Solved Audio ads with no browser open

Status
Not open for further replies.
S

sblackb

Posts: 21   +0
This problem just started today. I was listening to music on the Windows Media Player and suddenly heard talking coming in and out. There were no other programs open. Thank you so much for your help!

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.16.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Soonhee :: SOONHEE-HP [administrator]
Protection: Enabled
1/16/2013 12:50:48 PM
mbam-log-2013-01-16 (12-50-48).txt
Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 464859
Time elapsed: 1 hour(s), 22 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 2
C:\Users\Soonhee\AppData\Roaming\wicinc.dll (Trojan.Medfos) -> Delete on reboot.
C:\Users\Soonhee\AppData\Roaming\qwauat.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
Registry Keys Detected: 12
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qwauat (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe "C:\Users\Soonhee\AppData\Roaming\qwauat.dll",Term -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=nv...AyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 4
C:\Users\Soonhee\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.
Files Detected: 12
C:\Users\Soonhee\AppData\Roaming\wicinc.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\Soonhee\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\Roaming\qwauat.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Soonhee\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.
(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/9/2011 12:00:31 PM
System Uptime: 1/16/2013 2:34:10 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1439
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 319.12 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.462 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP238: 12/20/2012 7:43:17 PM - Windows Update
RP239: 12/21/2012 7:05:57 AM - Installed AVG PC TuneUp
RP240: 12/25/2012 10:48:30 AM - Installed MediaImpression SE
RP241: 12/27/2012 10:01:36 PM - Removed MediaImpression SE
RP242: 12/27/2012 10:03:10 PM - Removed AVG PC TuneUp
RP243: 12/27/2012 10:04:05 PM - Removed AVG PC TuneUp Language Pack (en-US)
RP244: 1/4/2013 12:14:29 AM - Scheduled Checkpoint
RP245: 1/9/2013 3:00:19 AM - Windows Update
.
==== Installed Programs ======================
.
Sansa Media Converter
64 Bit HP CIO Components Installer
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3 MUI
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.17
Amazon Music Importer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
BattleTag
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
bpd_scan
Broadcom 802.11 Wireless LAN Adapter
Build-a-lot 2
Bullzip PDF Printer 7.2.0.1338
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
EasyBits GO
EasyGPS 4.18
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FamilySearch Indexing 3.12.1
FATE
Final Drive Nitro
Google Chrome
Google Earth
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.2.1.1
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart SmartMenu
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP Wireless Assistant
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 20 (64-bit)
JavaFX 2.1.1
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Keynote Connector
LabelPrint
LightScribe System Software
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 3.0 Runtime
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
OverDrive Media Console
Penguins!
Personal Ancestral File 5
PhotoNow!
Plants vs. Zombies
Playlist Creator 3.6.2
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PrintMaster
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
RtVOsd
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
SharePort Utility
Shockwave
Sibelius Scorch (ActiveX Only)
Skype Click to Call
Skype™ 5.10
swMSM
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
WebIQ Technology Engine
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
1/16/2013 2:34:57 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/14/2013 7:11:23 AM, Error: Schannel [36887] - The following fatal alert was received: 80.
.
==== End Of File ===========================
 
Here is the DDS report.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Soonhee at 14:38:29 on 2013-01-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1535 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\D-Link\SharePort Utility\Connect.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [dsnaui] "C:\Windows\System32\rundll32.exe" "C:\Users\Soonhee\AppData\Roaming\dsnaui.dll",UserWarning
uRun: [wicinc] "C:\Windows\System32\rundll32.exe" "C:\Users\Soonhee\AppData\Roaming\wicinc.dll",Member_GetOne
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Soonhee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHAREP~1.LNK - C:\Program Files\D-Link\SharePort Utility\Connect.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}\7556E646973702055726C69636 : DHCPNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Soonhee\AppData\Roaming\Mozilla\Firefox\Profiles\3852lgnw.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-29 09:47; ftdownloader@ftdownloader.com; C:\Users\Soonhee\AppData\Roaming\Mozilla\Firefox\Profiles\3852lgnw.default\extensions\ftdownloader@ftdownloader.com.xpi
FF - ExtSQL: !HIDDEN! 2013-01-16 14:35; {e415c395-27bf-4fc0-9d92-837b7dfc3483}; C:\Users\Soonhee\AppData\Roaming\Mozilla\Firefox\Profiles\3852lgnw.default\extensions\{e415c395-27bf-4fc0-9d92-837b7dfc3483}.xpi
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409&q=
FF - user.js: extensions.funmoods.id - 90004E174A749F21
FF - user.js: extensions.funmoods.instlDay - 15691
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:28:38
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-24 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-2-9 49152]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-24 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-16 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-16 682344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-24 2320920]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-16 24176]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-2 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-24 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-24 333928]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-11 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-16 17:56:29 -------- d-----w- C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E}
2013-01-16 17:48:46 -------- d-----w- C:\Users\Soonhee\AppData\Roaming\Malwarebytes
2013-01-16 17:48:37 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-16 17:48:36 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-16 17:48:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-16 17:48:22 -------- d-----w- C:\Users\Soonhee\AppData\Local\Programs
2013-01-16 05:56:04 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A}
2013-01-16 03:44:55 565248 ----a-w- C:\Users\Soonhee\AppData\Roaming\dsnaui.dll
2013-01-15 17:55:53 -------- d-----w- C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B}
2013-01-15 05:55:41 -------- d-----w- C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7}
2013-01-14 17:55:17 -------- d-----w- C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823}
2013-01-14 05:55:05 -------- d-----w- C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0}
2013-01-13 17:54:41 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931}
2013-01-13 05:54:30 -------- d-----w- C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54}
2013-01-12 17:54:19 -------- d-----w- C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F}
2013-01-12 05:54:07 -------- d-----w- C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5}
2013-01-11 17:53:56 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE}
2013-01-11 05:53:44 -------- d-----w- C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A}
2013-01-10 17:53:33 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567}
2013-01-10 05:53:21 -------- d-----w- C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2}
2013-01-09 17:53:10 -------- d-----w- C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB}
2013-01-09 07:50:55 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-09 05:52:46 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D}
2013-01-08 17:52:34 -------- d-----w- C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958}
2013-01-08 05:52:23 -------- d-----w- C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3}
2013-01-07 17:52:11 -------- d-----w- C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B}
2013-01-07 05:51:47 -------- d-----w- C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B}
2013-01-06 17:51:23 -------- d-----w- C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE}
2013-01-04 03:00:04 -------- d-----w- C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E}
2013-01-04 02:59:54 -------- d-----w- C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138}
2013-01-04 02:13:57 -------- d-----w- C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC}
2013-01-03 14:13:47 -------- d-----w- C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7}
2013-01-03 02:17:25 -------- d-----w- C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217}
2013-01-03 02:13:47 -------- d-----w- C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4}
2013-01-02 14:13:36 -------- d-----w- C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840}
2013-01-02 02:13:12 -------- d-----w- C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026}
2013-01-01 14:12:48 -------- d-----w- C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E}
