Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacktool.Rootkit and Trojan.Gen.2 Removal [Solved]

Started by damascus404 , May 30 2012 07:14 PM

  • This topic is locked This topic is locked

#1
damascus404
Posted 30 May 2012 - 07:14 PM

damascus404

    New Member

  • Member
  • Pip
  • 8 posts
Just a few days ago, Symantec discovered a rootkit and trojan gen sitting in my system. However, when it tries to delete the files, they keep reappearing. When I run scans, nothing can be found. I'll include a log created after using Combofix. Please help!

Edit:I should probably add that the presence of the virus seems to be dependant on my internet connection, though that may just be what Symantec needs and not the virus

ComboFix 12-05-30.03 - Park Family 0/2012 Wed 6:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.7931.5327 [GMT -7:00]
Running from: c:\users\Park Family\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Park Family\AppData\Local\Tempals_inst.exe
c:\users\Park Family\AppData\Roaming\FileDown
c:\users\Park Family\AppData\Roaming\mIRC\logs\status.log
c:\users\Park Family\Favorites\¼ûãÎ ½ºÆ®¸®Æ®, 11¹ø°¡.url
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\struct~.ini
c:\windows\system32\ReadMe.txt
c:\windows\SysWow64\11st.ico
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 13:54 . 2012-05-30 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 13:36 . 2012-05-30 13:36 -------- d-----w- c:\users\Park Family\AppData\Local\CrashDumps
2012-05-30 04:49 . 2012-05-30 04:49 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-30 03:35 . 2012-05-30 04:08 -------- d-----w- c:\users\Park Family\AppData\Local\NPE
2012-05-30 03:35 . 2012-05-30 03:35 -------- d-----w- c:\programdata\Norton
2012-05-29 20:23 . 2012-05-29 20:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-29 20:22 . 2012-05-29 20:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-29 20:12 . 2012-05-29 20:12 -------- d-----w- c:\windows\system32\Macromed
2012-05-28 17:36 . 2012-05-28 17:36 -------- d-----w- c:\users\Park Family\AppData\Roaming\Media Player Classic
2012-05-28 17:35 . 2012-05-28 17:35 -------- d-----w- c:\program files\madVR
2012-05-28 17:23 . 2012-05-28 17:23 -------- d-----w- c:\program files (x86)\Haali
2012-05-28 17:23 . 2012-05-28 17:23 -------- d-----w- c:\program files (x86)\LAV Filters
2012-05-28 17:22 . 2012-05-28 17:22 -------- d-----w- c:\program files (x86)\MPC-HC
2012-05-26 04:24 . 2012-05-26 04:24 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Park Family\AppData\Roaming\Symantec
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Park Family\AppData\Local\Symantec_Corporation
2012-05-24 23:14 . 2012-05-25 18:37 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2012-05-23 23:09 . 2012-05-23 23:09 -------- d-----w- c:\users\Park Family\AppData\Roaming\LolClient2
2012-05-10 22:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 22:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 22:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 22:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 22:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 22:52 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 22:51 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 22:50 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 22:50 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 22:50 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 22:50 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 22:50 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 23:16 . 2012-05-08 23:16 50026 ----a-w- c:\windows\SysWow64\Uninstall_11stSC.exe
2012-05-07 00:25 . 2012-05-07 00:25 -------- d-----w- c:\users\Park Family\AppData\Local\WBFSManager
2012-05-05 18:27 . 2012-05-06 05:29 -------- d-----w- c:\users\Park Family\AppData\Roaming\ImgBurn
2012-05-05 18:27 . 2012-05-05 18:27 -------- d-----w- c:\program files (x86)\ImgBurn
2012-05-05 01:40 . 2011-05-22 22:44 20752 ----a-w- c:\windows\system32\drivers\easytthr.sys
2012-05-05 01:40 . 2012-05-05 01:40 -------- d-----w- c:\program files (x86)\Mobile Stream
2012-05-02 02:14 . 2012-05-08 22:48 -------- d-----w- c:\program files\PrivacySafeGuard
2012-05-02 02:14 . 2012-05-04 05:04 -------- d-----w- c:\users\Park Family\AppData\Roaming\Trillian
2012-05-02 02:13 . 2012-05-04 13:18 -------- d-----w- c:\program files (x86)\Trillian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2010-08-14 02:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-29 95576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-23 48648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ACQTMOUSE"="c:\program files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe" [2008-08-01 501760]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
.
c:\users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\users\Park Family\Desktop\Games\Visual Novel\MM\VMLaunch\BuddyVM.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-13 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM10264.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 566704]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 19:45]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 19:45]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000Core.job
- c:\users\Park Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 16:45]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000UA.job
- c:\users\Park Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 16:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-03-17 04:22 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"Cm102Sound"="c:\windows\Syswow64\cm102.dll" [2009-01-15 7700480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daum.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5251&r=27360810p245l0424z1h5t46j2n35o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.k...&tid=1000105205
IE: {{D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97}
IE: {{EC113164-2692-482c-A70D-C60DA5C92546} - {B2DBFB0F-C253-4051-85FB-01A9419D3A59} -
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} - hxxp://patch.kongdisk.com/install/KongdiskCtrl.cab
DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} - hxxp://cafeimg.hanmail.net/bgm11/DaumBgmPlayer.cab
DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_1/DaumActiveX.cab?ver=2,0,1,1
DPF: {C2AD5B59-154E-4090-91F5-19FC1410E8EE} - hxxp://www.koreatimes.co.kr/www/TTS/App/Downloader.cab
DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} - hxxp://patch.kongdisk.com/install/kongdisk.cab
FF - ProfilePath - c:\users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: NicoFox: nicofox@littlebtc - %profile%\extensions\nicofox@littlebtc
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, 935c2a1e-4839-4d22-b685-966f648d8a11
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files (x86)\NCH_EN\prxtbNCH_.dll
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files (x86)\NCH_EN\prxtbNCH_.dll
Toolbar-Locked - (no file)
Toolbar-{37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files (x86)\NCH_EN\prxtbNCH_.dll
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-11stIcon - c:\windows\system32\Uninstall_11stSC.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1024659097-783914939-1927143727-1000\Software\KISS\«0¹0¿0à0ì0¤0É0V*]
"InstallPath"="c:\\Users\\Park Family\\Desktop\\Games\\Visual Novel\\240611_vearchive.net_cr5\\ƒJƒXƒ^ƒ€ƒŒƒCƒhV\\"
"DskSht"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1024659097-783914939-1927143727-1000\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\ping.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
.
**************************************************************************
.
Completion time: 2012-05-30 07:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 14:15
.
Pre-Run: 61,526,212,608 bytes free
Post-Run: 62,930,096,128 bytes free
.
- - End Of File - - 2792B9F3F45F35E8D80630662230F21F

Attached Files


Edited by Essexboy, 03 June 2012 - 12:32 PM.

  • 0

Advertisements

#2
Crowbar
Posted 01 June 2012 - 06:14 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello damascus404 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

While I go over your ComboFix log, I would like you to do a couple of other scans for me.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • Please paste in the log files, attaching them makes it harder to analyze
  • OTL.txt
  • Extras.txt
  • aswMBR log

  • 0

#3
damascus404
Posted 01 June 2012 - 06:50 PM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for looking at my problems! In hindsight, I should have looked at the procedure to properly create a topic for my virus troubles.
But you want the logs pasted in right? I'll go ahead and do just that. And once again, thank you.

OTL.txt



OTL logfile created on: 6/1/2012 5:17:26 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Park Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 4.96 Gb Available Physical Memory | 64.01% Memory free
15.49 Gb Paging File | 12.32 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 54.87 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive E: | 733.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 246.88 Gb Total Space | 177.83 Gb Free Space | 72.03% Space Free | Partition Type: NTFS

Computer Name: PARKFAMILY-PC | User Name: Park Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 17:16:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Park Family\Downloads\OTL.exe
PRC - [2012/05/24 15:40:34 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/11/12 11:52:14 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/10/26 11:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/08/02 00:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/05/22 18:14:32 | 000,048,648 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
PRC - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/07/29 00:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/23 00:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/04/23 00:38:32 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2010/03/08 16:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 16:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 06:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 06:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/04/16 13:23:56 | 000,479,232 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
PRC - [2008/08/01 14:30:28 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/24 15:40:34 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
MOD - [2012/05/22 18:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/22 18:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 18:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/22 18:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/22 18:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 18:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/22 18:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 18:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2011/11/12 11:52:14 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 05:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/08 17:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/19 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2008/12/30 11:49:24 | 000,400,896 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQDEVCL.dll
MOD - [2008/08/01 14:30:28 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
MOD - [2007/06/24 15:14:52 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMDLL.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 06:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/28 17:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2007/04/24 19:24:34 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbfcoms.exe -- (lxbf_device)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/21 20:48:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/16 21:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 16:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 18:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbfcoms.exe -- (lxbf_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/01 19:39:51 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/01 19:27:06 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/15 16:35:20 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/13 19:42:20 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/16 21:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/04/01 01:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/28 17:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/28 16:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/25 04:09:12 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/03/25 04:09:12 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/03/25 04:09:12 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/03/25 04:08:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/03/25 04:08:52 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010/03/25 04:08:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010/03/20 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/02/08 06:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 04:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 00:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/14 18:25:48 | 001,286,656 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10264.sys -- (USBAU)
DRV:64bit: - [2008/07/03 22:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/05/31 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 01:00:00 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120531.020\EX64.SYS -- (NAVEX15)
DRV - [2012/05/15 01:00:00 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120531.020\ENG64.SYS -- (NAVENG)
DRV - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/08/02 11:35:46 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ACRUSBTM.SYS -- (ACRUSBTM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z1h5t46j2n35o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z1h5t46j2n35o
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2737658

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS392US392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.8


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Park Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Park Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\fbphotozoom\fbphotozoom14.xpi [2012/03/20 19:31:22 | 000,102,505 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/04 09:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/26 15:02:35 | 000,000,000 | ---D | M]

[2010/12/20 00:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Extensions
[2012/03/27 21:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions
[2012/03/27 21:30:28 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011/02/21 00:12:20 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/21 00:12:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]
[2011/10/01 16:00:22 | 000,000,000 | ---D | M] (NicoFox) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\nicofox@littlebtc
[2012/03/20 19:31:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]
[2011/02/04 16:30:48 | 000,002,059 | ---- | M] () -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\searchplugins\daemon-search.xml
[2011/07/11 21:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/21 12:56:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/11 21:30:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 11:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: gomtvx NIE Module (Enabled) = C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Entanglement = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: TooManyTabs for Chrome = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0\
CHR - Extension: Speed Dial = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: Scramble = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\djfhffjeehicakcnbemmngflfhladknd\1.1_0\
CHR - Extension: Edit This Cookie = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\0.14.8_0\
CHR - Extension: Privacy SafeGuard = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: FlashBlock = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Cool Clock = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\2.3.1.1_0\
CHR - Extension: rikaikun = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\0.8.5_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.13_0\
CHR - Extension: Chrome Sounds = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfibincabhfblmkmhcabnlghmncdcaf\1.1_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: Poppit = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.1_0\
CHR - Extension: MSPA F5-ify! = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbdnhfekiggingacbbnfnklpepkfhgo\1.0_0\
CHR - Extension: Time Tracker = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokmnbikneoaenmckfmgjgjimphfojkd\1.0.9_0\
CHR - Extension: Google Quick Scroll = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.83_0\

