Hi, I'm having trouble with Google search redirecting. I have used MS Essential and Malwarebytes Anti-Malware to scan, but it couldn't detect what was causing the problem. Everything else seem okay so far, but the computer seems to be little slower than before. Any help will be appreciated.
Following logs are from Malwarebytes Anti-Malware and DDS. GMER did not give any logs.
Malwarebytes Anti-Malware:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.13.10
Windows 7 Service Pack 3 x64 NTFS
Internet Explorer 9.0.8112.16421
Moon :: MOON-HP [administrator]
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204393
Time elapsed: 1 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-05-17 오후 7:22:06
System Uptime: 2012-09-15 오후 3:28:21 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 358B
Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 22.193 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 2012-09-15 오후 2:04:27 - Installed Microsoft Office Professional Plus 2010
RP96: 2012-09-15 오후 3:38:42 - Installed HiJackThis
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD System Monitor
AMD VISION Engine Control Center
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Brother MFL-Pro Suite MFC-J435W
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink YouCam
Cyphers
D3DX10
DAEMON Tools Lite
Daum 팟인코더
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dota 2
DTS+AC3 Filter
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
GOM Player
GOMTV Plug-in
Grand Theft Auto IV - Episodes From Liberty City
Guitar Pro 5.2
Hi-Rez Studios Authenticate and Update Service
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
League of Legends
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MPEG2코덱(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
NAT Service 2.6.6.11
NeoplePlugin
Nexon Game Manager
NVIDIA PhysX
Orbit Downloader
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime Alternative 1.81
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Show (동영상변환기)
Slingo Supreme
Smite Closed Beta
StarCraft II
Steam
SuddenAttack
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vindictus
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zuma Deluxe
μTorrent
넷폴더접속기
반디집
아프리카TV streamer 제거
.
==== Event Viewer Messages From Past Week ========
.
2012-09-15 오후 12:39:25, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오후 12:34:55, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오후 12:30:26, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오후 12:27:45, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오전 3:43:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:27:17, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오전 3:25:14, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-14 오후 6:54:09, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Moon at 16:03:13 on 2012-09-15
Microsoft Windows 7 Home Premium 6.1.7601.3.949.82.1033.18.7659.5613 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\NAT Service\natsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [IME14 KOR Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /KOR /Log
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAHealth = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Microsoft Excel로내보내기(&X) - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: OneNote로보내기(&N) - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E07939AA-05BA-42d3-AD20-5DCC46459BEA} - hxxp://www.cyphers.co.kr/object/cyphers_real.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://comic.naver.com/common/cab/NaverAXGuide.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A}\2456C6B696E6F574F505C65737F5D494D4F4F5832473034303 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A}\861686168616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3B3EFB38-9648-4662-9ED9-CE5D5351070A} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FD9B11CF-92C5-4568-BDBA-0B47313783D3} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [IME14 KOR Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /KOR /Log