2013-01-01 02:12:37 -------- d-----w- C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555}
2012-12-31 02:16:17 -------- d-----w- C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F}
2012-12-30 02:12:13 -------- d-----w- C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A}
2012-12-29 14:11:49 -------- d-----w- C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B}
2012-12-29 02:11:37 -------- d-----w- C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14}
2012-12-28 14:11:26 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527}
2012-12-27 14:10:40 -------- d-----w- C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6}
2012-12-27 02:14:27 -------- d-----w- C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0}
2012-12-27 02:10:40 -------- d-----w- C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB}
2012-12-26 14:10:16 -------- d-----w- C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335}
2012-12-26 02:10:01 -------- d-----w- C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6}
2012-12-25 15:51:57 -------- d-----w- C:\Users\Soonhee\AppData\Local\ArcSoft
2012-12-25 15:49:52 -------- d-----w- C:\ProgramData\ArcSoft
2012-12-25 15:48:48 22784 ----a-w- C:\Windows\SysWow64\drivers\afc.sys
2012-12-25 14:09:37 -------- d-----w- C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6}
2012-12-25 02:09:13 -------- d-----w- C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784}
2012-12-23 14:08:39 -------- d-----w- C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90}
2012-12-23 02:08:14 -------- d-----w- C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A}
2012-12-22 14:07:50 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855}
2012-12-22 02:07:39 -------- d-----w- C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A}
2012-12-21 14:07:16 -------- d-----w- C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918}
2012-12-21 12:06:32 -------- d-----w- C:\Users\Soonhee\AppData\Roaming\AVG
2012-12-21 12:05:50 -------- d-----w- C:\ProgramData\AVG
2012-12-21 12:05:46 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-21 02:06:51 -------- d-----w- C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C}
2012-12-21 00:43:30 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 00:43:30 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 00:43:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 00:43:29 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 00:02:00 -------- d-----w- C:\Program Files (x86)\Sibelius Software
2012-12-20 14:06:27 -------- d-----w- C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B}
2012-12-20 02:06:16 -------- d-----w- C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7}
2012-12-19 14:05:52 -------- d-----w- C:\Users\Soonhee\AppData\Local\{F467E580-D870-4BD7-9DDE-BCE688B8335D}
2012-12-19 12:30:02 -------- d-----w- C:\Program Files\iPod
2012-12-19 12:30:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-19 12:30:01 -------- d-----w- C:\Program Files\iTunes
2012-12-19 12:30:01 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-19 02:05:40 -------- d-----w- C:\Users\Soonhee\AppData\Local\{B058FB32-5D36-49AC-BFC7-AF2608AE57B4}
2012-12-18 20:07:11 106240 ----a-w- C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
2012-12-18 14:05:29 -------- d-----w- C:\Users\Soonhee\AppData\Local\{2436B3AB-48DF-48AE-8BA0-4DFA6655AAA7}
2012-12-18 02:05:04 -------- d-----w- C:\Users\Soonhee\AppData\Local\{B65430F0-D675-4AAD-9ACD-42C1B2BE0E79}
2012-12-17 22:28:41 -------- d-----w- C:\Users\Soonhee\AppData\Roaming\Funmoods
2012-12-17 22:28:16 -------- d-----w- C:\ProgramData\Tarma Installer
2012-12-17 22:28:02 -------- d-----w- C:\Users\Soonhee\AppData\Local\PutLockerDownloader
.
==================== Find3M ====================
.
2013-01-08 21:45:38 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 21:45:38 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH: 14:40:59.11 ===============
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.



ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
15:31:38.0537 7120 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:31:39.0114 7120 ============================================================
15:31:39.0114 7120 Current date / time: 2013/01/16 15:31:39.0114
15:31:39.0114 7120 SystemInfo:
15:31:39.0114 7120
15:31:39.0114 7120 OS Version: 6.1.7601 ServicePack: 1.0
15:31:39.0114 7120 Product type: Workstation
15:31:39.0129 7120 ComputerName: SOONHEE-HP
15:31:39.0129 7120 UserName: Soonhee
15:31:39.0129 7120 Windows directory: C:\Windows
15:31:39.0129 7120 System windows directory: C:\Windows
15:31:39.0129 7120 Running under WOW64
15:31:39.0129 7120 Processor architecture: Intel x64
15:31:39.0129 7120 Number of processors: 4
15:31:39.0129 7120 Page size: 0x1000
15:31:39.0129 7120 Boot type: Normal boot
15:31:39.0129 7120 ============================================================
15:31:39.0753 7120 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:31:39.0769 7120 ============================================================
15:31:39.0769 7120 \Device\Harddisk0\DR0:
15:31:39.0769 7120 MBR partitions:
15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380DC800
15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38140800, BlocksNum 0x2211800
15:31:39.0769 7120 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
15:31:39.0769 7120 ============================================================
15:31:39.0800 7120 C: <-> \Device\Harddisk0\DR0\Partition2
15:31:39.0831 7120 D: <-> \Device\Harddisk0\DR0\Partition3
15:31:39.0831 7120 ============================================================
15:31:39.0831 7120 Initialize success
15:31:39.0831 7120 ============================================================
15:32:07.0459 3644 ============================================================
15:32:07.0459 3644 Scan started
15:32:07.0459 3644 Mode: Manual; SigCheck; TDLFS;
15:32:07.0459 3644 ============================================================
15:32:08.0239 3644 ================ Scan system memory ========================
15:32:08.0239 3644 System memory - ok
15:32:08.0239 3644 ================ Scan services =============================
15:32:08.0426 3644 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:32:08.0629 3644 1394ohci - ok
15:32:08.0723 3644 ACDaemon - ok
15:32:08.0770 3644 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:32:08.0801 3644 ACPI - ok
15:32:08.0832 3644 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:32:08.0910 3644 AcpiPmi - ok
15:32:09.0066 3644 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:09.0113 3644 AdobeFlashPlayerUpdateSvc - ok
15:32:09.0160 3644 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:32:09.0175 3644 adp94xx - ok
15:32:09.0222 3644 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:32:09.0238 3644 adpahci - ok
15:32:09.0269 3644 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:32:09.0300 3644 adpu320 - ok
15:32:09.0331 3644 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:32:09.0487 3644 AeLookupSvc - ok
15:32:09.0565 3644 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:32:09.0581 3644 AERTFilters - ok
15:32:09.0659 3644 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
15:32:09.0690 3644 Afc - ok
15:32:09.0737 3644 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:32:09.0815 3644 AFD - ok
15:32:09.0862 3644 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
15:32:10.0002 3644 AgereSoftModem - ok
15:32:10.0033 3644 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:32:10.0064 3644 agp440 - ok
15:32:10.0096 3644 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:32:10.0174 3644 ALG - ok
15:32:10.0205 3644 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:32:10.0220 3644 aliide - ok
15:32:10.0236 3644 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:32:10.0252 3644 amdide - ok
15:32:10.0283 3644 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:32:10.0345 3644 AmdK8 - ok
15:32:10.0361 3644 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:32:10.0408 3644 AmdPPM - ok
15:32:10.0454 3644 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:32:10.0486 3644 amdsata - ok
15:32:10.0501 3644 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:32:10.0517 3644 amdsbs - ok
15:32:10.0532 3644 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:32:10.0548 3644 amdxata - ok
15:32:10.0610 3644 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:32:10.0688 3644 AppID - ok
15:32:10.0720 3644 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:32:10.0844 3644 AppIDSvc - ok
15:32:10.0876 3644 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:32:10.0938 3644 Appinfo - ok
15:32:11.0047 3644 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:32:11.0063 3644 Apple Mobile Device - ok
15:32:11.0094 3644 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:32:11.0125 3644 arc - ok
15:32:11.0125 3644 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:32:11.0156 3644 arcsas - ok
15:32:11.0172 3644 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:32:11.0297 3644 AsyncMac - ok
15:32:11.0344 3644 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:32:11.0359 3644 atapi - ok
15:32:11.0406 3644 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:32:11.0515 3644 athr - ok
15:32:11.0578 3644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:32:11.0671 3644 AudioEndpointBuilder - ok
15:32:11.0671 3644 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:32:11.0718 3644 AudioSrv - ok
15:32:11.0983 3644 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
15:32:12.0124 3644 AVGIDSAgent - ok
15:32:12.0170 3644 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:32:12.0202 3644 AVGIDSDriver - ok
15:32:12.0233 3644 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