O1 HOSTS File: ([2012/05/30 06:57:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Mitter Toolbar) - {B3C48858-CC9C-452F-B6A4-48C95C59EB45} - C:\Program Files (x86)\Mitter Toolbar\ISLIEBand.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Cm102Sound] C:\Windows\Syswow64\cm102.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: シ鏞ホ スコニョクョニョ, 11ケ。 - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.k...&tid=1000105205 File not found
O9 - Extra Button: DesktopStreaALUE ERROR. - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - Reg Error: Value error. File not found
O9 - Extra Button: Tagiri Toolbar - {EC113164-2692-482c-A70D-C60DA5C92546} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} http://patch.kongdis...ongdiskCtrl.cab (Kongdisk Web Control)
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} http://cafeimg.hanma...umBgmPlayer.cab (DaumBGMCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} http://www.usadisk.c.../USAControl.CAB (USADISK File Share Control 5)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,1,1 (Daum ActiveX manager Class)
O16 - DPF: {C2AD5B59-154E-4090-91F5-19FC1410E8EE} http://www.koreatime.../Downloader.cab (Downloader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} http://patch.kongdis...ll/kongdisk.cab (Kongdisk Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F99ABAE-65FC-489E-8DDC-1CEB2B99B536}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/18 12:05:35 | 000,000,063 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.6.lnk - C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe - (PIXELA CORPORATION)
MsConfig:64bit - StartUpFolder: C:^Users^Park Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/31 18:50:22 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\TuneUp Software
[2012/05/31 18:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/05/31 18:49:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/31 18:49:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/30 06:57:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/30 06:37:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/30 06:37:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/30 06:37:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/30 06:37:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/30 06:36:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/30 06:36:33 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\CrashDumps
[2012/05/29 21:49:24 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/05/29 20:35:18 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\NPE
[2012/05/29 20:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/05/29 13:23:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/29 13:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/28 10:36:40 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Media Player Classic
[2012/05/28 10:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\madVR
[2012/05/28 10:23:24 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012/05/28 10:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2012/05/28 10:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
[2012/05/28 10:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters
[2012/05/28 10:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012/05/28 10:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2012/05/25 21:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/05/25 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2012/05/24 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\Symantec_Corporation
[2012/05/24 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Symantec
[2012/05/24 16:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2012/05/23 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\LolClient2
[2012/05/09 18:36:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/08 16:16:48 | 000,050,026 | ---- | C] (11st) -- C:\Windows\SysWow64\Uninstall_11stSC.exe
[2012/05/08 16:06:15 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Documents\TUPPhoto
[2012/05/08 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Documents\TunesUp
[2012/05/06 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\WBFSManager
[2012/05/06 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Documents\WBFS Manager Covers
[2012/05/05 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Desktop\Wii Backup
[2012/05/05 11:27:25 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\ImgBurn
[2012/05/05 11:27:09 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/05/05 11:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012/05/04 18:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Stream
[2012/05/04 18:40:21 | 000,020,752 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/05/04 18:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Stream
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/01 17:03:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000UA.job
[2012/06/01 16:54:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 15:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 14:03:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000Core.job
[2012/06/01 13:29:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 13:29:24 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/01 13:20:52 | 1942,142,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/01 10:20:59 | 000,783,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/01 10:20:59 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/01 10:20:59 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/30 06:57:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/29 21:49:24 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/05/29 13:01:01 | 000,038,912 | ---- | M] () -- C:\Users\Park Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/28 09:14:06 | 000,000,943 | ---- | M] () -- C:\Users\Park Family\AppData\Roaming\coreavc.ini
[2012/05/25 21:24:33 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\Bastion.lnk
[2012/05/25 11:37:26 | 000,004,328 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/05/24 19:49:10 | 000,000,017 | ---- | M] () -- C:\Users\Park Family\AppData\Local\resmon.resmoncfg
[2012/05/24 16:15:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012/05/23 21:05:24 | 000,002,436 | ---- | M] () -- C:\Users\Park Family\Desktop\Google Chrome.lnk
[2012/05/20 19:21:00 | 000,000,525 | ---- | M] () -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/20 19:20:38 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Park Family\Desktop\utorrent.exe
[2012/05/11 06:00:13 | 000,426,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/08 16:16:48 | 000,050,026 | ---- | M] (11st) -- C:\Windows\SysWow64\Uninstall_11stSC.exe
[2012/05/08 15:41:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 21:45:45 | 000,011,916 | ---- | M] () -- C:\Users\Park Family\Documents\cc_20120505_214537.reg
[2012/05/05 14:58:55 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/05/04 19:13:50 | 000,001,371 | ---- | M] () -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer Games.lnk
[2012/05/04 18:41:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/30 06:37:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/30 06:37:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/30 06:37:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/30 06:37:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/30 06:37:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/25 21:23:42 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\Bastion.lnk
[2012/05/25 11:37:22 | 000,004,328 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/05/24 19:49:10 | 000,000,017 | ---- | C] () -- C:\Users\Park Family\AppData\Local\resmon.resmoncfg
[2012/05/24 16:15:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012/05/08 15:41:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 21:45:40 | 000,011,916 | ---- | C] () -- C:\Users\Park Family\Documents\cc_20120505_214537.reg
[2012/05/04 19:13:50 | 000,001,371 | ---- | C] () -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Acer Games.lnk
[2012/05/04 18:41:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/05/03 07:26:36 | 000,001,073 | ---- | C] () -- C:\Users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2012/04/26 22:40:03 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/08 07:25:12 | 000,000,943 | ---- | C] () -- C:\Users\Park Family\AppData\Roaming\coreavc.ini
[2012/02/18 14:01:04 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/01/31 21:57:22 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/01/31 21:57:21 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/01/31 21:57:21 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/01/31 21:57:20 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2011/09/26 21:57:07 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/09/26 21:57:07 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/08/27 20:06:56 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix102.dll
[2011/08/27 20:06:49 | 000,000,169 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2011/08/27 20:06:32 | 000,002,027 | R--- | C] () -- C:\Windows\Cm102.ini.cfg
[2011/08/27 20:06:32 | 000,000,081 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2011/06/01 22:02:50 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/05/26 18:02:34 | 000,000,581 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/16 20:06:37 | 000,000,295 | ---- | C] () -- C:\Windows\MugE.ini
[2011/01/20 23:40:17 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/26 20:40:15 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2010/12/20 00:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/22 00:11:12 | 000,038,912 | ---- | C] () -- C:\Users\Park Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 15:28:33 | 000,000,388 | ---- | C] () -- C:\Windows\lexstat.ini
[2010/08/25 15:27:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2010/08/25 15:27:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2010/08/25 15:27:34 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2010/08/25 15:27:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2010/08/25 15:27:33 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2010/08/25 15:27:32 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2010/08/25 15:27:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2010/08/25 15:27:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2010/08/25 15:27:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2010/08/25 15:27:31 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2010/08/25 15:27:31 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2010/08/25 15:27:31 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe
[2010/08/25 15:27:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2010/08/25 15:27:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2010/08/25 15:27:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2010/08/25 15:27:30 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2010/08/25 15:27:30 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2010/08/20 13:02:48 | 000,765,688 | ---- | C] () -- C:\Windows\SysWow64\KMDownloader.exe
[2010/08/20 11:45:20 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/19 19:44:11 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/19 15:11:16 | 000,769,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/18 21:34:12 | 000,311,976 | ---- | C] () -- C:\Windows\SysWow64\kongdiskctrl_update.exe
[2010/08/17 17:45:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\ACRUSBTM.SYS
[2010/08/16 20:39:54 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010/08/16 19:42:08 | 000,000,609 | ---- | C] () -- C:\Windows\tlknw18.ini
[2010/08/16 18:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/10 18:38:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/03/23 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\.minecraft
[2010/12/29 08:53:12 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Amazon
[2012/01/09 17:44:23 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\AnnkakeSpa
[2011/04/21 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Audacity
[2012/04/28 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\DAEMON Tools Lite
[2012/04/28 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\DAEMON Tools Pro
[2010/08/13 23:05:06 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\eSobi
[2010/08/23 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Faerie Solitaire
[2010/08/20 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Free Audio Editor
[2011/10/28 21:26:24 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Gensokyo.org
[2012/02/11 09:47:19 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\GetRightToGo
[2011/01/18 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Hoyle
[2010/11/29 04:37:42 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Hoyle FaceCreator
[2012/05/05 22:29:51 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\ImgBurn
[2012/04/27 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\LolClient
[2012/05/23 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\LolClient2
[2012/01/13 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Nitroplus
[2011/12/11 00:09:06 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\PrettyMay
[2012/01/03 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\RenPy
[2010/08/18 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Samsung
[2010/08/23 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Scrabble Plus
[2012/01/24 00:05:35 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\ScummVM
[2011/08/14 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\ShanghaiAlice
[2011/02/20 23:40:28 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\TeamViewer
[2012/05/03 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Trillian
[2012/05/31 18:50:22 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\TuneUp Software
[2012/06/01 13:19:47 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\uTorrent
[2010/11/27 21:01:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\WildTangent
[2012/05/30 06:36:34 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/02/18 03:14:22 | 098,938,593 | ---- | M] (Cisco Systems, Inc. ) -- C:\PacketTracer51_setup.exe

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 03:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 03:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 03:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 03:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{205253D9-B0F2-46BE-B8C1-00D0A94B7D06}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8F99ABAE-65FC-489E-8DDC-1CEB2B99B536}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AFB5EB4E-342F-415C-9241-1D44664CE5E4}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0A 01 01 01 03 01 06 01 05 01 00 01 09 01 07 01 02 01 04 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2010/07/14 06:05:30 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2010/07/14 06:05:30 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2010/07/14 06:05:30 | 000,552,136 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2010/07/14 06:05:33 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2010/07/14 06:05:33 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2010/07/14 06:05:33 | 000,910,296 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Park Family\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Park Family\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Park Family\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Park Family\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/03 06:45:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/03 06:45:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/03 06:45:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/03 06:45:35 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/06/03 06:45:35 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2010/07/14 06:05:30 | 000,552,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2010/07/14 06:05:30 | 000,552,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2010/07/14 06:05:30 | 000,552,136 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2010/07/14 06:05:33 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2010/07/14 06:05:33 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2010/07/14 06:05:33 | 000,910,296 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\PARK FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\PARK FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\PARK FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\PARK FAMILY\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/22 18:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/03 06:45:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/03 06:45:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/03 06:45:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/03 06:45:35 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/06/03 06:45:35 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: PARKFAMILY-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 E Bastion CDFS DVD-ROM 733 MB Healthy
Volume 2 G DVD-ROM 0 B No Media
Volume 3 F DVD-ROM 0 B No Media
Volume 4 C Aaron NTFS Partition 218 GB Healthy Boot
Volume 5 SYSTEM RESE NTFS Partition 102 MB Healthy System
Volume 6 H Aaron Data NTFS Partition 246 GB Healthy

========== Files - Unicode (All) ==========
[2012/03/29 20:20:43 | 000,052,346 | ---- | M] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\애국가.pptx
[2012/03/29 20:20:43 | 000,052,346 | ---- | C] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\애국가.pptx
[2011/10/26 17:39:21 | 002,436,325 | ---- | M] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\경기도.pptx
[2011/10/15 10:33:28 | 002,436,325 | ---- | C] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\경기도.pptx
[2010/12/14 03:22:08 | 000,001,093 | ---- | M] ()(C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°o?Aμd?A.lnk) -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk
[2010/12/14 03:22:08 | 000,001,093 | ---- | C] ()(C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°o?Aμd?A.lnk) -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk

