHotkey104805_Install.exe
[2011/09/20 02:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\2nd_Window\Desktop\boot_cleaner.exe
[2012/03/04 18:42:33 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\2nd_Window\Desktop\CfMy.exe
[2012/02/10 14:36:07 | 406,919,696 | ---- | M] (Acresso Software Inc. ) -- C:\Users\2nd_Window\Desktop\CorelPainter12_TBYB_EN.exe
[2012/03/02 19:23:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\2nd_Window\Desktop\esetsmartinstaller_enu.exe
[2012/01/22 13:48:16 | 072,446,816 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Users\2nd_Window\Desktop\Evernote_4.5.2.5904.exe
[2012/03/04 11:10:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\2nd_Window\Desktop\mbam-setup-1.60.1.1000.exe
[2012/01/18 18:50:33 | 018,804,736 | ---- | M] () -- C:\Users\2nd_Window\Desktop\ML-1865W_PrintD.exe
[2012/02/04 14:13:39 | 150,012,056 | ---- | M] () -- C:\Users\2nd_Window\Desktop\OOo_3.3.0_Win_x86_install-wJRE_ko.exe
[2012/03/06 16:44:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\2nd_Window\Desktop\OTL.exe
[2012/02/05 11:50:46 | 002,414,672 | ---- | M] (Logitech Inc.) -- C:\Users\2nd_Window\Desktop\setpoint632_smart.exe
[2012/03/04 11:14:24 | 000,302,592 | ---- | M] () -- C:\Users\2nd_Window\Desktop\sinyzmwt.exe
[2012/03/05 10:24:50 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\2nd_Window\Desktop\TDSSKiller.exe
[2012/02/18 20:04:32 | 026,089,336 | ---- | M] () -- C:\Users\2nd_Window\Desktop\WacomTablet_6.2.0w5.exe
[2012/01/22 19:50:22 | 003,792,840 | ---- | M] () -- C:\Users\2nd_Window\Desktop\xw_install.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/04 22:10:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000Core.job
[2012/03/06 14:10:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-206085528-472393337-1987398177-1000UA.job
[2012/03/06 16:26:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/01 00:26:41 | 000,032,592 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/12/04 20:30:45 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/12/04 20:30:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/08/21 23:15:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/08/21 23:15:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/12/04 20:30:45 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/24 14:12:19 | 000,000,402 | -HS- | M] () -- C:\Users\2nd_Window\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/10 12:10:49 | 000,000,008 | RHS- | M] () -- C:\ProgramData\53958F55BF.sys
[2012/02/10 14:13:08 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/07 18:56:54 | 000,000,948 | -HS- | M] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956

< End of report >
 
OTL Extras logfile created on: 06/03/2012 4:46:22 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\2nd_Window\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.37% Memory free
6.00 Gb Paging File | 4.94 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488.28 Gb Total Space | 229.24 Gb Free Space | 46.95% Space Free | Partition Type: NTFS
Drive D: | 57.27 Gb Total Space | 32.26 Gb Free Space | 56.34% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 268.22 Gb Free Space | 79.98% Space Free | Partition Type: NTFS
Drive F: | 443.22 Gb Total Space | 208.44 Gb Free Space | 47.03% Space Free | Partition Type: NTFS
Drive G: | 244.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 7.45 Gb Total Space | 5.99 Gb Free Space | 80.42% Space Free | Partition Type: FAT32

Computer Name: 2ND_WINDOW-PC | User Name: 2nd_Window | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E56FBDB-28F6-49E5-829F-E42FE3616743}" = mini
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7288831E-1418-40E5-A70A-A55D0AA6657B}" = Simply Accounting by Sage 2006
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-1048-8780-7760-000000000004}_940" = Adobe Acrobat 9.4.0 - CPSID_83708
"{AC76BA86-1048-8780-7760-000000000004}{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7F653CF-1BE5-4F40-BA4A-E3BBC6869116}" = Æ÷Æ®¸®½º2 Forever
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2012.SP1
"{C7822DAD-D89C-4CC2-87F4-D28AA719905E}" = NetFolder
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B27584-72DD-4CED-A329-57C7F91586C0}" = Autodesk SketchBookPro 2011
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"AhnLab Online Security" = AhnLab Online Security
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"AutoHotkey" = AutoHotkey 1.0.48.05
"avast" = avast! Free Antivirus
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ComicRack" = ComicRack v0.9.146
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"Crimson Editor SVN286" = Crimson Editor SVN286
"DAEMON Tools Lite" = DAEMON Tools Lite
"DeskPins" = DeskPins (remove only)
"DtsFilter" = DTS+AC3 Filter
"EasyBCD" = EasyBCD 2.1
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"GOM Player" = GOM Player
"GomTV Launcher Plugin" = GOMTV Plug-in
"HaaliMkx" = Haali Media Splitter
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PS3 Media Server" = PS3 Media Server
"RealPlayer 12.0" = RealPlayer
"Samsung ML-1865W Series" = Samsung ML-1865W Series
"SDM WebHard" = SDM WebHard Program
"sp6" = Logitech SetPoint 6.32
"VeraPort" = VeraPort (보안모듈관리 프로그램)
"VLC media player" = VLC media player 1.1.9
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"XecureWeb Control" = XecureWeb Control