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\lgixraxd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\Downloaded Program Files\npAFCStarter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-21 8704]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-14 2375168]
R2 NATService;NATService;C:\Program Files (x86)\NAT Service\natsvc.exe [2012-7-31 655960]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-22 245760]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-8-7 674912]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-15 20:01:15 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB732FA5-63E6-4214-9DDB-BC4FDFC6E55E}\mpengine.dll
2012-09-15 19:39:17 388096 ----a-r- C:\Users\Moon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-15 19:39:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-09-15 19:24:56 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-09-15 19:24:53 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-15 19:23:59 -------- d-----w- C:\ProgramData\PC Tools
2012-09-15 19:23:56 -------- d-----w- C:\Users\Moon\AppData\Roaming\TestApp
2012-09-15 18:14:54 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-09-15 18:13:13 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-15 18:08:52 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-15 18:07:03 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2012-09-15 18:07:03 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-15 18:06:47 -------- d-----w- C:\Windows\SHELLNEW
2012-09-15 17:51:08 -------- d-----w- C:\Users\Moon\AppData\Local\{F46DB355-09DB-464F-92E0-0F230A781A18}
2012-09-15 06:21:34 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-09-15 05:53:32 -------- d-----w- C:\Program Files (x86)\MSECache
2012-09-15 05:50:43 -------- d-----w- C:\Users\Moon\AppData\Local\{9C731BD1-B188-40C5-97CB-ECABAE8CE938}
2012-09-15 05:39:04 -------- d-----w- C:\Windows\PCHEALTH
2012-09-15 05:34:58 -------- d-----w- C:\Users\Moon\AppData\Local\Microsoft Help
2012-09-15 05:28:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-09-15 05:28:10 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-09-14 14:37:53 -------- d-----w- C:\Users\Moon\AppData\Local\{E8EB1BC1-0993-4558-897A-052B8977F9D8}
2012-09-14 05:54:41 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-13 21:16:20 -------- d-----w- C:\Users\Moon\AppData\Local\{47CF2A36-04FD-4EED-AC93-D0C7BCED990A}
2012-09-13 05:09:24 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 05:09:24 41472 ----a-w- C:\Windows\System32\drivers\rndismpx.sys
2012-09-13 05:09:24 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 05:09:22 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 05:09:22 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 05:09:21 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-13 05:09:20 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 05:09:20 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 05:04:04 -------- d-----w- C:\Users\Moon\AppData\Local\{6FE3082B-C376-407B-AD6F-B903FEFE3E5A}
2012-09-12 00:49:00 -------- d-----w- C:\Users\Moon\AppData\Local\{8E254601-F9BC-4A5E-9E0A-AF9C2F532FF5}
2012-09-11 12:48:36 -------- d-----w- C:\Users\Moon\AppData\Local\{05681C21-3080-4703-B00A-5C824494ADB6}
2012-09-10 14:07:45 -------- d-----w- C:\Users\Moon\AppData\Local\{09DD2363-4ADB-47EB-B4E7-87EE0A3ACB77}
2012-09-09 13:29:44 -------- d-----w- C:\Users\Moon\AppData\Local\{EED86976-AC1E-42ED-973C-6B64E593A40B}