< End of report >




Extras.txt





OTL Extras logfile created on: 6/1/2012 5:17:26 PM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Park Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 4.96 Gb Available Physical Memory | 64.01% Memory free
15.49 Gb Paging File | 12.32 Gb Available in Paging File | 79.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 54.87 Gb Free Space | 25.08% Space Free | Partition Type: NTFS
Drive E: | 733.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 246.88 Gb Total Space | 177.83 Gb Free Space | 72.03% Space Free | Partition Type: NTFS

Computer Name: PARKFAMILY-PC | User Name: Park Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /add "%1" ((주)그래텍)
Directory [GomAudio.AddCur] -- "C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe" /addCur "%1" ((주)그래텍)
Directory [GomAudio.Play] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe "%1" ((주)그래텍)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /add "%1" ((주)그래텍)
Directory [GomAudio.AddCur] -- "C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe" /addCur "%1" ((주)그래텍)
Directory [GomAudio.Play] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe "%1" ((주)그래텍)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A265577-39F7-4761-8EE3-5AE2812B7218}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA6C1D32-861F-4DD0-8EAC-43C92649463D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{39751529-8337-42FC-A29B-5E86212A8992}C:\users\park family\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\park family\desktop\utorrent.exe |
"TCP Query User{42B5F9A6-F238-4AF0-91F2-32B764E43BC3}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{CD8AD3DC-3BC7-41EE-8182-AF62E9556AB7}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{DE429868-8690-4014-90ED-86A095A43BA7}C:\users\park family\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\park family\desktop\utorrent.exe |
"UDP Query User{781D90C3-F89D-4FF7-AA61-26DD9743DDA8}C:\users\park family\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\park family\desktop\utorrent.exe |
"UDP Query User{A5A63FB2-3D51-40FF-BC35-2BFD1BE146CB}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{A6756B92-14E5-496A-AFDA-0CB457E7B836}C:\users\park family\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\park family\desktop\utorrent.exe |
"UDP Query User{F9C701FC-9233-4828-BBE5-D44EFBEB30E7}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2163CB-4F47-44AA-A219-36133260CF17}" = Symantec Endpoint Protection
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64DFC00F-2502-41AE-8E92-B6E7F10F9A62}" = One-click FLAC to MP3 Converter (x64 add-on)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"CCleaner" = CCleaner
"C-Media CM102 Like Sound Driver" = USB Audio Device
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Lexmark X6100 Series" = Lexmark X6100 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.3.4922
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3078ACE2-D0EE-4337-940A-FA2202E7B8FB}" = KANAGI~淫夢学園~ DL版
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4728328C-4851-48EF-A55F-18540931A584}" = Logger Pro 3.8.4
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFF2EC4-F6F0-4A9B-91A5-92E2EEE93F35}" = 紅魔城伝説 緋色の交響曲
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92421394-0936-4142-B3BD-400D24E8D662}_is1" = NullpoMino version 7.5
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{99B8F648-71F4-43E6-8AF0-78941E7707BB}" = Fate/hollow ataraxia
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{C0AEC1BB-5731-439A-96B1-66ABD2B24F62}" = CHAOS;HEAD
"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"{C438FF68-F2F2-4322-A8C4-A66721795B73}" = One-click FLAC to MP3 Converter
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1F9EC0D-3C4C-4333-A490-499B445F97EF}" = ふぃぎゅ@メイト
"{EA7BBDA3-EE10-4E6A-9B83-DEE0D80BD5EC}" = Mitter Toolbar
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F73498A2-499B-4423-986E-90F99348609F}" = STEINS;GATE
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"11stIcon" = シ鏞ホ スコニョクョニョ, 11ケ。 オオアククス セニタフトワ
"1ClickDownload" = 1ClickDownload
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Bastion_is1" = Bastion
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DtsFilter" = DTS+AC3 Filter
"GOM Player" = GOM Player
"GomAudio" = ータオタ
"GomTV Launcher Plugin" = GOMTV Plug-in
"HaaliMkx" = Haali Media Splitter
"Hoyle Casino 2010" = Hoyle Casino 2010 (remove only)
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}" = EmoDio
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"iSkysoft iMedia Converter_is1" = iSkysoft iMedia Converter(Build 3.0.3.0)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"lavfilters_is1" = LAV Filters 0.50
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LManager" = Launch Manager
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Melty Blood English" = Melty Blood English v2.1
"Melty Blood ReACT English" = Melty Blood ReACT English v2.0
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mouse Setting Software_is1" = Mouse Setting Software 4.0
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MyCamera" = Canon Utilities MyCamera
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Packet Tracer 5.1_is1" = Packet Tracer 5.1
"Recettear: An Item Shop's Tale_is1" = Recettear: An Item Shop's Tale
"RGSS-RTP Standard_is1" = RGSS-RTP Standard
"ScummVM_is1" = ScummVM 1.4.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"Steam App 99900" = Spiral Knights
"Stranger's Requiem" = 紅魔城伝説II 妖幻の鎮魂歌
"TeamViewer 6" = TeamViewer 6
"Trillian" = Trillian
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.11
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WT078749" = Bejeweled 2 Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079065" = Jewel Quest Solitaire 3
"WT079097" = Monopoly
"WT079101" = Mystery P.I. - Lost in Los Angeles
"WT079105" = Penguins!
"WT079109" = Plants vs. Zombies
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079149" = Scrabble Plus
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079193" = Build-a-lot 2
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"WTA-96434c3b-40a0-42ba-9948-d72082a9f96b" = FATE - The Traitor Soul
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2011 1:11:04 AM | Computer Name = ParkFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcsx2t.exe, version: 0.0.0.0, time stamp:
0x44a951de Faulting module name: pcsx2t.exe, version: 0.0.0.0, time stamp: 0x44a951de
Exception
code: 0xc0000005 Fault offset: 0x00101989 Faulting process id: 0x1498 Faulting application
start time: 0x01cca1c293f51d9c Faulting application path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Faulting module path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Report Id: e28f5bfc-0db5-11e1-abc4-88ae1d14e571

Error - 11/13/2011 1:11:39 AM | Computer Name = ParkFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcsx2t.exe, version: 0.0.0.0, time stamp:
0x44a951de Faulting module name: pcsx2t.exe, version: 0.0.0.0, time stamp: 0x44a951de
Exception
code: 0xc0000005 Fault offset: 0x00101989 Faulting process id: 0x1054 Faulting application
start time: 0x01cca1c2ac19ee10 Faulting application path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Faulting module path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Report Id: f70cb829-0db5-11e1-abc4-88ae1d14e571

Error - 11/13/2011 1:11:56 AM | Computer Name = ParkFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcsx2t.exe, version: 0.0.0.0, time stamp:
0x44a951de Faulting module name: pcsx2t.exe, version: 0.0.0.0, time stamp: 0x44a951de
Exception
code: 0xc0000005 Fault offset: 0x00101989 Faulting process id: 0xde4 Faulting application
start time: 0x01cca1c2bd20c6c8 Faulting application path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Faulting module path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Report Id: 0197c415-0db6-11e1-abc4-88ae1d14e571

Error - 11/13/2011 1:13:10 AM | Computer Name = ParkFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcsx2t.exe, version: 0.0.0.0, time stamp:
0x44a951de Faulting module name: pcsx2t.exe, version: 0.0.0.0, time stamp: 0x44a951de
Exception
code: 0xc0000005 Fault offset: 0x00101989 Faulting process id: 0xa30 Faulting application
start time: 0x01cca1c2e8b6fcbe Faulting application path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Faulting module path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Report Id: 2d82b3bd-0db6-11e1-abc4-88ae1d14e571

Error - 11/13/2011 1:13:13 AM | Computer Name = ParkFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcsx2t.exe, version: 0.0.0.0, time stamp:
0x44a951de Faulting module name: atiumdva.dll, version: 8.14.10.250, time stamp:
0x4bb0963f Exception code: 0xc0000005 Fault offset: 0x00001735 Faulting process id:
0xa30 Faulting application start time: 0x01cca1c2e8b6fcbe Faulting application path:
C:\Users\Park Family\Desktop\Games\Emulators\PCSX2 0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe
Faulting
module path: C:\Windows\system32\atiumdva.dll Report Id: 2f28c8cb-0db6-11e1-abc4-88ae1d14e571

Error - 11/13/2011 1:14:11 AM | Computer Name = ParkFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcsx2t.exe, version: 0.0.0.0, time stamp:
0x44a951de Faulting module name: pcsx2t.exe, version: 0.0.0.0, time stamp: 0x44a951de
Exception
code: 0xc0000005 Fault offset: 0x00101989 Faulting process id: 0x1798 Faulting application
start time: 0x01cca1c30ba3929a Faulting application path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Faulting module path: C:\Users\Park Family\Desktop\Games\Emulators\PCSX2
0.9.1, Bios and Plugins\Pcsx2\pcsx2t.exe Report Id: 51ce0426-0db6-11e1-abc4-88ae1d14e571

Error - 11/13/2011 11:00:01 PM | Computer Name = ParkFamily-PC | Source = Windows Backup | ID = 4103
Description =

Error - 11/20/2011 11:00:01 PM | Computer Name = ParkFamily-PC | Source = Windows Backup | ID = 4103
Description =

Error - 11/27/2011 11:00:00 PM | Computer Name = ParkFamily-PC | Source = Windows Backup | ID = 4103
Description =

Error - 12/4/2011 11:00:09 PM | Computer Name = ParkFamily-PC | Source = Windows Backup | ID = 4103
Description =

[ Media Center Events ]
Error - 9/30/2010 10:44:23 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 7:44:23 AM - Failed to retrieve NetTV (Error: The operation has timed
out)

Error - 10/5/2010 11:23:13 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 8:23:13 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 10/5/2010 12:28:11 PM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 9:27:57 AM - Error connecting to the internet. 9:27:57 AM - Unable
to contact server..

Error - 10/5/2010 1:29:02 PM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 10:28:49 AM - Error connecting to the internet. 10:28:49 AM - Unable
to contact server..

Error - 11/6/2010 9:23:22 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 6:23:22 AM - Error connecting to the internet. 6:23:22 AM - Unable
to contact server..

Error - 11/6/2010 9:23:36 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 6:23:32 AM - Error connecting to the internet. 6:23:32 AM - Unable
to contact server..

Error - 11/6/2010 10:24:51 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 7:24:49 AM - Error connecting to the internet. 7:24:50 AM - Unable
to contact server..

Error - 11/6/2010 10:25:17 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 7:25:01 AM - Error connecting to the internet. 7:25:01 AM - Unable
to contact server..

Error - 11/6/2010 11:25:54 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 8:25:54 AM - Error connecting to the internet. 8:25:54 AM - Unable
to contact server..

Error - 11/6/2010 11:26:18 AM | Computer Name = ParkFamily-PC | Source = MCUpdate | ID = 0
Description = 8:26:10 AM - Error connecting to the internet. 8:26:10 AM - Unable
to contact server..

[ System Events ]
Error - 6/1/2012 3:12:06 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the FDResPub service.

Error - 6/1/2012 3:12:36 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the FDResPub service.

Error - 6/1/2012 3:13:06 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the FDResPub service.

Error - 6/1/2012 3:31:57 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SSDPSRV service.

Error - 6/1/2012 3:32:27 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the upnphost service.