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"fec6edc179e1ea07" = OhCASTra
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/03/2012 3:42:01 AM | Computer Name = 2nd_Window-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc100 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb23 Exception code: 0xc0000005 Fault offset: 0x0000af56 Faulting
process id: 0x4a8 Faulting application start time: 0x01ccfb679f5058e0 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: dbcb4f50-675f-11e1-8eb2-485b3910853a

Error - 06/03/2012 3:42:45 AM | Computer Name = 2nd_Window-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 06/03/2012 3:46:24 AM | Computer Name = 2nd_Window-PC | Source = Application Hang | ID = 1002
Description = The program Storyboard.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13e8 Start
Time: 01ccfb67afd20e20 Termination Time: 96 Application Path: C:\Program Files\Toon
Boom Animation\Storyboard Pro\nt\bin\Storyboard.exe Report Id: 7782e571-6760-11e1-8eb2-485b3910853a


Error - 06/03/2012 4:38:20 AM | Computer Name = 2nd_Window-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Adobe\Adobe
After Effects CS3\Support Files\restool.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.163"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 06/03/2012 4:40:45 AM | Computer Name = 2nd_Window-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\sisoftware\sisoftware
sandra lite 2012.sp1\wnt500x64\RpcSandraSrv.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 06/03/2012 9:44:06 AM | Computer Name = 2nd_Window-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
error code: 0x80070005

Error - 06/03/2012 1:03:42 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 06/03/2012 3:06:15 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 06/03/2012 4:11:42 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 06/03/2012 5:26:42 PM | Computer Name = 2nd_Window-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ Media Center Events ]
Error - 30/01/2012 9:51:54 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 8:51:44 PM - Error connecting to the internet. 8:51:44 PM - Unable
to contact server..

Error - 01/02/2012 9:46:16 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 8:46:16 PM - Error connecting to the internet. 8:46:16 PM - Unable
to contact server..

Error - 01/02/2012 9:46:32 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 8:46:22 PM - Error connecting to the internet. 8:46:22 PM - Unable
to contact server..

Error - 14/02/2012 9:35:05 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 8:35:05 PM - Error connecting to the internet. 8:35:05 PM - Unable
to contact server..

Error - 14/02/2012 9:35:20 PM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 8:35:10 PM - Error connecting to the internet. 8:35:10 PM - Unable
to contact server..

Error - 05/03/2012 4:07:02 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 3:06:52 AM - Error connecting to the internet. 3:06:52 AM - Unable
to contact server..

Error - 05/03/2012 5:07:11 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 4:07:06 AM - Error connecting to the internet. 4:07:06 AM - Unable
to contact server..

Error - 05/03/2012 6:07:21 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 5:07:16 AM - Error connecting to the internet. 5:07:16 AM - Unable
to contact server..

Error - 05/03/2012 7:07:31 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 6:07:26 AM - Error connecting to the internet. 6:07:26 AM - Unable
to contact server..

Error - 05/03/2012 8:46:39 AM | Computer Name = 2nd_Window-PC | Source = MCUpdate | ID = 0
Description = 7:46:34 AM - Error connecting to the internet. 7:46:34 AM - Unable
to contact server..

[ System Events ]
Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The Program Compatibility Assistant Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The Distributed Link Tracking Client service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7034
Description = The Diagnostic System Host service terminated unexpectedly. It has
done this 1 time(s).