15:32:12.0248 3644 AVGIDSHA - ok
15:32:12.0295 3644 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
15:32:12.0326 3644 Avgldx64 - ok
15:32:12.0342 3644 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
15:32:12.0358 3644 Avgloga - ok
15:32:12.0389 3644 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
15:32:12.0389 3644 Avgmfx64 - ok
15:32:12.0420 3644 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
15:32:12.0420 3644 Avgrkx64 - ok
15:32:12.0467 3644 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
15:32:12.0498 3644 Avgtdia - ok
15:32:12.0529 3644 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
15:32:12.0545 3644 avgwd - ok
15:32:12.0592 3644 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:32:12.0685 3644 AxInstSV - ok
15:32:12.0732 3644 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:32:12.0779 3644 b06bdrv - ok
15:32:12.0810 3644 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:32:12.0841 3644 b57nd60a - ok
15:32:12.0950 3644 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:32:13.0044 3644 BCM43XX - ok
15:32:13.0075 3644 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:32:13.0138 3644 BDESVC - ok
15:32:13.0153 3644 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:32:13.0231 3644 Beep - ok
15:32:13.0309 3644 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:32:13.0403 3644 BFE - ok
15:32:13.0450 3644 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:32:13.0528 3644 BITS - ok
15:32:13.0559 3644 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:32:13.0590 3644 blbdrive - ok
15:32:13.0699 3644 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:32:13.0730 3644 Bonjour Service - ok
15:32:13.0777 3644 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:32:13.0824 3644 bowser - ok
15:32:13.0855 3644 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:32:13.0918 3644 BrFiltLo - ok
15:32:13.0933 3644 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:32:13.0949 3644 BrFiltUp - ok
15:32:13.0980 3644 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:32:14.0042 3644 Browser - ok
15:32:14.0074 3644 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:32:14.0136 3644 Brserid - ok
15:32:14.0152 3644 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:32:14.0214 3644 BrSerWdm - ok
15:32:14.0245 3644 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:32:14.0292 3644 BrUsbMdm - ok
15:32:14.0339 3644 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:32:14.0354 3644 BrUsbSer - ok
15:32:14.0417 3644 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:32:14.0495 3644 BthEnum - ok
15:32:14.0510 3644 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:32:14.0557 3644 BTHMODEM - ok
15:32:14.0588 3644 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:32:14.0651 3644 BthPan - ok
15:32:14.0682 3644 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:32:14.0744 3644 BTHPORT - ok
15:32:14.0776 3644 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:32:14.0869 3644 bthserv - ok
15:32:14.0900 3644 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:32:14.0947 3644 BTHUSB - ok
15:32:14.0994 3644 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:32:15.0072 3644 cdfs - ok
15:32:15.0119 3644 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:32:15.0166 3644 cdrom - ok
15:32:15.0228 3644 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:32:15.0306 3644 CertPropSvc - ok
15:32:15.0353 3644 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:32:15.0384 3644 CinemaNow Service - ok
15:32:15.0415 3644 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:32:15.0431 3644 circlass - ok
15:32:15.0462 3644 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:32:15.0493 3644 CLFS - ok
15:32:15.0571 3644 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:15.0587 3644 clr_optimization_v2.0.50727_32 - ok
15:32:15.0634 3644 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:32:15.0649 3644 clr_optimization_v2.0.50727_64 - ok
15:32:15.0758 3644 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:32:15.0774 3644 clr_optimization_v4.0.30319_32 - ok
15:32:15.0836 3644 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:32:15.0852 3644 clr_optimization_v4.0.30319_64 - ok
15:32:15.0883 3644 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:32:15.0930 3644 CmBatt - ok
15:32:15.0961 3644 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:32:15.0992 3644 cmdide - ok
15:32:16.0024 3644 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:32:16.0070 3644 CNG - ok
15:32:16.0086 3644 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:32:16.0102 3644 Compbatt - ok
15:32:16.0148 3644 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:32:16.0195 3644 CompositeBus - ok
15:32:16.0211 3644 COMSysApp - ok
15:32:16.0242 3644 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:32:16.0273 3644 crcdisk - ok
15:32:16.0304 3644 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:32:16.0367 3644 CryptSvc - ok
15:32:16.0445 3644 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:32:16.0492 3644 cvhsvc - ok
15:32:16.0523 3644 [ DE28371013ED2ECCD4FF17F9526B9F27 ] D-Link SharePort Helper C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe
15:32:16.0554 3644 D-Link SharePort Helper ( UnsignedFile.Multi.Generic ) - warning
15:32:16.0554 3644 D-Link SharePort Helper - detected UnsignedFile.Multi.Generic (1)
15:32:16.0616 3644 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:32:16.0710 3644 DcomLaunch - ok
15:32:16.0726 3644 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:32:16.0804 3644 defragsvc - ok
15:32:16.0850 3644 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:32:16.0897 3644 DfsC - ok
15:32:16.0928 3644 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:32:16.0991 3644 Dhcp - ok
15:32:17.0038 3644 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:32:17.0116 3644 discache - ok
15:32:17.0162 3644 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:32:17.0178 3644 Disk - ok
15:32:17.0209 3644 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:32:17.0272 3644 Dnscache - ok
15:32:17.0303 3644 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:32:17.0396 3644 dot3svc - ok
15:32:17.0428 3644 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:32:17.0474 3644 Dot4 - ok
15:32:17.0521 3644 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
15:32:17.0568 3644 Dot4Print - ok
15:32:17.0584 3644 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:32:17.0630 3644 dot4usb - ok
15:32:17.0677 3644 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:32:17.0755 3644 DPS - ok
15:32:17.0786 3644 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:32:17.0818 3644 drmkaud - ok
15:32:17.0864 3644 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:32:17.0911 3644 DXGKrnl - ok
15:32:17.0942 3644 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:32:18.0005 3644 EapHost - ok
15:32:18.0083 3644 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:32:18.0161 3644 ebdrv - ok
15:32:18.0208 3644 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:32:18.0254 3644 EFS - ok
15:32:18.0317 3644 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:32:18.0410 3644 ehRecvr - ok
15:32:18.0426 3644 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:32:18.0488 3644 ehSched - ok
15:32:18.0535 3644 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:32:18.0566 3644 elxstor - ok
15:32:18.0613 3644 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:32:18.0644 3644 ErrDev - ok
15:32:18.0691 3644 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:32:18.0769 3644 EventSystem - ok
15:32:18.0816 3644 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:32:18.0878 3644 exfat - ok
15:32:18.0894 3644 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:32:18.0941 3644 fastfat - ok
15:32:18.0988 3644 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:32:19.0081 3644 Fax - ok
15:32:19.0112 3644 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:32:19.0144 3644 fdc - ok
15:32:19.0190 3644 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:32:19.0253 3644 fdPHost - ok
15:32:19.0253 3644 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:32:19.0315 3644 FDResPub - ok
15:32:19.0331 3644 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:32:19.0346 3644 FileInfo - ok
15:32:19.0362 3644 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:32:19.0424 3644 Filetrace - ok
15:32:19.0440 3644 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:32:19.0456 3644 flpydisk - ok
15:32:19.0487 3644 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:32:19.0518 3644 FltMgr - ok
15:32:19.0565 3644 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:32:19.0612 3644 FontCache - ok
15:32:19.0674 3644 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:32:19.0690 3644 FontCache3.0.0.0 - ok
15:32:19.0721 3644 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:32:19.0736 3644 FsDepends - ok
15:32:19.0783 3644 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:32:19.0799 3644 fssfltr - ok
15:32:19.0955 3644 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:32:20.0017 3644 fsssvc - ok
15:32:20.0064 3644 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:32:20.0080 3644 Fs_Rec - ok
15:32:20.0126 3644 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:32:20.0173 3644 fvevol - ok
15:32:20.0189 3644 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:32:20.0204 3644 gagp30kx - ok
15:32:20.0251 3644 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:32:20.0251 3644 GameConsoleService - ok
15:32:20.0314 3644 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:32:20.0314 3644 GEARAspiWDM - ok
15:32:20.0360 3644 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:32:20.0454 3644 gpsvc - ok