Error - 6/1/2012 3:32:57 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the FDResPub service.

Error - 6/1/2012 4:22:02 PM | Computer Name = ParkFamily-PC | Source = Service Control Manager | ID = 7000
Description = The BuddyVM service failed to start due to the following error: %%3

Error - 6/1/2012 5:59:52 PM | Computer Name = ParkFamily-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 6/1/2012 8:17:55 PM | Computer Name = ParkFamily-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/1/2012 8:34:01 PM | Computer Name = ParkFamily-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >



aswMBR.txt



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-01 17:40:55
-----------------------------
17:40:55.536 OS Version: Windows x64 6.1.7601 Service Pack 1
17:40:55.537 Number of processors: 2 586 0x603
17:40:55.537 ComputerName: PARKFAMILY-PC UserName: Park Family
17:41:00.946 Initialize success
17:41:07.555 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:41:07.560 Disk 0 Vendor: ST9500424AS 0001BSM1 Size: 476940MB BusType: 11
17:41:07.614 Disk 0 MBR read successfully
17:41:07.614 Disk 0 MBR scan
17:41:07.624 Disk 0 Windows 7 default MBR code
17:41:07.624 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 224033 MB offset 2048
17:41:07.653 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 102 MB offset 458821632
17:41:07.668 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 252802 MB offset 459030528
17:41:07.694 Disk 0 scanning C:\Windows\system32\drivers
17:41:16.820 Service scanning
17:41:29.466 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:41:31.241 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
17:41:34.778 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
17:41:34.839 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
17:41:35.677 Modules scanning
17:41:35.693 Disk 0 trace - called modules:
17:41:35.712 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006d012c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:41:35.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007332060]
17:41:35.728 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80072fc680]
17:41:35.735 \Driver\atapi[0xfffffa8006d9b060] -> IRP_MJ_CREATE -> 0xfffffa8006d012c0
17:41:35.740 Scan finished successfully
17:46:16.126 Disk 0 MBR has been saved successfully to "C:\Users\Park Family\Downloads\MBR.dat"
17:46:16.126 The log file has been saved successfully to "C:\Users\Park Family\Downloads\aswMBR.txt"
  • 0

#4
Crowbar
Posted 01 June 2012 - 07:28 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello damascus404,
As you see there is a lot of log to go thru, and then my post must be cleared by my instructor, so give me some time to look it all over. I will get back to you as soon as I possibly can.

Tell me in the meantime, did you install on purpose any programs with asian (chinese or korean) characters?
  • 0

#5
damascus404
Posted 01 June 2012 - 08:40 PM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes, I happen to have a Korean background, so I have Chinese, Japanese, and Korean fonts installed. Useful stuff that.
  • 0

#6
Crowbar
Posted 03 June 2012 - 07:59 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello damascus404,
I would like to fix something with combofix, and have you run another scan please.
I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • UTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Can you tell me what this says,
ふぃぎゅ@メイト
is it a program that you have installed on purpose?

Have you run the Norton Power Eraser recently? If so, I would like to see the log file from it.

What are the main symptoms you are experiencing other than Norton catching those files?

Step 1
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:: 
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe
Firefox::
FF - ProfilePath - c:\users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3
Please go to VirusTotal and upload the following file for scanning.
  • Click Choose File
  • Copy and paste the contents of the following code box into the text box next to File name: then click Open
  • C:\Windows\SysWow64\KMDownloader.exe
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.


In your next reply I would like to see:
  • ComboFix log
  • TDSSKiller log
  • Answers to my questions

  • 0

#7
damascus404
Posted 03 June 2012 - 09:54 AM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
That P2P stuff is dangerous isn't it?

The program ふぃぎゅ@メイト is "Figu@Mate" which is a game that I downloaded intentionally.

I have run Norton Power Eraser recently. The log is in the .xml format, correct? It's a little too long to fit into one post though, so the log will be in my next one. or just attach a file because the log is really big.

Besides the symptoms that I have already described, I am also detecting desktop.ini as a virus on startup. That may be unrelated however. No other symptoms have been detected.

This is what you want from Combofix, right?



ComboFix.txt







ComboFix 12-05-30.03 - Park Family 0/2012 Wed 6:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.7931.5327 [GMT -7:00]
Running from: c:\users\Park Family\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Park Family\AppData\Local\Tempals_inst.exe
c:\users\Park Family\AppData\Roaming\FileDown
c:\users\Park Family\AppData\Roaming\mIRC\logs\status.log
c:\users\Park Family\Favorites\シ鏞ホ スコニョクョニョ, 11ケ。.url
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\struct~.ini
c:\windows\system32\ReadMe.txt
c:\windows\SysWow64\11st.ico
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 13:54 . 2012-05-30 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-30 13:36 . 2012-05-30 13:36 -------- d-----w- c:\users\Park Family\AppData\Local\CrashDumps
2012-05-30 04:49 . 2012-05-30 04:49 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-30 03:35 . 2012-05-30 04:08 -------- d-----w- c:\users\Park Family\AppData\Local\NPE
2012-05-30 03:35 . 2012-05-30 03:35 -------- d-----w- c:\programdata\Norton
2012-05-29 20:23 . 2012-05-29 20:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-29 20:22 . 2012-05-29 20:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-29 20:12 . 2012-05-29 20:12 -------- d-----w- c:\windows\system32\Macromed
2012-05-28 17:36 . 2012-05-28 17:36 -------- d-----w- c:\users\Park Family\AppData\Roaming\Media Player Classic
2012-05-28 17:35 . 2012-05-28 17:35 -------- d-----w- c:\program files\madVR
2012-05-28 17:23 . 2012-05-28 17:23 -------- d-----w- c:\program files (x86)\Haali
2012-05-28 17:23 . 2012-05-28 17:23 -------- d-----w- c:\program files (x86)\LAV Filters
2012-05-28 17:22 . 2012-05-28 17:22 -------- d-----w- c:\program files (x86)\MPC-HC
2012-05-26 04:24 . 2012-05-26 04:24 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Park Family\AppData\Roaming\Symantec
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Park Family\AppData\Local\Symantec_Corporation
2012-05-24 23:14 . 2012-05-25 18:37 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2012-05-23 23:09 . 2012-05-23 23:09 -------- d-----w- c:\users\Park Family\AppData\Roaming\LolClient2
2012-05-10 22:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 22:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 22:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 22:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 22:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 22:52 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 22:51 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 22:50 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 22:50 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 22:50 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 22:50 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 22:50 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 23:16 . 2012-05-08 23:16 50026 ----a-w- c:\windows\SysWow64\Uninstall_11stSC.exe
2012-05-07 00:25 . 2012-05-07 00:25 -------- d-----w- c:\users\Park Family\AppData\Local\WBFSManager
2012-05-05 18:27 . 2012-05-06 05:29 -------- d-----w- c:\users\Park Family\AppData\Roaming\ImgBurn
2012-05-05 18:27 . 2012-05-05 18:27 -------- d-----w- c:\program files (x86)\ImgBurn
2012-05-05 01:40 . 2011-05-22 22:44 20752 ----a-w- c:\windows\system32\drivers\easytthr.sys
2012-05-05 01:40 . 2012-05-05 01:40 -------- d-----w- c:\program files (x86)\Mobile Stream
2012-05-02 02:14 . 2012-05-08 22:48 -------- d-----w- c:\program files\PrivacySafeGuard
2012-05-02 02:14 . 2012-05-04 05:04 -------- d-----w- c:\users\Park Family\AppData\Roaming\Trillian
2012-05-02 02:13 . 2012-05-04 13:18 -------- d-----w- c:\program files (x86)\Trillian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2010-08-14 02:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-29 95576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-23 48648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ACQTMOUSE"="c:\program files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe" [2008-08-01 501760]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
.
c:\users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\users\Park Family\Desktop\Games\Visual Novel\MM\VMLaunch\BuddyVM.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-13 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM10264.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 566704]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 19:45]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 19:45]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000Core.job
- c:\users\Park Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 16:45]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000UA.job
- c:\users\Park Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 16:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}]
2012-03-17 04:22 105472 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard-x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"Cm102Sound"="c:\windows\Syswow64\cm102.dll" [2009-01-15 7700480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daum.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5251&r=27360810p245l0424z1h5t46j2n35o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.k...&tid=1000105205
IE: {{D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97}
IE: {{EC113164-2692-482c-A70D-C60DA5C92546} - {B2DBFB0F-C253-4051-85FB-01A9419D3A59} -
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} - hxxp://patch.kongdisk.com/install/KongdiskCtrl.cab
DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} - hxxp://cafeimg.hanmail.net/bgm11/DaumBgmPlayer.cab
DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_1/DaumActiveX.cab?ver=2,0,1,1
DPF: {C2AD5B59-154E-4090-91F5-19FC1410E8EE} - hxxp://www.koreatimes.co.kr/www/TTS/App/Downloader.cab
DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} - hxxp://patch.kongdisk.com/install/kongdisk.cab
FF - ProfilePath - c:\users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: NicoFox: nicofox@littlebtc - %profile%\extensions\nicofox@littlebtc
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, 935c2a1e-4839-4d22-b685-966f648d8a11
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files (x86)\NCH_EN\prxtbNCH_.dll
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files (x86)\NCH_EN\prxtbNCH_.dll
Toolbar-Locked - (no file)
Toolbar-{37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files (x86)\NCH_EN\prxtbNCH_.dll
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-11stIcon - c:\windows\system32\Uninstall_11stSC.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1024659097-783914939-1927143727-1000\Software\KISS\ォ0ケ0ソ0・・、0ノ0V*]
"InstallPath"="c:\\Users\\Park Family\\Desktop\\Games\\Visual Novel\\240611_vearchive.net_cr5\\カスタムレイドV\\"
"DskSht"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1024659097-783914939-1927143727-1000\Software\「0ラ0・ア0・キ0・・ *ヲ0」0カ0・ノ0g0ubU0・_0・・ォ0・ *「0ラ0・ア0・キ0・・]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\windows\SysWOW64\ping.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
.
**************************************************************************
.
Completion time: 2012-05-30 07:15:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 14:15
.
Pre-Run: 61,526,212,608 bytes free
Post-Run: 62,930,096,128 bytes free
.
- - End Of File - - 2792B9F3F45F35E8D80630662230F21F





