DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by User at 1:32:47 on 2014-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.949.82.1033.18.6021.3690 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: 알약 *Enabled/Updated* {C3A632BD-BAFF-A4B2-F1E3-F1E89581CC8B}
SP: 알약 *Enabled/Updated* {78C7D359-9CC5-AB3C-CB53-CA9AEE068636}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye
C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESTsoft\ALYac\AYAgent.aye
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\User\AppData\Roaming\Curse Client\Bin\Curse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Nexon\MapleStory\MapleStory.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\notepad.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://
www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Curse.lnk - C:\Users\User\AppData\Roaming\Curse Client\Bin\Curse.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0FA97F46-8BCD-456F-89C4-9845133DEE94} - hxxp://bank.keb.co.kr/activex/I3G/I3GManager.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1CD4FAEE-09F6-4B77-8A49-EF2A9EBC8D46} - hxxp://203.234.132.15/cab/rsupctrl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {477D5B9A-6479-44F8-9718-9340119B0308} - hxxp://bank.keb.co.kr/veraport/down/veraport20.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\APZ0OS42\TouchEnKey_Installer_32bit_3.1.0.21_allkill.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {967386A1-409E-431A-A93A-FB5FEFF86A58} - hxxp://bank.keb.co.kr/veraport/veraport.cab
DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://v3d.kcp.co.kr/file/kcp_ansimclick.cab
DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} - hxxps://download.auction.co.kr/activexpay/20130916/BankPayEFT.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} - hxxps://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.2.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://
www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
DPF: {F3FEAAF1-E1F6-4B30-80FA-42DE1F691AEE} - hxxp://
www.inlive.co.kr/download/IDPlayer.cab
DPF: {F939FEB8-9518-4A4A-BE60-D10FFB9557F2} - hxxp://update.nprotect.net/netizenv55/bank/keb/npenkIEInstall5.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{00B74C16-FB3E-4466-8A0F-67ACC37DD759} : DHCPNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{809C35F4-9433-46AD-B0F0-1FE9BDCECCE3} : DHCPNameServer = 192.168.1.254 75.153.176.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://
www.google.com
x64-BHO: Freeven pro: {11111111-1111-1111-1111-110511421148} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} - <orphaned>
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYLaunch.exe" /run
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-22 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 EstRtwIFDrv;EstRtwIFDrv;C:\Windows\System32\drivers\EstRtw.sys [2012-12-17 265496]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-3-22 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-3-22 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-3-22 62776]
R2 ALYac_RTSrv;ALYac RealTime Service;C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [2012-11-6 539968]
R2 ALYac_UpdSrv;ALYac Update Service;C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [2012-11-6 995136]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-22 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-22 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-22 786200]
R3 JRSUKD25;JRSUKD25;C:\Windows\System32\JRSUKD25.SYS [2013-11-1 20384]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-3-22 1014624]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 voxaldriver;Voxal Filter Driver 2.12.01;C:\Windows\System32\drivers\voxaldriverx64.sys [2014-1-1 33488]
R3 VRVD302;VRVD302;C:\Windows\System32\drivers\VRVD302.sys [2013-5-21 11808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 EstRtwIFDrvTemp;EstRtwIFDrvTemp;C:\Program Files\ESTsoft\ALYac\plugin\realtime\EstRtw.sys [2012-11-6 265496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-29 111616]
S3 kcrtx64;kcrtx64;C:\Windows\System32\kcrtx64.sys [2012-11-25 141848]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-2-29 28264]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-12 13592]
S4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
S4 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-10-12 128280]
S4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-10-12 161560]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-3-22 255376]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-7-22 690472]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-10-12 363800]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: Applications\iexplore.exe="C:\Program Files\Internet Explorer\iexplore.exe" %1 [UserChoice]
ShellExec: Hwp.exe: print=C:\HNC\Hwp70\HwpPrnMng.exe /p "%1"
.
=============== Created Last 30 ================
.