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The Portable Device Enumerator Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 06/03/2012 3:42:10 AM | Computer Name = 2nd_Window-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

Error - 06/03/2012 3:42:45 AM | Computer Name = 2nd_Window-PC | Source = DCOM | ID = 10001
Description =

Error - 06/03/2012 5:29:40 PM | Computer Name = 2nd_Window-PC | Source = DCOM | ID = 10001
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
    IE - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..\SearchScopes,DefaultScope = {4569E15C-7C54-4B19-B059-D052E07268C4}
    [2011/12/15 20:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
    O15 - HKU\S-1-5-21-206085528-472393337-1987398177-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
    O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum.co.kr/CKKeyPro/w...ey3104_32k.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/04/07 18:56:54 | 000,014,426 | -HS- | C] () -- C:\Users\2nd_Window\AppData\Local\o0117nc2nv5tpb633d15bq765wo1
    [2011/04/07 18:56:54 | 000,000,948 | -HS- | C] () -- C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1
    [2012/01/23 13:34:03 | 000,000,000 | ---D | M] -- C:\Users\2nd_Window\AppData\Roaming\Babylon
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{e4b92e5d-3958-4b3c-ae96-19efe24a3ff7} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-206085528-472393337-1987398177-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\samsungsetup.com\www\ deleted successfully.
Starting removal of ActiveX control {6CE20149-ABE3-462E-A1B4-5B549971AA38}
C:\Windows\Downloaded Program Files\TouchEnKey.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\2nd_Window\AppData\Local\o0117nc2nv5tpb633d15bq765wo1 moved successfully.
C:\ProgramData\o0117nc2nv5tpb633d15bq765wo1 moved successfully.
C:\Users\2nd_Window\AppData\Roaming\Babylon folder moved successfully.
ADS C:\ProgramData\Temp:BC359956 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 2nd_Window
->Temp folder emptied: 100068232 bytes
->Temporary Internet Files folder emptied: 52552768 bytes
->Java cache emptied: 724644 bytes
->FireFox cache emptied: 77514762 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 96998 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2870 bytes

User: UpdatusUser.2nd_Window-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1884629 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 222.00 mb


[EMPTYJAVA]

User: 2nd_Window
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: UpdatusUser.2nd_Window-PC

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: 2nd_Window
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.2nd_Window-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03062012_223138

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
How is computer doing?

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
Adobe After Effects CS3 Presets
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player ( 10.3.181.26) Flash Player Out of Date!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````




--------------------------------




Farbar Service Scanner Version: 01-03-2012
Ran by 2nd_Window (administrator) on 06-03-2012 at 23:33:26
Running from "C:\Users\2nd_Window\Desktop"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Okay. that took long.. here it is..



C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Users\2nd_Window\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0R4OW1X\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application deleted - quarantined
D:\Downloads\OverClock tools\coretemp_1236.exe Win32/InstallIQ application cleaned by deleting - quarantined
D:\Program files\painter 11\keygen.exe probably a variant of Win32/Agent.LJDMZCB trojan cleaned by deleting - quarantined
E:\Program Files\X2Online\FortressForever\Hup.dll probably a variant of Win32/Agent.KQFJDYR trojan cleaned by deleting - quarantined
E:\Program Files\X2Online\FortressForever\Hup_old.dll probably a variant of Win32/Agent.KQFJDYR trojan cleaned by deleting - quarantined
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
I followed your instruction before the Magic Clean guy..

But I'm still getting Babylon search webpage when I create new tab in Internet Explorer..
I saw in ESET log, ESET deleted Bablyon setup file.. but the rest stupid folder and files are still in AppData folder.
 
Open IE, go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE.
Same problem?

Then....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code:
    :filefind
    babylon
    :folderfind
    babylon
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Resetting IE solved that issue. But I think it's still in my system hidden.
So I did SystemLook anyways..

Do I just delete the folders that has Babylon name in them? and that will remove it completely?


--------------------------------------
--------------------------------------


SystemLook 30.07.11 by jpshortstuff
Log created at 14:50 on 07/03/2012 by 2nd_Window
Administrator - Elevation successful

========== filefind ==========

Searching for "babylon"
No files found.

========== folderfind ==========

Searching for "babylon"
C:\ProgramData\Babylon d------ [18:34 23/01/2012]
C:\Users\2nd_Window\AppData\Local\Babylon d------ [18:34 23/01/2012]
C:\Users\All Users\Babylon d------ [18:34 23/01/2012]
C:\_OTL\MovedFiles\03062012_223138\C_Users\2nd_Window\AppData\Roaming\Babylon d------ [18:34 23/01/2012]

-= EOF =-
 
Back