TDSSKillerlog.txt





08:26:04.0222 8200 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
08:26:04.0756 8200 ============================================================
08:26:04.0756 8200 Current date / time: 2012/06/03 08:26:04.0756
08:26:04.0756 8200 SystemInfo:
08:26:04.0756 8200
08:26:04.0756 8200 OS Version: 6.1.7601 ServicePack: 1.0
08:26:04.0756 8200 Product type: Workstation
08:26:04.0756 8200 ComputerName: PARKFAMILY-PC
08:26:04.0756 8200 UserName: Park Family
08:26:04.0756 8200 Windows directory: C:\Windows
08:26:04.0756 8200 System windows directory: C:\Windows
08:26:04.0756 8200 Running under WOW64
08:26:04.0756 8200 Processor architecture: Intel x64
08:26:04.0756 8200 Number of processors: 2
08:26:04.0756 8200 Page size: 0x1000
08:26:04.0756 8200 Boot type: Normal boot
08:26:04.0756 8200 ============================================================
08:26:07.0570 8200 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:26:07.0606 8200 ============================================================
08:26:07.0606 8200 \Device\Harddisk0\DR0:
08:26:07.0609 8200 MBR partitions:
08:26:07.0643 8200 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B590800
08:26:07.0643 8200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B591000, BlocksNum 0x33000
08:26:07.0643 8200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B5C4000, BlocksNum 0x1EDC1000
08:26:07.0643 8200 ============================================================
08:26:07.0694 8200 C: <-> \Device\Harddisk0\DR0\Partition0
08:26:07.0721 8200 H: <-> \Device\Harddisk0\DR0\Partition2
08:26:07.0721 8200 ============================================================
08:26:07.0721 8200 Initialize success
08:26:07.0721 8200 ============================================================
08:26:30.0775 9044 ============================================================
08:26:30.0775 9044 Scan started
08:26:30.0775 9044 Mode: Manual; SigCheck; TDLFS;
08:26:30.0775 9044 ============================================================
08:26:34.0097 9044 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:26:34.0153 9044 1394ohci - ok
08:26:34.0184 9044 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:26:34.0214 9044 ACPI - ok
08:26:34.0231 9044 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:26:34.0264 9044 AcpiPmi - ok
08:26:34.0296 9044 ACRUSBTM - ok
08:26:34.0377 9044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:26:34.0405 9044 adp94xx - ok
08:26:34.0442 9044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:26:34.0499 9044 adpahci - ok
08:26:34.0518 9044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:26:34.0562 9044 adpu320 - ok
08:26:34.0587 9044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:26:34.0659 9044 AeLookupSvc - ok
08:26:34.0989 9044 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:26:35.0024 9044 AFD - ok
08:26:35.0057 9044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:26:35.0081 9044 agp440 - ok
08:26:35.0094 9044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:26:35.0118 9044 ALG - ok
08:26:35.0138 9044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:26:35.0159 9044 aliide - ok
08:26:35.0189 9044 AMD External Events Utility (d865f8abff031563e860d16a38bd5a35) C:\Windows\system32\atiesrxx.exe
08:26:35.0218 9044 AMD External Events Utility - ok
08:26:35.0227 9044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:26:35.0253 9044 amdide - ok
08:26:35.0287 9044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:26:35.0322 9044 AmdK8 - ok
08:26:35.0522 9044 amdkmdag (83418f6ee5a81dddd8e248fcbfc99af6) C:\Windows\system32\DRIVERS\atipmdag.sys
08:26:35.0608 9044 amdkmdag - ok
08:26:35.0690 9044 amdkmdap (7e58b5e1deaa70bd46997068df06b4e3) C:\Windows\system32\DRIVERS\atikmpag.sys
08:26:35.0712 9044 amdkmdap - ok
08:26:35.0745 9044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:26:35.0766 9044 AmdPPM - ok
08:26:35.0797 9044 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:26:35.0820 9044 amdsata - ok
08:26:35.0835 9044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:26:35.0858 9044 amdsbs - ok
08:26:35.0869 9044 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:26:35.0890 9044 amdxata - ok
08:26:35.0918 9044 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:26:35.0966 9044 AppID - ok
08:26:35.0997 9044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:26:36.0039 9044 AppIDSvc - ok
08:26:36.0071 9044 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:26:36.0106 9044 Appinfo - ok
08:26:36.0211 9044 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:26:36.0264 9044 Apple Mobile Device - ok
08:26:36.0312 9044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:26:36.0336 9044 arc - ok
08:26:36.0350 9044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:26:36.0373 9044 arcsas - ok
08:26:36.0480 9044 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:26:36.0541 9044 aspnet_state - ok
08:26:36.0574 9044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:26:36.0614 9044 AsyncMac - ok
08:26:36.0643 9044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:26:36.0658 9044 atapi - ok
08:26:36.0714 9044 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
08:26:36.0751 9044 athr - ok
08:26:36.0859 9044 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:26:36.0920 9044 AtiPcie - ok
08:26:36.0976 9044 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:26:37.0083 9044 AudioEndpointBuilder - ok
08:26:37.0090 9044 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:26:37.0160 9044 AudioSrv - ok
08:26:37.0193 9044 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:26:37.0230 9044 AxInstSV - ok
08:26:37.0340 9044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:26:37.0367 9044 b06bdrv - ok
08:26:37.0398 9044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:26:37.0425 9044 b57nd60a - ok
08:26:37.0531 9044 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
08:26:37.0572 9044 BBSvc - ok
08:26:37.0595 9044 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
08:26:37.0637 9044 BBUpdate - ok
08:26:37.0778 9044 BCM43XX (fde8c8dc07e75347e4c6b455a0964217) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:26:37.0840 9044 BCM43XX - ok
08:26:37.0931 9044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:26:37.0960 9044 BDESVC - ok
08:26:37.0987 9044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:26:38.0028 9044 Beep - ok
08:26:38.0074 9044 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:26:38.0132 9044 BFE - ok
08:26:38.0175 9044 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:26:38.0231 9044 BITS - ok
08:26:38.0262 9044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:26:38.0283 9044 blbdrive - ok
08:26:38.0384 9044 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
08:26:38.0448 9044 Bonjour Service - ok
08:26:38.0480 9044 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:26:38.0503 9044 bowser - ok
08:26:38.0513 9044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:26:38.0554 9044 BrFiltLo - ok
08:26:38.0568 9044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:26:38.0591 9044 BrFiltUp - ok
08:26:38.0616 9044 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:26:38.0659 9044 BridgeMP - ok
08:26:38.0696 9044 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:26:38.0743 9044 Browser - ok
08:26:38.0777 9044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:26:38.0804 9044 Brserid - ok
08:26:39.0114 9044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:26:39.0139 9044 BrSerWdm - ok
08:26:39.0156 9044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:26:39.0177 9044 BrUsbMdm - ok
08:26:39.0182 9044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:26:39.0206 9044 BrUsbSer - ok
08:26:39.0220 9044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:26:39.0247 9044 BTHMODEM - ok
08:26:39.0273 9044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:26:39.0323 9044 bthserv - ok
08:26:39.0329 9044 catchme - ok
08:26:39.0386 9044 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
08:26:39.0420 9044 ccEvtMgr - ok
08:26:39.0424 9044 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
08:26:39.0443 9044 ccSetMgr - ok
08:26:39.0468 9044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:26:39.0511 9044 cdfs - ok
08:26:39.0539 9044 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:26:39.0562 9044 cdrom - ok
08:26:39.0591 9044 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:26:39.0631 9044 CertPropSvc - ok
08:26:39.0657 9044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:26:39.0682 9044 circlass - ok
08:26:39.0705 9044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:26:39.0749 9044 CLFS - ok
08:26:39.0855 9044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:26:39.0945 9044 clr_optimization_v2.0.50727_32 - ok
08:26:39.0977 9044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:26:39.0997 9044 clr_optimization_v2.0.50727_64 - ok
08:26:40.0048 9044 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:26:40.0121 9044 clr_optimization_v4.0.30319_32 - ok
08:26:40.0153 9044 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:26:40.0188 9044 clr_optimization_v4.0.30319_64 - ok
08:26:40.0233 9044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:26:40.0254 9044 CmBatt - ok
08:26:40.0281 9044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:26:40.0302 9044 cmdide - ok
08:26:40.0340 9044 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:26:40.0380 9044 CNG - ok
08:26:40.0403 9044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:26:40.0425 9044 Compbatt - ok
08:26:40.0435 9044 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:26:40.0458 9044 CompositeBus - ok
08:26:40.0462 9044 COMSysApp - ok
08:26:40.0478 9044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:26:40.0499 9044 crcdisk - ok
08:26:40.0529 9044 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:26:40.0574 9044 CryptSvc - ok
08:26:40.0602 9044 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:26:40.0651 9044 DcomLaunch - ok
08:26:40.0686 9044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:26:40.0739 9044 defragsvc - ok
08:26:40.0773 9044 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:26:40.0830 9044 DfsC - ok
08:26:40.0920 9044 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:26:40.0981 9044 Dhcp - ok
08:26:40.0998 9044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:26:41.0048 9044 discache - ok
08:26:41.0069 9044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:26:41.0108 9044 Disk - ok
08:26:41.0145 9044 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:26:41.0186 9044 Dnscache - ok
08:26:41.0222 9044 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:26:41.0277 9044 dot3svc - ok
08:26:41.0321 9044 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:26:41.0381 9044 DPS - ok
08:26:41.0402 9044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:26:41.0440 9044 drmkaud - ok
08:26:41.0500 9044 DsiWMIService (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
08:26:41.0544 9044 DsiWMIService - ok
08:26:41.0579 9044 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:26:41.0604 9044 dtsoftbus01 - ok
08:26:41.0649 9044 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:26:41.0696 9044 DXGKrnl - ok
08:26:41.0733 9044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:26:41.0770 9044 EapHost - ok
08:26:41.0803 9044 easytether (1e8d0e318d3f17b2eaaf993db20c76f0) C:\Windows\system32\DRIVERS\easytthr.sys
08:26:41.0823 9044 easytether - ok
08:26:41.0942 9044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:26:41.0997 9044 ebdrv - ok
08:26:42.0075 9044 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:26:42.0102 9044 eeCtrl - ok
08:26:42.0182 9044 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:26:42.0205 9044 EFS - ok
08:26:42.0269 9044 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:26:42.0327 9044 ehRecvr - ok
08:26:42.0382 9044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:26:42.0411 9044 ehSched - ok
08:26:42.0467 9044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:26:42.0502 9044 elxstor - ok
08:26:42.0586 9044 ePowerSvc (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
08:26:42.0627 9044 ePowerSvc - ok
08:26:42.0717 9044 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:26:42.0746 9044 EraserUtilRebootDrv - ok
08:26:42.0844 9044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:26:42.0864 9044 ErrDev - ok
08:26:42.0909 9044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:26:42.0957 9044 EventSystem - ok
08:26:42.0983 9044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:26:43.0026 9044 exfat - ok
08:26:43.0060 9044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:26:43.0112 9044 fastfat - ok
08:26:43.0165 9044 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:26:43.0194 9044 Fax - ok
08:26:43.0203 9044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:26:43.0225 9044 fdc - ok
08:26:43.0234 9044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:26:43.0279 9044 fdPHost - ok
08:26:43.0294 9044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:26:43.0338 9044 FDResPub - ok
08:26:43.0352 9044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:26:43.0374 9044 FileInfo - ok
08:26:43.0380 9044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:26:43.0423 9044 Filetrace - ok
08:26:43.0463 9044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:26:43.0483 9044 flpydisk - ok
08:26:43.0513 9044 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:26:43.0541 9044 FltMgr - ok
08:26:43.0600 9044 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:26:43.0637 9044 FontCache - ok
08:26:43.0700 9044 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:26:43.0724 9044 FontCache3.0.0.0 - ok
08:26:43.0757 9044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:26:43.0779 9044 FsDepends - ok
08:26:43.0808 9044 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
08:26:43.0829 9044 fssfltr - ok
08:26:43.0942 9044 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:26:44.0091 9044 fsssvc - ok
08:26:44.0205 9044 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:26:44.0227 9044 Fs_Rec - ok
08:26:44.0260 9044 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:26:44.0288 9044 fvevol - ok
08:26:44.0307 9044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:26:44.0329 9044 gagp30kx - ok
08:26:44.0389 9044 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:26:44.0470 9044 GamesAppService - ok
08:26:44.0503 9044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:26:44.0524 9044 GEARAspiWDM - ok
08:26:44.0572 9044 GenericMount (9ba50351af95c9df28c8bcd382427d11) C:\Windows\system32\DRIVERS\GenericMount.sys
08:26:44.0594 9044 GenericMount - ok
08:26:44.0694 9044 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:26:44.0773 9044 gpsvc - ok
08:26:44.0841 9044 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
08:26:44.0898 9044 GREGService - ok
08:26:45.0016 9044 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:26:45.0061 9044 gupdate - ok
08:26:45.0101 9044 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:26:45.0128 9044 gupdatem - ok
08:26:45.0172 9044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:26:45.0196 9044 hcw85cir - ok
08:26:45.0240 9044 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:26:45.0268 9044 HdAudAddService - ok
08:26:45.0284 9044 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:26:45.0310 9044 HDAudBus - ok
08:26:45.0323 9044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:26:45.0344 9044 HidBatt - ok
08:26:45.0359 9044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:26:45.0385 9044 HidBth - ok
08:26:45.0393 9044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:26:45.0441 9044 HidIr - ok
08:26:45.0467 9044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:26:45.0513 9044 hidserv - ok
08:26:45.0557 9044 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:26:45.0579 9044 HidUsb - ok
08:26:45.0607 9044 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:26:45.0659 9044 hkmsvc - ok
08:26:45.0693 9044 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:26:45.0727 9044 HomeGroupListener - ok
08:26:45.0765 9044 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:26:45.0792 9044 HomeGroupProvider - ok
08:26:45.0835 9044 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:26:45.0859 9044 HpSAMD - ok
08:26:45.0910 9044 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:26:45.0967 9044 HTTP - ok
08:26:46.0000 9044 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:26:46.0022 9044 hwpolicy - ok
08:26:46.0043 9044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:26:46.0069 9044 i8042prt - ok
08:26:46.0102 9044 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:26:46.0131 9044 iaStorV - ok
08:26:46.0214 9044 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:26:46.0246 9044 idsvc - ok
08:26:46.0263 9044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:26:46.0286 9044 iirsp - ok
08:26:46.0364 9044 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:26:46.0419 9044 IKEEXT - ok