2012-09-08 19:15:11 -------- d-----w- C:\Users\Moon\AppData\Local\{91194843-2FB6-45FB-8082-F0589E715A80}
2012-09-08 04:05:22 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-08 03:40:25 -------- d-----w- C:\Users\Moon\AppData\Local\{543E9097-E59C-4ADA-9EEF-F13942D94DE3}
2012-09-07 15:40:01 -------- d-----w- C:\Users\Moon\AppData\Local\{41F0B23D-A102-4244-A48A-36EC19A54C32}
2012-09-06 22:02:39 -------- d-----w- C:\Users\Moon\AppData\Local\{D7E3FF4B-EFDF-4D27-ACD3-00F749ECF076}
2012-09-05 16:31:59 -------- d-----w- C:\Users\Moon\AppData\Local\{D84B724B-96F7-462D-A5F8-B0E1D2CCB2CE}
2012-09-04 20:57:59 -------- d-----w- C:\Users\Moon\AppData\Local\{1ACF048D-F4B7-468A-9A57-17793281EA03}
2012-09-01 16:22:59 -------- d-----w- C:\Users\Moon\AppData\Local\{355A37D9-033F-4799-AE3A-15A8EE4920A4}
2012-09-01 02:07:01 -------- d-----w- C:\Users\Moon\AppData\Local\{84020E26-66FE-409B-BC24-81043C219DDE}
2012-08-31 19:10:26 -------- d-----w- C:\Users\Moon\AppData\Local\{33BBDD57-38B1-4A7D-A82F-6835BA726AAE}
2012-08-30 21:11:00 -------- d-----w- C:\Users\Moon\AppData\Local\{646E7CDC-F534-4B7B-90AA-051E8FA9FAF4}
2012-08-29 23:12:31 -------- d-----w- C:\Users\Moon\AppData\Local\{2F6819E0-681A-4614-80CC-4FECF22DDF58}
2012-08-29 11:12:07 -------- d-----w- C:\Users\Moon\AppData\Local\{3C50E0E9-70E0-4B4E-BC0A-DCE26F141277}
2012-08-28 12:39:03 -------- d-----w- C:\Users\Moon\AppData\Local\{D6F7AB24-DCD8-4DD8-9044-C46FC56FD89C}
2012-08-27 23:03:12 -------- d-----w- C:\Users\Moon\AppData\Local\{A4773A35-2E6B-45D4-AE3C-91D402F9CE58}
2012-08-27 12:52:46 -------- d-----w- C:\Users\Moon\AppData\Roaming\Brother
2012-08-27 05:30:45 -------- d-----w- C:\Users\Moon\AppData\Local\{AF59DC86-15AA-4760-909C-B1CC90766B0C}
2012-08-25 17:18:44 -------- d-----w- C:\Users\Moon\AppData\Local\{A649FFBB-BCEB-479D-A02C-81B5E753AAB6}
2012-08-24 13:12:14 -------- d-----w- C:\Users\Moon\AppData\Local\{E15AFEDE-A4AF-4B4B-9809-869E024BCD2D}
2012-08-23 18:02:52 -------- d-----w- C:\Users\Moon\AppData\Local\{DF3BD933-8C03-4D72-BF88-1946EE27AE42}
2012-08-23 00:59:00 -------- d-----w- C:\Users\Moon\AppData\Roaming\ControlCenter4
2012-08-23 00:55:26 -------- d-----w- C:\Windows\System32\user
2012-08-23 00:54:27 -------- d-----w- C:\Brother
2012-08-23 00:54:21 -------- d-----w- C:\ProgramData\ControlCenter4
2012-08-23 00:54:21 -------- d-----w- C:\Program Files (x86)\Browny02
2012-08-23 00:54:15 290304 ------w-C:\Windows\System32\BrfxDA5c.dll
2012-08-23 00:54:15 -------- d-----w- C:\Program Files (x86)\ControlCenter4
2012-08-23 00:54:14 83968 ------r- C:\Windows\System32\BrNetSti.dll
2012-08-23 00:54:14 58880 ------r- C:\Windows\System32\BrWiaNCp.dll
2012-08-23 00:54:14 51712 ------r- C:\Windows\System32\Brnsplg.dll
2012-08-23 00:54:14 255488 ------r- C:\Windows\System32\NSSRH64.dll
2012-08-23 00:54:14 143360 ------r- C:\Windows\System32\BrSNMP64.dll
2012-08-23 00:50:43 -------- d-----w- C:\Program Files\Nuance
2012-08-23 00:46:48 -------- d-----w- C:\ProgramData\Brother
2012-08-22 21:45:59 -------- d-----w- C:\Users\Moon\AppData\Local\{6C6FD715-5A95-4C66-80CC-F65C8DA289D8}
2012-08-22 04:34:23 -------- d-----w- C:\Users\Moon\AppData\Local\{561577BD-0CF3-422F-A012-22653ECA7E70}
2012-08-21 16:33:35 -------- d-----w- C:\Users\Moon\AppData\Local\{FE0A6632-9EF9-45C0-9FF1-4B29B6356B4F}
2012-08-20 21:39:04 -------- d-----w- C:\Users\Moon\AppData\Local\{3E08C993-3764-48BF-9A56-AECEC1A10F32}
2012-08-19 21:35:14 -------- d-----w- C:\Users\Moon\AppData\Local\{21B5293F-08D6-450C-BA28-E5906DF660D3}
2012-08-18 16:29:43 -------- d-----w- C:\Users\Moon\AppData\Local\{957E5F1A-E012-434B-9C15-5A4E77FA6FA2}
2012-08-18 16:29:32 -------- d-----w- C:\Users\Moon\AppData\Local\{A094FBCD-4DDC-4BDE-A64C-39A1A80E0867}