15:32:20.0579 3644 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:20.0594 3644 gupdate - ok
15:32:20.0610 3644 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:32:20.0626 3644 gupdatem - ok
15:32:20.0641 3644 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:32:20.0672 3644 hcw85cir - ok
15:32:20.0704 3644 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:32:20.0750 3644 HdAudAddService - ok
15:32:20.0813 3644 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:32:20.0860 3644 HDAudBus - ok
15:32:20.0906 3644 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:32:20.0938 3644 HECIx64 - ok
15:32:20.0953 3644 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:32:20.0969 3644 HidBatt - ok
15:32:21.0000 3644 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:32:21.0016 3644 HidBth - ok
15:32:21.0031 3644 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:32:21.0047 3644 HidIr - ok
15:32:21.0062 3644 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:32:21.0125 3644 hidserv - ok
15:32:21.0156 3644 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:32:21.0172 3644 HidUsb - ok
15:32:21.0203 3644 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:32:21.0281 3644 hkmsvc - ok
15:32:21.0328 3644 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:32:21.0390 3644 HomeGroupListener - ok
15:32:21.0437 3644 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:32:21.0484 3644 HomeGroupProvider - ok
15:32:21.0593 3644 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:32:21.0624 3644 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:32:21.0624 3644 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:32:21.0686 3644 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:32:21.0718 3644 HP Wireless Assistant Service - ok
15:32:21.0780 3644 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:32:21.0827 3644 hpqwmiex - ok
15:32:21.0874 3644 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:32:21.0889 3644 HpSAMD - ok
15:32:21.0967 3644 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:32:21.0983 3644 HPWMISVC - ok
15:32:22.0030 3644 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:32:22.0108 3644 HTTP - ok
15:32:22.0139 3644 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:32:22.0170 3644 hwpolicy - ok
15:32:22.0217 3644 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:32:22.0248 3644 i8042prt - ok
15:32:22.0295 3644 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:32:22.0326 3644 iaStor - ok
15:32:22.0373 3644 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:32:22.0388 3644 IAStorDataMgrSvc - ok
15:32:22.0420 3644 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:32:22.0466 3644 iaStorV - ok
15:32:22.0529 3644 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:32:22.0576 3644 idsvc - ok
15:32:22.0794 3644 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:32:23.0059 3644 igfx - ok
15:32:23.0075 3644 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:32:23.0090 3644 iirsp - ok
15:32:23.0122 3644 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:32:23.0200 3644 IKEEXT - ok
15:32:23.0278 3644 [ 3C4B4EE54FEBB09F7E9F58776DE96DCA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:32:23.0340 3644 IntcAzAudAddService - ok
15:32:23.0387 3644 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
15:32:23.0449 3644 IntcDAud - ok
15:32:23.0496 3644 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:32:23.0512 3644 intelide - ok
15:32:23.0558 3644 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:32:23.0621 3644 intelppm - ok
15:32:23.0668 3644 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:32:23.0761 3644 IPBusEnum - ok
15:32:23.0792 3644 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:23.0855 3644 IpFilterDriver - ok
15:32:23.0902 3644 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:32:23.0980 3644 iphlpsvc - ok
15:32:24.0026 3644 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:32:24.0073 3644 IPMIDRV - ok
15:32:24.0104 3644 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:32:24.0167 3644 IPNAT - ok
15:32:24.0292 3644 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:32:24.0323 3644 iPod Service - ok
15:32:24.0354 3644 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:32:24.0510 3644 IRENUM - ok
15:32:24.0557 3644 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:32:24.0572 3644 isapnp - ok
15:32:24.0604 3644 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:32:24.0650 3644 iScsiPrt - ok
15:32:24.0682 3644 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:32:24.0697 3644 kbdclass - ok
15:32:24.0728 3644 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:32:24.0744 3644 kbdhid - ok
15:32:24.0760 3644 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:32:24.0775 3644 KeyIso - ok
15:32:24.0806 3644 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:32:24.0838 3644 KSecDD - ok
15:32:24.0869 3644 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:32:24.0884 3644 KSecPkg - ok
15:32:24.0931 3644 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:32:25.0025 3644 ksthunk - ok
15:32:25.0056 3644 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:32:25.0150 3644 KtmRm - ok
15:32:25.0196 3644 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:32:25.0274 3644 LanmanServer - ok
15:32:25.0306 3644 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:25.0368 3644 LanmanWorkstation - ok
15:32:25.0430 3644 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:32:25.0430 3644 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:32:25.0430 3644 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:32:25.0508 3644 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:32:25.0586 3644 lltdio - ok
15:32:25.0633 3644 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:32:25.0727 3644 lltdsvc - ok
15:32:25.0742 3644 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:32:25.0774 3644 lmhosts - ok
15:32:25.0836 3644 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:32:25.0867 3644 LMS - ok
15:32:25.0898 3644 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:32:25.0914 3644 LSI_FC - ok
15:32:25.0976 3644 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:32:26.0008 3644 LSI_SAS - ok
15:32:26.0054 3644 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:32:26.0086 3644 LSI_SAS2 - ok
15:32:26.0117 3644 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:32:26.0132 3644 LSI_SCSI - ok
15:32:26.0179 3644 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:32:26.0273 3644 luafv - ok
15:32:26.0351 3644 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:32:26.0366 3644 MBAMProtector - ok
15:32:26.0460 3644 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:32:26.0507 3644 MBAMScheduler - ok
15:32:26.0522 3644 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:32:26.0554 3644 MBAMService - ok
15:32:26.0585 3644 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:32:26.0632 3644 Mcx2Svc - ok
15:32:26.0663 3644 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:32:26.0678 3644 megasas - ok
15:32:26.0725 3644 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:32:26.0756 3644 MegaSR - ok
15:32:26.0788 3644 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:32:26.0819 3644 MMCSS - ok
15:32:26.0850 3644 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:32:26.0912 3644 Modem - ok
15:32:26.0944 3644 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:32:27.0006 3644 monitor - ok
15:32:27.0037 3644 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:32:27.0053 3644 mouclass - ok
15:32:27.0162 3644 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:32:27.0193 3644 mouhid - ok
15:32:27.0240 3644 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:32:27.0271 3644 mountmgr - ok
15:32:27.0318 3644 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:32:27.0365 3644 mpio - ok
15:32:27.0396 3644 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:32:27.0458 3644 mpsdrv - ok
15:32:27.0490 3644 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:32:27.0599 3644 MpsSvc - ok
15:32:27.0630 3644 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:32:27.0677 3644 MRxDAV - ok
15:32:27.0708 3644 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:27.0802 3644 mrxsmb - ok
15:32:27.0833 3644 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:27.0880 3644 mrxsmb10 - ok
15:32:27.0895 3644 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:27.0911 3644 mrxsmb20 - ok
15:32:27.0973 3644 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:32:28.0004 3644 msahci - ok
15:32:28.0051 3644 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:32:28.0082 3644 msdsm - ok
15:32:28.0114 3644 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:32:28.0160 3644 MSDTC - ok
15:32:28.0223 3644 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:32:28.0301 3644 Msfs - ok
15:32:28.0316 3644 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:32:28.0379 3644 mshidkmdf - ok
15:32:28.0410 3644 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:32:28.0426 3644 msisadrv - ok
15:32:28.0457 3644 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:32:28.0504 3644 MSiSCSI - ok
15:32:28.0504 3644 msiserver - ok
15:32:28.0535 3644 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:32:28.0597 3644 MSKSSRV - ok
15:32:28.0628 3644 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:28.0722 3644 MSPCLOCK - ok
15:32:28.0738 3644 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:32:28.0800 3644 MSPQM - ok
15:32:28.0831 3644 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:32:28.0878 3644 MsRPC - ok
 
Sorry, I didn't realize there was so much text. The tdsskiller log should be attached.