08:26:46.0519 9044 IntcAzAudAddService (feadc18677a85a123e95a9b976101120) C:\Windows\system32\drivers\RTKVHD64.sys
08:26:46.0574 9044 IntcAzAudAddService - ok
08:26:46.0666 9044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:26:46.0695 9044 intelide - ok
08:26:46.0720 9044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:26:46.0752 9044 intelppm - ok
08:26:46.0785 9044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:26:46.0830 9044 IPBusEnum - ok
08:26:46.0870 9044 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:26:46.0915 9044 IpFilterDriver - ok
08:26:46.0950 9044 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:26:46.0994 9044 iphlpsvc - ok
08:26:47.0027 9044 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:26:47.0054 9044 IPMIDRV - ok
08:26:47.0080 9044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:26:47.0127 9044 IPNAT - ok
08:26:47.0210 9044 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
08:26:47.0252 9044 iPod Service - ok
08:26:47.0264 9044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:26:47.0292 9044 IRENUM - ok
08:26:47.0326 9044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:26:47.0349 9044 isapnp - ok
08:26:47.0386 9044 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:26:47.0413 9044 iScsiPrt - ok
08:26:47.0454 9044 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:26:47.0487 9044 k57nd60a - ok
08:26:47.0502 9044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:26:47.0525 9044 kbdclass - ok
08:26:47.0545 9044 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:26:47.0569 9044 kbdhid - ok
08:26:47.0600 9044 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:26:47.0619 9044 KeyIso - ok
08:26:47.0630 9044 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:26:47.0654 9044 KSecDD - ok
08:26:47.0673 9044 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:26:47.0700 9044 KSecPkg - ok
08:26:47.0715 9044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:26:47.0769 9044 ksthunk - ok
08:26:47.0802 9044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:26:47.0851 9044 KtmRm - ok
08:26:47.0887 9044 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:26:47.0945 9044 LanmanServer - ok
08:26:48.0041 9044 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:26:48.0087 9044 LanmanWorkstation - ok
08:26:49.0862 9044 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
08:26:49.0935 9044 LiveUpdate - ok
08:26:50.0064 9044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:26:50.0111 9044 lltdio - ok
08:26:50.0336 9044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:26:50.0386 9044 lltdsvc - ok
08:26:50.0446 9044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:26:50.0495 9044 lmhosts - ok
08:26:50.0527 9044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:26:50.0553 9044 LSI_FC - ok
08:26:50.0636 9044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:26:50.0659 9044 LSI_SAS - ok
08:26:50.0676 9044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:26:50.0698 9044 LSI_SAS2 - ok
08:26:50.0711 9044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:26:50.0736 9044 LSI_SCSI - ok
08:26:50.0780 9044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:26:50.0833 9044 luafv - ok
08:26:50.0852 9044 lxbf_device - ok
08:26:50.0906 9044 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
08:26:50.0937 9044 mcdbus - ok
08:26:50.0989 9044 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:26:51.0028 9044 Mcx2Svc - ok
08:26:51.0057 9044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:26:51.0079 9044 megasas - ok
08:26:51.0108 9044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:26:51.0136 9044 MegaSR - ok
08:26:51.0200 9044 Microsoft SharePoint Workspace Audit Service - ok
08:26:51.0227 9044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:26:51.0279 9044 MMCSS - ok
08:26:51.0287 9044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:26:51.0329 9044 Modem - ok
08:26:51.0369 9044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:26:51.0398 9044 monitor - ok
08:26:51.0437 9044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:26:51.0460 9044 mouclass - ok
08:26:51.0475 9044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:26:51.0497 9044 mouhid - ok
08:26:51.0524 9044 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:26:51.0548 9044 mountmgr - ok
08:26:51.0562 9044 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:26:51.0589 9044 mpio - ok
08:26:51.0598 9044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:26:51.0642 9044 mpsdrv - ok
08:26:51.0695 9044 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:26:51.0818 9044 MpsSvc - ok
08:26:51.0849 9044 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:26:51.0883 9044 MRxDAV - ok
08:26:51.0919 9044 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:26:51.0980 9044 mrxsmb - ok
08:26:52.0009 9044 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:26:52.0040 9044 mrxsmb10 - ok
08:26:52.0108 9044 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:26:52.0129 9044 mrxsmb20 - ok
08:26:52.0152 9044 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:26:52.0175 9044 msahci - ok
08:26:52.0208 9044 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:26:52.0232 9044 msdsm - ok
08:26:52.0258 9044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:26:52.0281 9044 MSDTC - ok
08:26:52.0319 9044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:26:52.0363 9044 Msfs - ok
08:26:52.0374 9044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:26:52.0428 9044 mshidkmdf - ok
08:26:52.0442 9044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:26:52.0465 9044 msisadrv - ok
08:26:52.0495 9044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:26:52.0540 9044 MSiSCSI - ok
08:26:52.0544 9044 msiserver - ok
08:26:52.0551 9044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:26:52.0593 9044 MSKSSRV - ok
08:26:52.0655 9044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:26:52.0713 9044 MSPCLOCK - ok
08:26:52.0717 9044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:26:52.0758 9044 MSPQM - ok
08:26:52.0789 9044 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:26:52.0815 9044 MsRPC - ok
08:26:52.0853 9044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:26:52.0877 9044 mssmbios - ok
08:26:52.0893 9044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:26:52.0934 9044 MSTEE - ok
08:26:52.0948 9044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:26:52.0970 9044 MTConfig - ok
08:26:52.0979 9044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:26:53.0013 9044 Mup - ok
08:26:53.0051 9044 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:26:53.0119 9044 napagent - ok
08:26:53.0151 9044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:26:53.0201 9044 NativeWifiP - ok
08:26:53.0335 9044 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120602.009\ENG64.SYS
08:26:53.0368 9044 NAVENG - ok
08:26:53.0456 9044 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120602.009\EX64.SYS
08:26:53.0509 9044 NAVEX15 - ok
08:26:53.0635 9044 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:26:53.0714 9044 NDIS - ok
08:26:53.0746 9044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:26:53.0797 9044 NdisCap - ok
08:26:53.0814 9044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:26:53.0870 9044 NdisTapi - ok
08:26:53.0901 9044 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:26:53.0949 9044 Ndisuio - ok
08:26:53.0975 9044 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:26:54.0034 9044 NdisWan - ok
08:26:54.0062 9044 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:26:54.0110 9044 NDProxy - ok
08:26:54.0146 9044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:26:54.0189 9044 NetBIOS - ok
08:26:54.0221 9044 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:26:54.0264 9044 NetBT - ok
08:26:54.0295 9044 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:26:54.0312 9044 Netlogon - ok
08:26:54.0347 9044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:26:54.0396 9044 Netman - ok
08:26:54.0499 9044 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:26:54.0534 9044 NetMsmqActivator - ok
08:26:54.0538 9044 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:26:54.0556 9044 NetPipeActivator - ok
08:26:54.0593 9044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:26:54.0667 9044 netprofm - ok
08:26:54.0757 9044 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:26:54.0774 9044 NetTcpActivator - ok
08:26:54.0780 9044 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:26:54.0798 9044 NetTcpPortSharing - ok
08:26:55.0052 9044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:26:55.0074 9044 nfrd960 - ok
08:26:55.0109 9044 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:26:55.0159 9044 NlaSvc - ok
08:26:55.0257 9044 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
08:26:55.0305 9044 NPF - ok
08:26:55.0321 9044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:26:55.0363 9044 Npfs - ok
08:26:55.0384 9044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:26:55.0427 9044 nsi - ok
08:26:55.0442 9044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:26:55.0483 9044 nsiproxy - ok
08:26:55.0567 9044 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:26:55.0611 9044 Ntfs - ok
08:26:55.0662 9044 NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
08:26:55.0755 9044 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
08:26:55.0755 9044 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
08:26:55.0788 9044 NTIBackupSvc (15221dd637d9d0ffc60848ebbf1df538) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
08:26:55.0818 9044 NTIBackupSvc - ok
08:26:55.0911 9044 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
08:26:55.0941 9044 NTIDrvr - ok
08:26:55.0973 9044 NTISchedulerSvc (b5071e15d4c3f5ef5018aff7e85a85e5) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
08:26:56.0018 9044 NTISchedulerSvc - ok
08:26:56.0044 9044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:26:56.0087 9044 Null - ok
08:26:56.0121 9044 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:26:56.0146 9044 nvraid - ok
08:26:56.0163 9044 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:26:56.0189 9044 nvstor - ok
08:26:56.0206 9044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:26:56.0231 9044 nv_agp - ok
08:26:56.0332 9044 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:26:56.0401 9044 odserv - ok
08:26:56.0419 9044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:26:56.0440 9044 ohci1394 - ok
08:26:56.0489 9044 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:26:56.0570 9044 ose - ok
08:26:56.0777 9044 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:26:56.0864 9044 osppsvc - ok
08:26:56.0954 9044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:26:56.0979 9044 p2pimsvc - ok
08:26:57.0010 9044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:26:57.0036 9044 p2psvc - ok
08:26:57.0071 9044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:26:57.0095 9044 Parport - ok
08:26:57.0128 9044 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:26:57.0151 9044 partmgr - ok
08:26:57.0168 9044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:26:57.0199 9044 PcaSvc - ok
08:26:57.0234 9044 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:26:57.0258 9044 pci - ok
08:26:57.0270 9044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:26:57.0291 9044 pciide - ok
08:26:57.0317 9044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:26:57.0344 9044 pcmcia - ok
08:26:57.0358 9044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:26:57.0381 9044 pcw - ok
08:26:57.0409 9044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:26:57.0461 9044 PEAUTH - ok
08:26:57.0552 9044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:26:57.0584 9044 PerfHost - ok
08:26:57.0760 9044 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
08:26:58.0300 9044 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
08:26:58.0300 9044 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
08:26:58.0411 9044 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:26:58.0473 9044 pla - ok
08:26:58.0526 9044 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:26:58.0560 9044 PlugPlay - ok
08:26:58.0582 9044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:26:58.0608 9044 PNRPAutoReg - ok
08:26:58.0627 9044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:26:58.0650 9044 PNRPsvc - ok
08:26:58.0687 9044 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:26:58.0735 9044 PolicyAgent - ok
08:26:58.0775 9044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:26:58.0822 9044 Power - ok
08:26:58.0867 9044 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:26:58.0909 9044 PptpMiniport - ok
08:26:58.0931 9044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:26:58.0954 9044 Processor - ok
08:26:58.0985 9044 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:26:59.0025 9044 ProfSvc - ok
08:26:59.0055 9044 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:26:59.0074 9044 ProtectedStorage - ok
08:26:59.0121 9044 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:26:59.0164 9044 Psched - ok
08:26:59.0241 9044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:26:59.0282 9044 ql2300 - ok
08:26:59.0369 9044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:26:59.0394 9044 ql40xx - ok
08:26:59.0423 9044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:26:59.0452 9044 QWAVE - ok
08:26:59.0473 9044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:26:59.0499 9044 QWAVEdrv - ok
08:26:59.0517 9044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:26:59.0565 9044 RasAcd - ok
08:26:59.0584 9044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:26:59.0630 9044 RasAgileVpn - ok
08:26:59.0646 9044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:26:59.0688 9044 RasAuto - ok
08:26:59.0727 9044 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:26:59.0769 9044 Rasl2tp - ok
08:26:59.0802 9044 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:26:59.0842 9044 RasMan - ok
08:26:59.0872 9044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:26:59.0919 9044 RasPppoe - ok
08:26:59.0932 9044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:26:59.0973 9044 RasSstp - ok
08:26:59.0994 9044 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:27:00.0048 9044 rdbss - ok
08:27:00.0166 9044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:27:00.0189 9044 rdpbus - ok
08:27:00.0323 9044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:27:00.0365 9044 RDPCDD - ok
08:27:00.0384 9044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:27:00.0435 9044 RDPENCDD - ok
08:27:00.0446 9044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:27:00.0489 9044 RDPREFMP - ok
08:27:00.0585 9044 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:27:00.0609 9044 RDPWD - ok
08:27:00.0698 9044 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:27:00.0721 9044 rdyboost - ok
08:27:00.0753 9044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:27:00.0794 9044 RemoteAccess - ok
08:27:00.0819 9044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:27:00.0865 9044 RemoteRegistry - ok
08:27:00.0926 9044 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
08:27:00.0962 9044 rpcapd - ok
08:27:00.0973 9044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:27:01.0027 9044 RpcEptMapper - ok
08:27:01.0063 9044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:27:01.0086 9044 RpcLocator - ok
08:27:01.0126 9044 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:27:01.0170 9044 RpcSs - ok
08:27:01.0204 9044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:27:01.0252 9044 rspndr - ok
08:27:01.0312 9044 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
08:27:01.0339 9044 RSUSBSTOR - ok
08:27:01.0373 9044 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
08:27:01.0400 9044 RTHDMIAzAudService - ok
08:27:01.0435 9044 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:27:01.0457 9044 SamSs - ok
08:27:01.0484 9044 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:27:01.0508 9044 sbp2port - ok
08:27:01.0535 9044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:27:01.0611 9044 SCardSvr - ok
08:27:01.0634 9044 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:27:01.0679 9044 scfilter - ok
08:27:01.0761 9044 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:27:01.0909 9044 Schedule - ok
08:27:01.0957 9044 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:27:01.0992 9044 SCPolicySvc - ok
08:27:02.0021 9044 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:27:02.0123 9044 SDRSVC - ok
08:27:02.0183 9044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:27:02.0240 9044 secdrv - ok
08:27:02.0276 9044 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:27:02.0331 9044 seclogon - ok
08:27:02.0370 9044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:27:02.0413 9044 SENS - ok
08:27:02.0427 9044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:27:02.0469 9044 SensrSvc - ok