2012-08-18 04:29:18 -------- d-----w- C:\Users\Moon\AppData\Local\{66A94C78-5155-49ED-A326-A08E64F614E9}
2012-08-18 04:29:07 -------- d-----w- C:\Users\Moon\AppData\Local\{3D4D084E-37FA-4FE9-AD54-85D29BF3771A}
2012-08-17 16:28:53 -------- d-----w- C:\Users\Moon\AppData\Local\{E9087AB6-6BB3-4973-99D8-80B182EB90E5}
2012-08-17 16:28:41 -------- d-----w- C:\Users\Moon\AppData\Local\{DF703F7E-BFB9-48A2-9537-302830BFF48A}
2012-08-17 02:02:13 -------- d-----w- C:\Users\Moon\AppData\Local\{2F6AAE17-3735-4343-B2FC-281B1312ADE5}
2012-08-17 02:01:30 -------- d-----w- C:\Users\Moon\AppData\Local\{CE29820C-9917-4FD6-9369-D333DC02EA9A}
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-22 22:05:52 674912 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-08-14 18:47:39 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-08-14 18:47:38 964608 ----a-w- C:\Windows\SysWow64\mfc70u.dll
2012-08-14 18:47:35 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2012-08-14 18:47:33 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-14 18:47:32 503808 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-27 15:53:01 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 15:53:01 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-16 19:47:11 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-15 00:04:09 1409 ----a-w- C:\Windows\QTFont.for
2012-07-09 18:12:46 48816 ----a-w- C:\Windows\SysWow64\NetFolderWE.ocx
2012-07-09 18:12:44 2006712 ----a-w- C:\Windows\SysWow64\NetFolderDown.exe
2012-07-09 14:21:28 557056 ----a-w- C:\Windows\SysWow64\NetfolderCMC.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 16:03:55.10 ===============
Following logs are from Malwarebytes Anti-Malware and DDS. GMER did not give any logs.
Malwarebytes Anti-Malware:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.13.10
Windows 7 Service Pack 3 x64 NTFS
Internet Explorer 9.0.8112.16421
Moon :: MOON-HP [administrator]
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204393
Time elapsed: 1 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-05-17 오후 7:22:06
System Uptime: 2012-09-15 오후 3:28:21 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 358B
Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 22.193 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP95: 2012-09-15 오후 2:04:27 - Installed Microsoft Office Professional Plus 2010
RP96: 2012-09-15 오후 3:38:42 - Installed HiJackThis
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD System Monitor
AMD VISION Engine Control Center
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Brother MFL-Pro Suite MFC-J435W
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink YouCam
Cyphers
D3DX10
DAEMON Tools Lite
Daum 팟인코더
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Dota 2
DTS+AC3 Filter
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
GOM Player
GOMTV Plug-in
Grand Theft Auto IV - Episodes From Liberty City
Guitar Pro 5.2
Hi-Rez Studios Authenticate and Update Service
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
League of Legends
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MPEG2코덱(libmpeg2/mad)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
NAT Service 2.6.6.11
NeoplePlugin
Nexon Game Manager
NVIDIA PhysX
Orbit Downloader
Pando Media Booster
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
QuickTime Alternative 1.81
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Show (동영상변환기)
Slingo Supreme
Smite Closed Beta
StarCraft II
Steam
SuddenAttack
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Vindictus
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zuma Deluxe
μTorrent
넷폴더접속기
반디집
아프리카TV streamer 제거
.
==== Event Viewer Messages From Past Week ========
.