 

Attachments

  • TDSSKiller.2.8.15.0_16.01.2013_15.31.38_log.txt
    141.3 KB · Views: 1
Here is the report from ComboFix:
ComboFix 13-01-16.01 - Soonhee 01/16/2013 15:51:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2329 [GMT -5:00]
Running from: c:\users\Soonhee\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Soonhee\AppData\Roaming\dsnaui.dll
c:\windows\rapidui.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 20:58 . 2013-01-16 20:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\users\Soonhee\AppData\Roaming\Malwarebytes
2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\programdata\Malwarebytes
2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-16 17:48 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-16 17:48 . 2013-01-16 17:48 -------- d-----w- c:\users\Soonhee\AppData\Local\Programs
2013-01-11 14:04 . 2013-01-11 14:04 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-09 07:50 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-25 15:51 . 2012-12-25 15:51 -------- d-----w- c:\users\Soonhee\AppData\Local\ArcSoft
2012-12-25 15:49 . 2012-12-25 22:04 -------- d-----w- c:\programdata\ArcSoft
2012-12-25 15:48 . 2006-11-14 16:31 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2012-12-25 15:48 . 2012-12-28 03:02 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2012-12-25 15:48 . 2012-12-25 22:04 -------- d-----w- c:\users\Soonhee\AppData\Roaming\ArcSoft
2012-12-21 12:06 . 2012-12-21 12:06 -------- d-----w- c:\users\Soonhee\AppData\Roaming\AVG
2012-12-21 12:05 . 2012-12-21 12:07 -------- d-----w- c:\programdata\AVG
2012-12-21 12:05 . 2012-12-21 12:05 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-12-21 00:43 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 00:43 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 00:43 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 00:43 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 00:02 . 2012-12-21 00:02 -------- d-----w- c:\program files (x86)\Sibelius Software
2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\program files\iPod
2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\program files\iTunes
2012-12-19 12:30 . 2012-12-19 12:30 -------- d-----w- c:\program files (x86)\iTunes
2012-12-18 20:07 . 2012-12-18 20:07 106240 ----a-w- c:\program files (x86)\Internet Explorer\plugins\nppdf32.dll
2012-12-17 22:28 . 2012-12-17 22:28 -------- d-----w- c:\users\Soonhee\AppData\Roaming\Funmoods
2012-12-17 22:28 . 2012-12-18 13:29 -------- d-----w- c:\programdata\Tarma Installer
2012-12-17 22:28 . 2012-12-17 22:28 -------- d-----w- c:\users\Soonhee\AppData\Local\PutLockerDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:03 . 2011-02-11 19:30 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 21:45 . 2012-04-03 22:00 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 21:45 . 2011-05-19 20:32 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
2012-11-30 04:45 . 2013-01-09 07:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-16 04:33 . 2012-11-16 04:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-14 07:06 . 2012-12-13 08:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 08:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 08:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 08:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 08:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 08:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 08:01 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 08:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 08:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 08:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 08:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 08:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 08:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 08:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 08:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 08:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 08:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 08:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 08:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 08:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 08:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 11:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 11:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 11:09 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 11:09 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Soonhee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SharePort Utility.lnk - c:\program files\D-Link\SharePort Utility\Connect.exe [2011-2-9 399208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-05-31 333928]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [2011-02-09 49152]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2011-02-09 291336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 39697321
*Deregistered* - 39697321
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-10 18:09 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:45]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 02:47]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-08 02:47]
.
2013-01-14 c:\windows\Tasks\HPCeeScheduleForSoonhee.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-17 6486120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-dsnaui - c:\users\Soonhee\AppData\Roaming\dsnaui.dll
Wow6432Node-HKCU-Run-wicinc - c:\users\Soonhee\AppData\Roaming\wicinc.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-56107308.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-16 16:00:36
ComboFix-quarantined-files.txt 2013-01-16 21:00
.
Pre-Run: 347,705,094,144 bytes free
Post-Run: 348,345,364,480 bytes free
.
- - End Of File - - C23F4C14E12CEC076C2AAC27F8C47131
 
Hi again. Did you install some fonts a few weeks ago?

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.
 
Thank you for all of your help. I do not recall installing any new fonts in the last few weeks.
Here is the Adware report:
# AdwCleaner v2.106 - Logfile created 01/17/2013 at 13:03:27
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Soonhee - SOONHEE-HP
# Boot Mode : Normal
# Running from : C:\Users\Soonhee\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Soonhee\AppData\Roaming\Funmoods
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EtCyByE0AyByEzy0FtBtCtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1546856409 --> hxxp://www.google.com
-\\ Google Chrome v24.0.1312.52
File : C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [2619 octets] - [17/01/2013 13:03:27]
########## EOF - C:\AdwCleaner[S1].txt - [2679 octets] ##########
 
Here is the Junkware report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.3 (01.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Soonhee on Thu 01/17/2013 at 13:11:00.00
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

~~~ Chrome
Successfully deleted: [Folder] C:\Users\Soonhee\appdata\local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Folder] C:\Users\Soonhee\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/17/2013 at 13:17:32.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Go to www.virustotal.com and submit the following file for scanning by hitting first the Choose File button, look for c:\windows\Fonts\RPRSTITL.FOT, and hitting Scan It!

Once done, post the URL from the address bar for the result, in your next reply.


OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
I can't find the file c:\windows\fonts\rprstitl.fot. Should it come up in a search of the c: drive? When I click on Choose File and paste the file name in, nothing happens.