08:27:02.0481 9044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:27:02.0511 9044 Serenum - ok
08:27:02.0542 9044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:27:02.0565 9044 Serial - ok
08:27:02.0594 9044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:27:02.0624 9044 sermouse - ok
08:27:02.0655 9044 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:27:02.0705 9044 SessionEnv - ok
08:27:02.0728 9044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:27:02.0753 9044 sffdisk - ok
08:27:02.0768 9044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:27:02.0795 9044 sffp_mmc - ok
08:27:02.0801 9044 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:27:02.0838 9044 sffp_sd - ok
08:27:02.0862 9044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:27:02.0887 9044 sfloppy - ok
08:27:02.0930 9044 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:27:02.0980 9044 SharedAccess - ok
08:27:03.0012 9044 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:27:03.0094 9044 ShellHWDetection - ok
08:27:03.0115 9044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:27:03.0170 9044 SiSRaid2 - ok
08:27:03.0223 9044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:27:03.0248 9044 SiSRaid4 - ok
08:27:03.0332 9044 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:27:03.0639 9044 SkypeUpdate - ok
08:27:03.0684 9044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:27:03.0727 9044 Smb - ok
08:27:03.0865 9044 SmcService (26eb194d1fb2870e0453a99b84889f8d) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
08:27:04.0015 9044 SmcService - ok
08:27:04.0129 9044 SMR250 (27f71f20e87fbf177c82ae924f9317f7) C:\Windows\system32\drivers\SMR250.SYS
08:27:04.0149 9044 SMR250 - ok
08:27:04.0228 9044 SNAC (c2e9b4e50cf3a15255b45a7c7a0a881e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
08:27:04.0253 9044 SNAC - ok
08:27:04.0276 9044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:27:04.0297 9044 SNMPTRAP - ok
08:27:04.0412 9044 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
08:27:04.0436 9044 speedfan - ok
08:27:04.0450 9044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:27:04.0472 9044 spldr - ok
08:27:04.0505 9044 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:27:04.0557 9044 Spooler - ok
08:27:04.0698 9044 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:27:04.0871 9044 sppsvc - ok
08:27:04.0943 9044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:27:04.0988 9044 sppuinotify - ok
08:27:05.0055 9044 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
08:27:05.0057 9044 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
08:27:05.0059 9044 sptd ( LockedFile.Multi.Generic ) - warning
08:27:05.0059 9044 sptd - detected LockedFile.Multi.Generic (1)
08:27:05.0097 9044 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
08:27:05.0124 9044 SRTSP - ok
08:27:05.0148 9044 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
08:27:05.0175 9044 SRTSPL - ok
08:27:05.0189 9044 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
08:27:05.0216 9044 SRTSPX - ok
08:27:05.0263 9044 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:27:05.0289 9044 srv - ok
08:27:05.0536 9044 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:27:05.0560 9044 srv2 - ok
08:27:05.0649 9044 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:27:05.0672 9044 srvnet - ok
08:27:05.0694 9044 sscebus (f74634f46692c8315e7f37f698af3225) C:\Windows\system32\DRIVERS\sscebus.sys
08:27:05.0718 9044 sscebus - ok
08:27:05.0733 9044 sscemdfl (82732b391efd69b0548044be9cb37bfc) C:\Windows\system32\DRIVERS\sscemdfl.sys
08:27:05.0753 9044 sscemdfl - ok
08:27:05.0766 9044 sscemdm (43d56ace4469d90f9790e8352d87d9b5) C:\Windows\system32\DRIVERS\sscemdm.sys
08:27:05.0814 9044 sscemdm - ok
08:27:05.0840 9044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:27:05.0888 9044 SSDPSRV - ok
08:27:05.0910 9044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:27:05.0964 9044 SstpSvc - ok
08:27:06.0013 9044 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
08:27:06.0035 9044 ss_bbus - ok
08:27:06.0050 9044 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
08:27:06.0078 9044 ss_bmdfl - ok
08:27:06.0092 9044 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
08:27:06.0124 9044 ss_bmdm - ok
08:27:06.0175 9044 Steam Client Service - ok
08:27:06.0200 9044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:27:06.0221 9044 stexstor - ok
08:27:06.0266 9044 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:27:06.0300 9044 stisvc - ok
08:27:06.0355 9044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:27:06.0381 9044 swenum - ok
08:27:06.0414 9044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:27:06.0480 9044 swprv - ok
08:27:06.0597 9044 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
08:27:06.0692 9044 Symantec AntiVirus - ok
08:27:06.0768 9044 Symantec SymSnap VSS Provider - ok
08:27:06.0815 9044 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
08:27:06.0838 9044 SymEvent - ok
08:27:06.0883 9044 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
08:27:06.0907 9044 SynTP - ok
08:27:06.0984 9044 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:27:07.0059 9044 SysMain - ok
08:27:07.0169 9044 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:27:07.0235 9044 TabletInputService - ok
08:27:07.0276 9044 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:27:07.0339 9044 TapiSrv - ok
08:27:07.0358 9044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:27:07.0401 9044 TBS - ok
08:27:07.0507 9044 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:27:07.0557 9044 Tcpip - ok
08:27:07.0721 9044 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:27:07.0764 9044 TCPIP6 - ok
08:27:07.0861 9044 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:27:07.0903 9044 tcpipreg - ok
08:27:07.0948 9044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:27:07.0993 9044 TDPIPE - ok
08:27:08.0023 9044 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:27:08.0043 9044 TDTCP - ok
08:27:08.0068 9044 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:27:08.0110 9044 tdx - ok
08:27:08.0246 9044 TeamViewer6 (fe559178000347d2ca1b7847f0379749) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
08:27:08.0380 9044 TeamViewer6 - ok
08:27:08.0501 9044 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
08:27:08.0524 9044 Teefer2 - ok
08:27:08.0580 9044 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:27:08.0601 9044 TermDD - ok
08:27:08.0646 9044 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:27:08.0697 9044 TermService - ok
08:27:08.0739 9044 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
08:27:08.0761 9044 TFsExDisk - ok
08:27:08.0785 9044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:27:08.0812 9044 Themes - ok
08:27:08.0882 9044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:27:08.0918 9044 THREADORDER - ok
08:27:08.0931 9044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:27:08.0982 9044 TrkWks - ok
08:27:09.0037 9044 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:27:09.0085 9044 TrustedInstaller - ok
08:27:09.0129 9044 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:27:09.0171 9044 tssecsrv - ok
08:27:09.0210 9044 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:27:09.0233 9044 TsUsbFlt - ok
08:27:09.0274 9044 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:27:09.0314 9044 tunnel - ok
08:27:09.0338 9044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:27:09.0360 9044 uagp35 - ok
08:27:09.0378 9044 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
08:27:09.0398 9044 UBHelper - ok
08:27:09.0434 9044 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:27:09.0477 9044 udfs - ok
08:27:09.0504 9044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:27:09.0527 9044 UI0Detect - ok
08:27:09.0561 9044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:27:09.0583 9044 uliagpkx - ok
08:27:09.0614 9044 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:27:09.0636 9044 umbus - ok
08:27:09.0666 9044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:27:09.0687 9044 UmPass - ok
08:27:09.0735 9044 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:27:09.0838 9044 Updater Service - ok
08:27:09.0880 9044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:27:09.0924 9044 upnphost - ok
08:27:10.0006 9044 USBAU (c193a68f944d8c3faf8e5fb646f1f07f) C:\Windows\system32\drivers\CM10264.sys
08:27:10.0040 9044 USBAU - ok
08:27:10.0087 9044 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:27:10.0112 9044 usbaudio - ok
08:27:10.0141 9044 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:27:10.0165 9044 usbccgp - ok
08:27:10.0182 9044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:27:10.0207 9044 usbcir - ok
08:27:10.0222 9044 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:27:10.0243 9044 usbehci - ok
08:27:10.0264 9044 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
08:27:10.0287 9044 usbfilter - ok
08:27:10.0313 9044 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:27:10.0337 9044 usbhub - ok
08:27:10.0352 9044 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:27:10.0372 9044 usbohci - ok
08:27:10.0396 9044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:27:10.0419 9044 usbprint - ok
08:27:10.0449 9044 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:27:10.0472 9044 usbscan - ok
08:27:10.0497 9044 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:27:10.0522 9044 USBSTOR - ok
08:27:10.0540 9044 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:27:10.0561 9044 usbuhci - ok
08:27:10.0578 9044 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:27:10.0603 9044 usbvideo - ok
08:27:10.0626 9044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:27:10.0670 9044 UxSms - ok
08:27:11.0164 9044 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:27:11.0191 9044 VaultSvc - ok
08:27:11.0441 9044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:27:11.0462 9044 vdrvroot - ok
08:27:11.0508 9044 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:27:11.0555 9044 vds - ok
08:27:11.0584 9044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:27:11.0609 9044 vga - ok
08:27:11.0626 9044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:27:11.0663 9044 VgaSave - ok
08:27:11.0693 9044 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:27:11.0728 9044 vhdmp - ok
08:27:11.0743 9044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:27:11.0764 9044 viaide - ok
08:27:11.0777 9044 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:27:11.0802 9044 volmgr - ok
08:27:11.0845 9044 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:27:11.0874 9044 volmgrx - ok
08:27:11.0891 9044 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:27:11.0922 9044 volsnap - ok
08:27:11.0946 9044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:27:11.0971 9044 vsmraid - ok
08:27:12.0046 9044 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:27:12.0100 9044 VSS - ok
08:27:12.0200 9044 VSTWinDriver6 (e72b7f6ad60ec55b2bbef6c6202cde2a) C:\Windows\system32\drivers\VSTwindrvr6.sys
08:27:12.0226 9044 VSTWinDriver6 - ok
08:27:12.0237 9044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:27:12.0262 9044 vwifibus - ok
08:27:12.0279 9044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:27:12.0307 9044 vwififlt - ok
08:27:12.0344 9044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:27:12.0419 9044 W32Time - ok
08:27:12.0462 9044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:27:12.0488 9044 WacomPen - ok
08:27:12.0563 9044 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:27:12.0612 9044 WANARP - ok
08:27:12.0728 9044 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:27:12.0790 9044 Wanarpv6 - ok
08:27:12.0878 9044 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:27:12.0915 9044 WatAdminSvc - ok
08:27:12.0987 9044 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:27:13.0025 9044 wbengine - ok
08:27:13.0108 9044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:27:13.0144 9044 WbioSrvc - ok
08:27:13.0182 9044 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:27:13.0211 9044 wcncsvc - ok
08:27:13.0221 9044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:27:13.0251 9044 WcsPlugInService - ok
08:27:13.0286 9044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:27:13.0307 9044 Wd - ok
08:27:13.0336 9044 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
08:27:13.0357 9044 WDC_SAM - ok
08:27:13.0391 9044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:27:13.0421 9044 Wdf01000 - ok
08:27:13.0437 9044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:27:13.0473 9044 WdiServiceHost - ok
08:27:13.0476 9044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:27:13.0502 9044 WdiSystemHost - ok
08:27:13.0529 9044 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:27:13.0577 9044 WebClient - ok
08:27:13.0612 9044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:27:13.0668 9044 Wecsvc - ok
08:27:13.0709 9044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:27:13.0756 9044 wercplsupport - ok
08:27:13.0773 9044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:27:13.0820 9044 WerSvc - ok
08:27:13.0859 9044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:27:13.0900 9044 WfpLwf - ok
08:27:13.0911 9044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:27:13.0932 9044 WIMMount - ok
08:27:13.0961 9044 WinDefend - ok
08:27:13.0974 9044 WinHttpAutoProxySvc - ok
08:27:14.0014 9044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:27:14.0056 9044 Winmgmt - ok
08:27:14.0151 9044 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:27:14.0216 9044 WinRM - ok
08:27:14.0316 9044 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:27:14.0340 9044 WinUsb - ok
08:27:14.0387 9044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:27:14.0431 9044 Wlansvc - ok
08:27:14.0510 9044 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:27:14.0531 9044 wlcrasvc - ok
08:27:14.0651 9044 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:27:14.0700 9044 wlidsvc - ok
08:27:14.0801 9044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:27:14.0822 9044 WmiAcpi - ok
08:27:14.0861 9044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:27:14.0900 9044 wmiApSrv - ok
08:27:14.0945 9044 WMPNetworkSvc - ok
08:27:14.0967 9044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:27:14.0990 9044 WPCSvc - ok
08:27:15.0015 9044 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:27:15.0056 9044 WPDBusEnum - ok
08:27:15.0075 9044 WPS (c5cb802d660610d38b3aa0148d5498e1) C:\Windows\system32\drivers\wpsdrvnt.sys
08:27:15.0094 9044 WPS - ok
08:27:15.0123 9044 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
08:27:15.0162 9044 WpsHelper - ok
08:27:15.0183 9044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:27:15.0224 9044 ws2ifsl - ok
08:27:15.0239 9044 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:27:15.0268 9044 wscsvc - ok
08:27:15.0298 9044 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:27:15.0322 9044 WSDPrintDevice - ok
08:27:15.0325 9044 WSearch - ok
08:27:15.0426 9044 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:27:15.0538 9044 wuauserv - ok
08:27:15.0973 9044 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:27:16.0013 9044 WudfPf - ok
08:27:16.0044 9044 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:27:16.0087 9044 WUDFRd - ok
08:27:16.0112 9044 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:27:16.0152 9044 wudfsvc - ok
08:27:16.0180 9044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:27:16.0210 9044 WwanSvc - ok
08:27:16.0308 9044 {09BB444F-B2E2-4009-BAF2-7B727681223E} - ok
08:27:16.0338 9044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:27:17.0507 9044 \Device\Harddisk0\DR0 - ok
08:27:17.0543 9044 Boot (0x1200) (6a6f542abc83120f1208d52cbf28db08) \Device\Harddisk0\DR0\Partition0
08:27:17.0545 9044 \Device\Harddisk0\DR0\Partition0 - ok
08:27:17.0562 9044 Boot (0x1200) (f3eedc6aef32f88ff969e4889c11f275) \Device\Harddisk0\DR0\Partition1
08:27:17.0565 9044 \Device\Harddisk0\DR0\Partition1 - ok
08:27:17.0577 9044 Boot (0x1200) (79ddc43c4b8eaf49ab7f1c6c11c6dcfd) \Device\Harddisk0\DR0\Partition2
08:27:17.0580 9044 \Device\Harddisk0\DR0\Partition2 - ok
08:27:17.0580 9044 ============================================================
08:27:17.0580 9044 Scan finished
08:27:17.0580 9044 ============================================================
08:27:17.0595 9036 Detected object count: 3
08:27:17.0595 9036 Actual detected object count: 3
08:28:17.0683 9036 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:28:17.0683 9036 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:28:17.0685 9036 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
08:28:17.0685 9036 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:28:17.0687 9036 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:28:17.0687 9036 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:28:23.0664 6856 Deinitialize success