2012-09-15 오후 12:39:25, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오후 12:34:55, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오후 12:30:26, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오후 12:27:45, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오전 3:43:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:43:24, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
2012-09-15 오전 3:27:17, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-15 오전 3:25:14, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2012-09-14 오후 6:54:09, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Moon at 16:03:13 on 2012-09-15
Microsoft Windows 7 Home Premium 6.1.7601.3.949.82.1033.18.7659.5613 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\NAT Service\natsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [IME14 KOR Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /KOR /Log
uPolicies-explorer: HideSCAVolume = 0 (0x0)
uPolicies-explorer: HideSCAPower = 0 (0x0)
uPolicies-explorer: HideSCANetwork = 0 (0x0)
uPolicies-explorer: HideSCAHealth = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Microsoft Excel로내보내기(&X) - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: OneNote로보내기(&N) - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {E07939AA-05BA-42d3-AD20-5DCC46459BEA} - hxxp://www.cyphers.co.kr/object/cyphers_real.cab
DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} - hxxp://live.afreeca.com:8057/AFCStarter.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://comic.naver.com/common/cab/NaverAXGuide.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A}\2456C6B696E6F574F505C65737F5D494D4F4F5832473034303 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3A7BF32A-DCC5-456F-9F83-083F52B94A5A}\861686168616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3B3EFB38-9648-4662-9ED9-CE5D5351070A} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FD9B11CF-92C5-4568-BDBA-0B47313783D3} : DhcpNameServer = 192.168.42.129
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [IME14 KOR Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /KOR /Log
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Moon\AppData\Roaming\Mozilla\Firefox\Profiles\lgixraxd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NeoplePlugin\npNeopleGameInstaller.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\Downloaded Program Files\npAFCStarter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-2 365568]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-18 265544]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-21 8704]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-14 2375168]
R2 NATService;NATService;C:\Program Files (x86)\NAT Service\natsvc.exe [2012-7-31 655960]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-22 245760]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-8-7 674912]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-15 20:01:15 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB732FA5-63E6-4214-9DDB-BC4FDFC6E55E}\mpengine.dll
2012-09-15 19:39:17 388096 ----a-r- C:\Users\Moon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-15 19:39:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-09-15 19:24:56 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-09-15 19:24:53 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-15 19:23:59 -------- d-----w- C:\ProgramData\PC Tools
2012-09-15 19:23:56 -------- d-----w- C:\Users\Moon\AppData\Roaming\TestApp
2012-09-15 18:14:54 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-09-15 18:13:13 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-15 18:08:52 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-15 18:07:03 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2012-09-15 18:07:03 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-09-15 18:06:47 -------- d-----w- C:\Windows\SHELLNEW