Here is the first half of the OTL log:


OTL logfile created on: 1/18/2013 5:04:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soonhee\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 33.83% Memory free
7.60 Gb Paging File | 5.20 Gb Available in Paging File | 68.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.43 Gb Total Space | 322.74 Gb Free Space | 71.97% Space Free | Partition Type: NTFS
Drive D: | 17.03 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

Computer Name: SOONHEE-HP | User Name: Soonhee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 17:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soonhee\Downloads\OTL.exe
PRC - [2013/01/08 15:45:54 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/09 03:43:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013/01/09 03:35:44 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/09 03:35:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 03:35:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:35:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 03:34:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 03:34:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 03:34:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 03:34:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 03:34:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/02/09 16:26:03 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/08 16:45:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 09:34:38 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/09 16:26:04 | 000,291,336 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2011/01/24 14:41:46 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 14:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-notebook.us.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}
IE - HKCU\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}: "URL" = http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)



========== Chrome ==========

CHR - homepage: http://hp-notebook.us.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://hp-notebook.us.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Seashells = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdibpgknlnbmlmikbbifpeienojmkea\1_0\
CHR - Extension: Gmail = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/16 15:58:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
 
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - Startup: C:\Users\Soonhee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Utility.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...on&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 10:11:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{8A1168FA-5F24-4EA3-BF6A-C8C01270985E}
[2013/01/17 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{6EE1CBEF-D601-444F-ADB2-2D410A530498}
[2013/01/17 13:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/17 13:10:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/17 13:10:38 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
[2013/01/17 13:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/17 10:10:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DA4CDC8C-DF33-4B25-A67F-141C2E6617AF}
[2013/01/16 16:00:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 15:49:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 15:49:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 15:49:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 15:49:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 15:49:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/16 15:36:38 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
[2013/01/16 12:56:29 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E}
[2013/01/16 12:48:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\Malwarebytes
[2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/16 12:48:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/16 12:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/16 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\Programs
[2013/01/16 00:56:04 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A}
[2013/01/15 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B}
[2013/01/15 00:55:41 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7}
[2013/01/14 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823}
[2013/01/14 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0}
[2013/01/13 12:54:41 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931}
[2013/01/13 00:54:30 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54}
[2013/01/12 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F}
[2013/01/12 00:54:07 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5}
[2013/01/11 12:53:56 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE}
[2013/01/11 09:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/11 00:53:44 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A}
[2013/01/10 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567}
[2013/01/10 00:53:21 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2}
[2013/01/09 12:53:10 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB}
[2013/01/09 00:52:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D}
[2013/01/08 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958}
[2013/01/08 00:52:23 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3}
[2013/01/07 12:52:11 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B}
[2013/01/07 00:51:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B}
[2013/01/06 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/06 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE}
[2013/01/03 22:00:04 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E}
[2013/01/03 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138}
[2013/01/03 21:13:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC}
[2013/01/03 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7}
[2013/01/02 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217}
[2013/01/02 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4}
[2013/01/02 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840}
[2013/01/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026}
[2013/01/01 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E}
[2012/12/31 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555}
[2012/12/30 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F}
[2012/12/29 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A}
[2012/12/29 09:11:49 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B}
[2012/12/28 21:11:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14}
[2012/12/28 09:11:26 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527}
[2012/12/27 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6}
[2012/12/26 21:14:27 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0}
[2012/12/26 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB}
[2012/12/26 09:10:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335}
[2012/12/25 21:10:01 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6}
[2012/12/25 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\ArcSoft
[2012/12/25 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/12/25 10:48:48 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012/12/25 10:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012/12/25 10:48:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\ArcSoft
[2012/12/25 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\Documents\zm1
[2012/12/25 09:09:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6}
[2012/12/24 21:09:13 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784}
[2012/12/23 09:08:39 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90}
[2012/12/22 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A}
[2012/12/22 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855}
[2012/12/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A}
[2012/12/21 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918}
[2012/12/21 07:06:32 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\AVG
[2012/12/21 07:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/12/21 07:05:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/12/20 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C}
[2012/12/20 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2012/12/20 09:06:27 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B}
[2012/12/19 21:06:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7}
[1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 17:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/18 16:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 23:08:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/17 13:27:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 13:27:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 13:19:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/17 13:19:41 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/17 13:10:44 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
[2013/01/17 13:02:50 | 000,574,677 | ---- | M] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
[2013/01/16 15:58:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/16 15:52:38 | 000,006,527 | ---- | M] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
[2013/01/16 15:37:07 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
[2013/01/16 12:48:38 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 21:30:49 | 000,002,251 | ---- | M] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
[2013/01/13 21:30:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSoonhee.job
[2013/01/09 03:29:53 | 000,516,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 03:08:20 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 03:08:20 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 03:08:20 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/07 10:41:03 | 000,134,656 | ---- | M] () -- C:\Users\Soonhee\Documents\february.cal
[2013/01/06 16:15:22 | 000,000,102 | ---- | M] () -- C:\Users\Soonhee\jobq.dat
[2012/12/26 16:10:30 | 005,039,834 | ---- | M] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
[2012/12/25 10:31:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 13:02:25 | 000,574,677 | ---- | C] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
[2013/01/16 15:49:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 15:49:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 15:49:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 15:49:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 15:49:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 12:48:38 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 22:45:14 | 000,006,527 | ---- | C] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
[2013/01/06 17:39:30 | 000,002,251 | ---- | C] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
[2012/12/26 16:10:30 | 005,039,834 | ---- | C] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
[2012/12/25 10:31:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2012/02/11 20:50:12 | 000,000,102 | ---- | C] () -- C:\Users\Soonhee\jobq.dat
[2011/03/03 07:54:18 | 000,001,854 | ---- | C] () -- C:\Users\Soonhee\AppData\Roaming\GhostObjGAFix.xml
[2011/02/19 00:17:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/10 21:21:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/09 16:21:47 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 14:41:09 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/01/24 14:41:09 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/10 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Amazon
[2012/12/21 07:06:32 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG
[2012/12/11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG2013
[2012/03/16 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\BattleTag
[2011/08/23 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Catalina Marketing Corp
[2012/10/30 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\com.amazon.music.uploader
[2011/03/17 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\GetRightToGo
[2011/07/28 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\go
[2011/04/22 16:29:17 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Keynote Systems
[2012/05/13 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\OverDrive
[2012/01/18 17:20:38 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\PDF Writer
[2011/03/17 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Playlist Creator for SanDisk Sansa Fuze
[2011/02/26 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Rovio
[2012/02/07 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SanDisk
[2013/01/13 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SoftGrid Client
[2011/02/09 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TP
[2012/12/24 21:51:07 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TuneUp Software
[2011/02/13 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:B1FBBD09
@Alternate Data Stream - 143 bytes -> C:\Users\Soonhee\Documents\FamilyNews 2011.nws:OECustomProperty
< End of report >
 
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
    2012-12-21 00:02 . 2012-12-21 00:02 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
    @Alternate Data Stream - 188 bytes -> C:\ProgramData\Temp:B1FBBD09
    IE - HKLM\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    [2013/01/18 10:11:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{8A1168FA-5F24-4EA3-BF6A-C8C01270985E}
    [2013/01/17 22:11:10 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{6EE1CBEF-D601-444F-ADB2-2D410A530498}
    [2013/01/17 10:10:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DA4CDC8C-DF33-4B25-A67F-141C2E6617AF}
    [2013/01/16 12:56:29 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E}
    [2013/01/16 00:56:04 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A}
    [2013/01/15 12:55:53 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B}
    [2013/01/15 00:55:41 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7}
    [2013/01/14 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823}
    [2013/01/14 00:55:05 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0}
    [2013/01/13 12:54:41 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931}
    [2013/01/13 00:54:30 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54}
    [2013/01/12 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F}
    [2013/01/12 00:54:07 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5}
    [2013/01/11 12:53:56 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE}
    [2013/01/11 00:53:44 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A}
    [2013/01/10 12:53:33 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567}
    [2013/01/10 00:53:21 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2}
    [2013/01/09 12:53:10 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB}
    [2013/01/09 00:52:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D}
    [2013/01/08 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958}
    [2013/01/08 00:52:23 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3}
    [2013/01/07 12:52:11 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B}
    [2013/01/07 00:51:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B}
    [2013/01/06 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE}
    [2013/01/03 22:00:04 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E}
    [2013/01/03 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138}
    [2013/01/03 21:13:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC}
    [2013/01/03 09:13:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7}
    [2013/01/02 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217}
    [2013/01/02 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4}
    [2013/01/02 09:13:36 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840}
    [2013/01/01 21:13:12 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026}
    [2013/01/01 09:12:48 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E}
    [2012/12/31 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555}
    [2012/12/30 21:16:17 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F}
    [2012/12/29 21:12:13 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A}
    [2012/12/29 09:11:49 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B}
    [2012/12/28 21:11:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14}
    [2012/12/28 09:11:26 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527}
    [2012/12/27 09:10:40 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6}
    [2012/12/26 21:14:27 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0}
    [2012/12/26 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB}
    [2012/12/26 09:10:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335}
    [2012/12/25 21:10:01 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6}
    [2012/12/25 09:09:37 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6}
    [2012/12/24 21:09:13 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784}
    [2012/12/23 09:08:39 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90}
    [2012/12/22 21:08:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A}
    [2012/12/22 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855}
    [2012/12/21 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A}
    [2012/12/21 09:07:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918}
    [2012/12/20 21:06:51 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C}
    [2012/12/20 09:06:27 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B}
    [2012/12/19 21:06:16 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7}

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [createrestorepoint]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
 
Thank you for all of your help so far. Here is the log:

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:B1FBBD09 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{756E955F-433D-4104-8ACE-E010EEB1676F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{756E955F-433D-4104-8ACE-E010EEB1676F}\ not found.