2014-05-11 06:52:51 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFA8EF40-13A9-4A0C-AB62-BA910ACE4C32}\mpengine.dll
2014-05-09 23:38:23 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-08 23:36:22 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{11DEDDB0-3A07-4A0B-923D-77ED03AA743C}\gapaengine.dll
2014-05-08 00:02:17 -------- d--h--w- C:\Windows\msdownld.tmp
2014-05-08 00:02:17 -------- d-----w- C:\Windows\SysWow64\directx
2014-05-08 00:00:58 -------- d-----w- C:\Users\User\AppData\Roaming\Curse Client
2014-05-08 00:00:47 -------- d-----w- C:\Users\User\AppData\Roaming\Curse
2014-05-06 10:00:12 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 06:39:53 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 06:39:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-05 17:48:40 151048 ----a-w- C:\Windows\System32\CKAgent_t.exe
2014-05-05 17:48:38 151048 ----a-r- C:\Windows\SysWow64\CKAgent.exe
2014-05-05 17:48:38 151048 ----a-r- C:\Windows\SysWow64\CKAgent.dat
2014-05-04 18:08:27 -------- d-----w- C:\Users\User\AppData\Local\{E5D911E4-4721-442C-809E-3CE5A366FE2C}
2014-05-04 17:49:49 -------- d-----w- C:\Users\User\AppData\Roaming\NCH Software
2014-05-04 17:49:46 -------- d-----w- C:\Program Files (x86)\NCH Software
2014-05-03 10:00:13 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 10:00:13 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-02 22:46:48 -------- d-----w- C:\TDSSKiller_Quarantine
2014-05-02 02:15:40 -------- d-----w- C:\Windows\Microsoft Antimalware
2014-05-02 00:02:55 -------- d-----w- C:\Program Files\Adblock Plus for IE
2014-05-02 00:02:54 -------- d-----w- C:\ProgramData\Package Cache
2014-05-01 04:25:46 -------- d-----w- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-05-01 02:20:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-05-01 02:03:00 -------- d-sh--w- C:\$RECYCLE.BIN
2014-05-01 00:17:17 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C37E239-28B5-447A-9F1B-5D7E1E69C436}\offreg.dll
2014-05-01 00:08:34 -------- d-----w- C:\Windows\ERUNT
2014-04-29 20:29:47 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1C37E239-28B5-447A-9F1B-5D7E1E69C436}\mpengine.dll
2014-04-29 19:03:21 -------- d-sh--w- C:\Users\User\AppData\Local\EmieUserList
2014-04-29 19:03:21 -------- d-sh--w- C:\Users\User\AppData\Local\EmieSiteList
2014-04-23 22:40:24 -------- d-----w- C:\Users\User\AppData\Local\Skype
2014-04-19 21:50:02 151048 ----a-r- C:\Windows\System32\CKAgent.exe
2014-04-19 21:11:36 58600 ----a-w- C:\Windows\SysWow64\I3Gescp.dll
2014-04-19 21:11:36 551552 ----a-w- C:\Windows\SysWow64\I3GManager.dll
2014-04-19 21:11:36 227968 ----a-w- C:\Windows\SysWow64\I3GEX.exe
2014-04-19 21:11:02 -------- d-----w- C:\Program Files (x86)\Wizvera
2014-04-18 03:21:57 -------- d-----w- C:\Users\User\AppData\Roaming\raidcall
2014-04-18 03:21:43 -------- d-----w- C:\Program Files (x86)\RaidCall
.
==================== Find3M ====================
.
2014-05-05 17:48:42 141848 ----a-w- C:\Windows\System32\kcrtx64.sys
2014-05-02 00:01:31 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-02 00:01:31 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-19 21:11:36 72272 ----a-w- C:\Windows\SysWow64\cosa.dll
2014-04-16 16:29:59 65536 ----a-w- C:\Windows\IFinst27.exe
2014-04-02 07:11:55 154312 ----a-w- C:\Windows\SysWow64\NpfwVt64.sys
2014-04-02 07:11:55 154312 ----a-w- C:\Windows\System32\NpfwVt64.sys
2014-04-02 07:11:55 133712 ----a-w- C:\Windows\SysWow64\NpfwVt.sys
2014-04-02 07:11:55 133712 ----a-w- C:\Windows\System32\NpfwVt.sys
2014-03-31 16:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-17 08:43:58 265496 ----a-w- C:\Windows\System32\drivers\EstRtw.sys
2014-03-17 08:43:58 21824 ----a-w- C:\Windows\System32\bootalyac.exe
2014-03-11 22:20:12 5765664 ----a-w- C:\Windows\SysWow64\ISPPopUpDlg.exe
2014-03-11 16:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-07 23:17:44 708096 ----a-w- C:\Windows\SysWow64\INIcrypto20.dll
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 1:33:37.04 ===============