2012-09-15 17:51:08 -------- d-----w- C:\Users\Moon\AppData\Local\{F46DB355-09DB-464F-92E0-0F230A781A18}
2012-09-15 06:21:34 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-09-15 05:53:32 -------- d-----w- C:\Program Files (x86)\MSECache
2012-09-15 05:50:43 -------- d-----w- C:\Users\Moon\AppData\Local\{9C731BD1-B188-40C5-97CB-ECABAE8CE938}
2012-09-15 05:39:04 -------- d-----w- C:\Windows\PCHEALTH
2012-09-15 05:34:58 -------- d-----w- C:\Users\Moon\AppData\Local\Microsoft Help
2012-09-15 05:28:19 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-09-15 05:28:10 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-09-14 14:37:53 -------- d-----w- C:\Users\Moon\AppData\Local\{E8EB1BC1-0993-4558-897A-052B8977F9D8}
2012-09-14 05:54:41 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-13 21:16:20 -------- d-----w- C:\Users\Moon\AppData\Local\{47CF2A36-04FD-4EED-AC93-D0C7BCED990A}
2012-09-13 05:09:24 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 05:09:24 41472 ----a-w- C:\Windows\System32\drivers\rndismpx.sys
2012-09-13 05:09:24 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 05:09:22 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 05:09:22 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 05:09:21 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-13 05:09:20 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 05:09:20 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 05:04:04 -------- d-----w- C:\Users\Moon\AppData\Local\{6FE3082B-C376-407B-AD6F-B903FEFE3E5A}
2012-09-12 00:49:00 -------- d-----w- C:\Users\Moon\AppData\Local\{8E254601-F9BC-4A5E-9E0A-AF9C2F532FF5}
2012-09-11 12:48:36 -------- d-----w- C:\Users\Moon\AppData\Local\{05681C21-3080-4703-B00A-5C824494ADB6}
2012-09-10 14:07:45 -------- d-----w- C:\Users\Moon\AppData\Local\{09DD2363-4ADB-47EB-B4E7-87EE0A3ACB77}
2012-09-09 13:29:44 -------- d-----w- C:\Users\Moon\AppData\Local\{EED86976-AC1E-42ED-973C-6B64E593A40B}
2012-09-08 19:15:11 -------- d-----w- C:\Users\Moon\AppData\Local\{91194843-2FB6-45FB-8082-F0589E715A80}
2012-09-08 04:05:22 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-08 03:40:25 -------- d-----w- C:\Users\Moon\AppData\Local\{543E9097-E59C-4ADA-9EEF-F13942D94DE3}
2012-09-07 15:40:01 -------- d-----w- C:\Users\Moon\AppData\Local\{41F0B23D-A102-4244-A48A-36EC19A54C32}
2012-09-06 22:02:39 -------- d-----w- C:\Users\Moon\AppData\Local\{D7E3FF4B-EFDF-4D27-ACD3-00F749ECF076}
2012-09-05 16:31:59 -------- d-----w- C:\Users\Moon\AppData\Local\{D84B724B-96F7-462D-A5F8-B0E1D2CCB2CE}
2012-09-04 20:57:59 -------- d-----w- C:\Users\Moon\AppData\Local\{1ACF048D-F4B7-468A-9A57-17793281EA03}
2012-09-01 16:22:59 -------- d-----w- C:\Users\Moon\AppData\Local\{355A37D9-033F-4799-AE3A-15A8EE4920A4}
2012-09-01 02:07:01 -------- d-----w- C:\Users\Moon\AppData\Local\{84020E26-66FE-409B-BC24-81043C219DDE}
2012-08-31 19:10:26 -------- d-----w- C:\Users\Moon\AppData\Local\{33BBDD57-38B1-4A7D-A82F-6835BA726AAE}
2012-08-30 21:11:00 -------- d-----w- C:\Users\Moon\AppData\Local\{646E7CDC-F534-4B7B-90AA-051E8FA9FAF4}
2012-08-29 23:12:31 -------- d-----w- C:\Users\Moon\AppData\Local\{2F6819E0-681A-4614-80CC-4FECF22DDF58}
2012-08-29 11:12:07 -------- d-----w- C:\Users\Moon\AppData\Local\{3C50E0E9-70E0-4B4E-BC0A-DCE26F141277}
2012-08-28 12:39:03 -------- d-----w- C:\Users\Moon\AppData\Local\{D6F7AB24-DCD8-4DD8-9044-C46FC56FD89C}
2012-08-27 23:03:12 -------- d-----w- C:\Users\Moon\AppData\Local\{A4773A35-2E6B-45D4-AE3C-91D402F9CE58}
2012-08-27 12:52:46 -------- d-----w- C:\Users\Moon\AppData\Roaming\Brother