C:\Users\Soonhee\AppData\Local\{8A1168FA-5F24-4EA3-BF6A-C8C01270985E} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{6EE1CBEF-D601-444F-ADB2-2D410A530498} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{DA4CDC8C-DF33-4B25-A67F-141C2E6617AF} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{53F955B6-5359-4C07-AAFD-C78AC4C8F79E} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{DA455F72-E61E-4F14-9E51-DD9CC33C096A} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{90A188E5-5CE1-48E1-AAAB-AF65BF88237B} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{3224FD7A-1F58-4B9A-96EF-B5B460A213A7} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{F5711428-0A51-457F-A744-DA5093DF9823} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{189806CC-1454-4D8C-A061-E9786FDA27A0} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{CA30C01E-91CA-48ED-A22A-07B545671931} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{0678FA0F-0115-4EF0-9E45-BF6605BB4D54} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{38D9CD14-ED29-482C-8BB9-7D00A1E60C8F} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{9D9C5BA4-9955-427E-B04D-D614868C11D5} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{DD8321E7-F6F5-47E1-A024-46480E6BB4CE} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{F18794B9-A069-4360-97FE-377695F4B42A} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{CE3DB77C-1D4A-4F9A-84BF-2FD5117D4567} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{D7F33C4E-738D-425B-8931-0816C45188C2} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{AA81209E-7F86-4BDA-B63D-9FDCA7F533AB} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{DE5D4EFA-61A9-49E4-8DDB-C7D9FF6B2A5D} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{0F581606-B542-4930-A89D-286CFB5F4958} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{C63C60DC-D177-462B-BA1D-B8044BD928D3} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{5AF5EDF8-B03E-4228-AB88-D67DE7ADE11B} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{68C6DB11-4379-4FF3-8750-B5FDB570DF4B} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{2809DE96-C024-4C31-973D-B9969B232DEE} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{20F20BCA-A9F2-4FB7-BEAD-E2A7B4F7387E} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{BE6F75DD-C5CE-4A55-AE9C-92689E1CE138} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{937BC905-7FAF-4958-B85B-DEC53F7E66DC} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{30E47F53-D73B-4093-A6F0-07586F32DFA7} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{219DB684-BDF6-49A2-9D01-53627BD8F217} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{056CE7D9-977C-4F92-AC81-B612B1B990E4} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{A5870FDE-A698-4EB8-899F-8F91781B6840} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{D9E67523-2B92-4277-BDE2-293B55AE9026} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{AC7AF2BC-78C8-4B10-A507-2D1C351BB61E} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{FD45294D-18C0-4457-B319-DE27B6387555} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{4EB2EBE0-980F-40AA-BDD2-CC681942389F} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{DB37810D-BFA8-4E5A-9A87-19A6161DCF6A} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{6171F3CF-2CF7-45D4-A87E-84D6994D7A2B} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{B714DE06-4EFB-44E3-9F95-171F75DC2D14} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{CD1A715E-99F0-4F34-AA1E-2C4EACC9A527} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{1D64B58D-5198-4B3D-B0DA-C7FC9B6A04C6} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{80EBAFB4-E9AF-4D6C-A561-6F13AE5D70B0} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{A159D5D5-A17F-4036-A3B4-1F10AF342BCB} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{E95AE9E4-F7F8-4E8D-81FF-DFD1F499A335} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{C48B0322-4793-4DB4-AADB-AFD8083747D6} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{EBB96F89-697D-4600-9112-A8B1897007C6} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{9E240396-87A8-4BEC-840F-4A8FC67C1784} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{A8DC3975-B7AC-4F61-B7F6-9D8063EAEA90} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{1FFDCAB3-77BB-4E88-9142-125D729D553A} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{CB739951-7BA3-4B33-ADF6-883C989F2855} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{D049C331-5667-480C-B7C2-945CB34F7E0A} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{0440F9AA-F5BE-4E09-981D-BB4A2EA30918} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{44F22FA7-9EFE-4C70-9398-E8D7B287477C} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{26E0FD88-3691-43CD-BF59-0BD6409B134B} folder moved successfully.
C:\Users\Soonhee\AppData\Local\{CD034950-89C6-4222-96D1-2B531B8F3CB7} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Soonhee\Downloads\cmd.bat deleted successfully.
C:\Users\Soonhee\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Soonhee
->Temp folder emptied: 2043225 bytes
->Temporary Internet Files folder emptied: 1100177850 bytes
->Java cache emptied: 945091 bytes
->Google Chrome cache emptied: 104347785 bytes
->Flash cache emptied: 1826175 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5484 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,153.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01192013_125855
Files\Folders moved on Reboot...
C:\Users\Soonhee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Soonhee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTMQ8OER\bind[1].htm not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Okay, thanks!

OTL logfile created on: 1/19/2013 4:03:37 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Soonhee\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.39% Memory free
7.60 Gb Paging File | 5.57 Gb Available in Paging File | 73.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.43 Gb Total Space | 326.60 Gb Free Space | 72.83% Space Free | Partition Type: NTFS
Drive D: | 17.03 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

Computer Name: SOONHEE-HP | User Name: Soonhee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 17:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Soonhee\Downloads\OTL.exe
PRC - [2013/01/08 15:45:54 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/09 03:43:01 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013/01/09 03:35:44 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013/01/09 03:35:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 03:35:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:35:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 03:34:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 03:34:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 03:34:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 03:34:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 03:34:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/02/09 16:26:03 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/08 16:45:38 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 09:34:38 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/09 16:26:04 | 000,291,336 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2011/01/24 14:41:46 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 14:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-notebook.us.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}
IE - HKCU\..\SearchScopes\{3362B145-4DC1-4760-A49E-39096B76A197}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{756E955F-433D-4104-8ACE-E010EEB1676F}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{97A3D1B5-C315-43C5-9419-264727BDA343}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{B844945D-34DC-473E-9837-E866FA4F8760}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CE3DC97B-4DB5-42C3-9918-8D8F68A70FC8}: "URL" = http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)



========== Chrome ==========

CHR - homepage: http://hp-notebook.us.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://hp-notebook.us.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Seashells = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpdibpgknlnbmlmikbbifpeienojmkea\1_0\
CHR - Extension: Gmail = C:\Users\Soonhee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
File: ([2013/01/16 15:58:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - Startup: C:\Users\Soonhee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Utility.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...on&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9EDCED-29C9-4798-86C4-E35D19F890F8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/19 12:58:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/19 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{F0145D01-49D3-4380-8DE6-AD5012D194FF}
[2013/01/18 22:11:36 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\{D6E842DF-8BD8-497F-A26E-52A5E2D15BCE}
[2013/01/17 13:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/17 13:10:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/17 13:10:38 | 000,499,213 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
[2013/01/17 13:06:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 16:00:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 15:49:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 15:49:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 15:49:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 15:49:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 15:49:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/16 15:36:38 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
[2013/01/16 12:48:46 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\Malwarebytes
[2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/16 12:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/16 12:48:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/16 12:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/16 12:48:22 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\Programs