2012-08-27 05:30:45 -------- d-----w- C:\Users\Moon\AppData\Local\{AF59DC86-15AA-4760-909C-B1CC90766B0C}
2012-08-25 17:18:44 -------- d-----w- C:\Users\Moon\AppData\Local\{A649FFBB-BCEB-479D-A02C-81B5E753AAB6}
2012-08-24 13:12:14 -------- d-----w- C:\Users\Moon\AppData\Local\{E15AFEDE-A4AF-4B4B-9809-869E024BCD2D}
2012-08-23 18:02:52 -------- d-----w- C:\Users\Moon\AppData\Local\{DF3BD933-8C03-4D72-BF88-1946EE27AE42}
2012-08-23 00:59:00 -------- d-----w- C:\Users\Moon\AppData\Roaming\ControlCenter4
2012-08-23 00:55:26 -------- d-----w- C:\Windows\System32\user
2012-08-23 00:54:27 -------- d-----w- C:\Brother
2012-08-23 00:54:21 -------- d-----w- C:\ProgramData\ControlCenter4
2012-08-23 00:54:21 -------- d-----w- C:\Program Files (x86)\Browny02
2012-08-23 00:54:15 290304 ------w-C:\Windows\System32\BrfxDA5c.dll
2012-08-23 00:54:15 -------- d-----w- C:\Program Files (x86)\ControlCenter4
2012-08-23 00:54:14 83968 ------r- C:\Windows\System32\BrNetSti.dll
2012-08-23 00:54:14 58880 ------r- C:\Windows\System32\BrWiaNCp.dll
2012-08-23 00:54:14 51712 ------r- C:\Windows\System32\Brnsplg.dll
2012-08-23 00:54:14 255488 ------r- C:\Windows\System32\NSSRH64.dll
2012-08-23 00:54:14 143360 ------r- C:\Windows\System32\BrSNMP64.dll
2012-08-23 00:50:43 -------- d-----w- C:\Program Files\Nuance
2012-08-23 00:46:48 -------- d-----w- C:\ProgramData\Brother
2012-08-22 21:45:59 -------- d-----w- C:\Users\Moon\AppData\Local\{6C6FD715-5A95-4C66-80CC-F65C8DA289D8}
2012-08-22 04:34:23 -------- d-----w- C:\Users\Moon\AppData\Local\{561577BD-0CF3-422F-A012-22653ECA7E70}
2012-08-21 16:33:35 -------- d-----w- C:\Users\Moon\AppData\Local\{FE0A6632-9EF9-45C0-9FF1-4B29B6356B4F}
2012-08-20 21:39:04 -------- d-----w- C:\Users\Moon\AppData\Local\{3E08C993-3764-48BF-9A56-AECEC1A10F32}
2012-08-19 21:35:14 -------- d-----w- C:\Users\Moon\AppData\Local\{21B5293F-08D6-450C-BA28-E5906DF660D3}
2012-08-18 16:29:43 -------- d-----w- C:\Users\Moon\AppData\Local\{957E5F1A-E012-434B-9C15-5A4E77FA6FA2}
2012-08-18 16:29:32 -------- d-----w- C:\Users\Moon\AppData\Local\{A094FBCD-4DDC-4BDE-A64C-39A1A80E0867}
2012-08-18 04:29:18 -------- d-----w- C:\Users\Moon\AppData\Local\{66A94C78-5155-49ED-A326-A08E64F614E9}
2012-08-18 04:29:07 -------- d-----w- C:\Users\Moon\AppData\Local\{3D4D084E-37FA-4FE9-AD54-85D29BF3771A}
2012-08-17 16:28:53 -------- d-----w- C:\Users\Moon\AppData\Local\{E9087AB6-6BB3-4973-99D8-80B182EB90E5}
2012-08-17 16:28:41 -------- d-----w- C:\Users\Moon\AppData\Local\{DF703F7E-BFB9-48A2-9537-302830BFF48A}
2012-08-17 02:02:13 -------- d-----w- C:\Users\Moon\AppData\Local\{2F6AAE17-3735-4343-B2FC-281B1312ADE5}
2012-08-17 02:01:30 -------- d-----w- C:\Users\Moon\AppData\Local\{CE29820C-9917-4FD6-9369-D333DC02EA9A}
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-22 22:05:52 674912 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-08-14 18:47:39 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2012-08-14 18:47:38 964608 ----a-w- C:\Windows\SysWow64\mfc70u.dll
2012-08-14 18:47:35 974848 ----a-w- C:\Windows\SysWow64\mfc70.dll
2012-08-14 18:47:33 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-14 18:47:32 503808 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-07-27 15:53:01 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 15:53:01 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-16 19:47:11 328704 ----a-w- C:\Windows\System32\services.exe
2012-07-15 00:04:09 1409 ----a-w- C:\Windows\QTFont.for
2012-07-09 18:12:46 48816 ----a-w- C:\Windows\SysWow64\NetFolderWE.ocx
2012-07-09 18:12:44 2006712 ----a-w- C:\Windows\SysWow64\NetFolderDown.exe
2012-07-09 14:21:28 557056 ----a-w- C:\Windows\SysWow64\NetfolderCMC.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
.
============= FINISH: 16:03:55.10 ===============