[2013/01/11 09:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/06 17:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/25 10:51:57 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Local\ArcSoft
[2012/12/25 10:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/12/25 10:48:48 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012/12/25 10:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012/12/25 10:48:14 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\ArcSoft
[2012/12/25 10:45:28 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\Documents\zm1
[2012/12/21 07:06:32 | 000,000,000 | ---D | C] -- C:\Users\Soonhee\AppData\Roaming\AVG
[2012/12/21 07:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/12/21 07:05:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/12/20 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/19 15:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/19 15:08:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/19 13:12:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 13:12:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 13:05:36 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 13:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 13:05:09 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/19 11:36:06 | 000,514,048 | ---- | M] () -- C:\Users\Soonhee\Documents\february.cal
[2013/01/17 13:10:44 | 000,499,213 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Soonhee\Desktop\JRT.exe
[2013/01/17 13:02:50 | 000,574,677 | ---- | M] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
[2013/01/16 15:58:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/16 15:52:38 | 000,006,527 | ---- | M] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
[2013/01/16 15:37:07 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\Soonhee\Desktop\ComboFix.exe
[2013/01/16 12:48:38 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 21:30:49 | 000,002,251 | ---- | M] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
[2013/01/13 21:30:19 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSoonhee.job
[2013/01/09 03:29:53 | 000,516,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 03:08:20 | 000,741,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 03:08:20 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 03:08:20 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/06 16:15:22 | 000,000,102 | ---- | M] () -- C:\Users\Soonhee\jobq.dat
[2012/12/26 16:10:30 | 005,039,834 | ---- | M] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
[2012/12/25 10:31:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[1 C:\Users\Soonhee\Documents\*.tmp files -> C:\Users\Soonhee\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 13:02:25 | 000,574,677 | ---- | C] () -- C:\Users\Soonhee\Desktop\adwcleaner.exe
[2013/01/16 15:49:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 15:49:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 15:49:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 15:49:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 15:49:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 12:48:38 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/15 22:45:14 | 000,006,527 | ---- | C] () -- C:\Users\Soonhee\AppData\Local\e415c395-27bf-4fc0-9d92-837b7dfc3483.crx
[2013/01/06 17:39:30 | 000,002,251 | ---- | C] () -- C:\Users\Soonhee\Desktop\Google Chrome.lnk
[2012/12/26 16:10:30 | 005,039,834 | ---- | C] () -- C:\Users\Soonhee\Documents\Christmas news 2012.pdf
[2012/12/25 10:31:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_EhStorPwdDrv_01_09_00.Wdf
[2012/02/11 20:50:12 | 000,000,102 | ---- | C] () -- C:\Users\Soonhee\jobq.dat
[2011/03/03 07:54:18 | 000,001,854 | ---- | C] () -- C:\Users\Soonhee\AppData\Roaming\GhostObjGAFix.xml
[2011/02/19 00:17:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/10 21:21:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/09 16:21:47 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/24 14:41:09 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/01/24 14:41:09 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/10 21:09:30 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Amazon
[2012/12/21 07:06:32 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG
[2012/12/11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\AVG2013
[2012/03/16 21:51:53 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\BattleTag
[2011/08/23 11:43:03 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Catalina Marketing Corp
[2012/10/30 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\com.amazon.music.uploader
[2011/03/17 13:54:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\GetRightToGo
[2011/07/28 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\go
[2011/04/22 16:29:17 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Keynote Systems
[2012/05/13 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\OverDrive
[2012/01/18 17:20:38 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\PDF Writer
[2011/03/17 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Playlist Creator for SanDisk Sansa Fuze
[2011/02/26 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Rovio
[2012/02/07 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SanDisk
[2013/01/13 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\SoftGrid Client
[2011/02/09 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TP
[2012/12/24 21:51:07 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\TuneUp Software
[2011/02/13 13:58:20 | 000,000,000 | ---D | M] -- C:\Users\Soonhee\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Soonhee\Documents\FamilyNews 2011.nws:OECustomProperty
< End of report >
 
avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.


RogueKiller Scan

  • Download RogueKiller from the following link and save it on your desktop:
    TechSpot
    Official Site (alternative
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
Good morning! Here is the MBR info:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-21 09:21:19
-----------------------------
09:21:19.289 OS Version: Windows x64 6.1.7601 Service Pack 1
09:21:19.289 Number of processors: 4 586 0x2505
09:21:19.289 ComputerName: SOONHEE-HP UserName: Soonhee
09:21:22.316 Initialize success
09:21:53.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:21:53.625 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
09:21:53.641 Disk 0 MBR read successfully
09:21:53.656 Disk 0 MBR scan
09:21:53.656 Disk 0 unknown MBR code
09:21:53.672 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:21:53.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459193 MB offset 409600
09:21:53.719 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17443 MB offset 940836864
09:21:53.719 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
09:21:53.750 Disk 0 scanning C:\Windows\system32\drivers
09:22:01.706 Service scanning
09:22:21.331 Modules scanning
09:22:21.347 Scan finished successfully
09:22:42.937 Disk 0 MBR has been saved successfully to "C:\Users\Soonhee\Desktop\MBR.dat"
09:22:42.937 The log file has been saved successfully to "C:\Users\Soonhee\Desktop\aswMBR.txt"
 

Attachments

  • MBRscan.txt
    512 bytes · Views: 2
#1

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Soonhee [Admin rights]
Mode : Scan -- Date : 01/21/2013 09:27:35
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4902 : wscript.exe C:\Users\Soonhee\AppData\Local\Temp\launchie.vbs //B -> FOUND
[TASK][SUSP PATH] Funmoods : C:\Users\Soonhee\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 374e3325c1c1847b6fa1b4f93c8dd912
[BSP] f3075bc5a2f280d1fda7138b61330516 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459193 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940836864 | Size: 17443 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01212013_02d0927.txt >>
RKreport[1]_S_01212013_02d0927.txt
 
#2

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Soonhee [Admin rights]
Mode : Remove -- Date : 01/21/2013 09:28:41
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 11 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> DELETED
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4902 : wscript.exe C:\Users\Soonhee\AppData\Local\Temp\launchie.vbs //B -> DELETED
[TASK][SUSP PATH] Funmoods : C:\Users\Soonhee\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE /Check -> DELETED
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> ERROR
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 374e3325c1c1847b6fa1b4f93c8dd912
[BSP] f3075bc5a2f280d1fda7138b61330516 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459193 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940836864 | Size: 17443 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01212013_02d0928.txt >>
RKreport[1]_S_01212013_02d0927.txt ; RKreport[2]_D_01212013_02d0928.txt
 
#3

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Soonhee [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/21/2013 09:30:52
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 7 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 2012 / Fail 0
My documents: Success 4 / Fail 4
My favorites: Success 0 / Fail 0
My pictures: Success 84 / Fail 0
My music: Success 1237 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 81 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[Q:] \Device\SftVol -- 0x3 --> Restored
Finished : << RKreport[3]_SC_01212013_02d0930.txt >>
RKreport[1]_S_01212013_02d0927.txt ; RKreport[2]_D_01212013_02d0928.txt ; RKreport[3]_SC_01212013_02d0930.txt
 
Kaspersky GetSystemInfo Scan

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.
2hd457o.gif


settingsslider.png


Set the slider to Maximum.

driversports.png


IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


generaltab.png


On the General tab, make sure all of the boxes are checked.


misce.png


On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


2ekm73m.gif

Click Create Report to run it.

beginscanning.png

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Microsoft's vision for .NET 9 development framework is all about AI and cloud
Replies
1
Views
157
erickmendes
erickmendes
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
398
trparky
T

Latest posts

Back