And you want this URL
https://www.virustot...sis/1338737731/

Attached Files


Edited by damascus404, 03 June 2012 - 09:58 AM.

  • 0

#8
Crowbar
Posted 04 June 2012 - 04:59 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi damascus404,
Hmmm, that CFScript did not work, we need to try it again.

Step 1

Please go to this folder:
c:\users\Park Family\Downloads
and move that copy of ComboFix onto your desktop. We will have much better luck with the fix if it's located on and run from the desktop.

Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:: 
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe
Firefox::
FF - ProfilePath - c:\users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
[createrestorepoint]
:OTL
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2737658
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
[2012/03/27 21:30:28 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2011/02/21 00:12:20 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/02/21 00:12:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]
[2011/02/04 16:30:48 | 000,002,059 | ---- | M] () -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\searchplugins\daemon-search.xml
O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
:commands
[emptytemp]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your next reply I would like to see:
  • Combofix log
  • OTL fix log
  • OTL new quick scan

  • 0

#9
damascus404
Posted 04 June 2012 - 10:22 AM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I think this worked. At the least, it seemed to delete desktop.ini


Combofix Log






ComboFix 12-06-03.05 - Park Family 4/2012 Mon 8:39.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1033.18.7931.6065 [GMT -7:00]
Running from: c:\users\Park Family\Desktop\ComboFix.exe
Command switches used :: c:\users\Park Family\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))
.
.
2012-06-04 15:53 . 2012-06-04 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-04 15:18 . 2012-06-04 15:18 -------- d-----w- C:\_OTL
2012-06-03 15:23 . 2012-06-03 15:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-03 15:23 . 2012-06-03 15:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-01 01:50 . 2012-06-01 01:50 -------- d-----w- c:\users\Park Family\AppData\Roaming\TuneUp Software
2012-06-01 01:49 . 2012-06-01 01:50 -------- d-----w- c:\programdata\TuneUp Software
2012-06-01 01:49 . 2012-06-01 01:49 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-01 01:49 . 2012-06-01 01:49 -------- d--h--w- c:\programdata\Common Files
2012-05-30 13:36 . 2012-06-04 14:00 -------- d-----w- c:\users\Park Family\AppData\Local\CrashDumps
2012-05-30 04:49 . 2012-05-30 04:49 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-05-30 03:35 . 2012-06-03 15:21 -------- d-----w- c:\users\Park Family\AppData\Local\NPE
2012-05-30 03:35 . 2012-05-30 03:35 -------- d-----w- c:\programdata\Norton
2012-05-29 20:23 . 2012-05-29 20:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-29 20:22 . 2012-05-29 20:22 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-29 20:12 . 2012-05-29 20:12 -------- d-----w- c:\windows\system32\Macromed
2012-05-28 17:36 . 2012-05-28 17:36 -------- d-----w- c:\users\Park Family\AppData\Roaming\Media Player Classic
2012-05-28 17:35 . 2012-05-28 17:35 -------- d-----w- c:\program files\madVR
2012-05-28 17:23 . 2012-05-28 17:23 -------- d-----w- c:\program files (x86)\Haali
2012-05-28 17:23 . 2012-05-28 17:23 -------- d-----w- c:\program files (x86)\LAV Filters
2012-05-28 17:22 . 2012-05-28 17:22 -------- d-----w- c:\program files (x86)\MPC-HC
2012-05-26 04:24 . 2012-05-26 04:24 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Park Family\AppData\Roaming\Symantec
2012-05-24 23:27 . 2012-05-24 23:27 -------- d-----w- c:\users\Park Family\AppData\Local\Symantec_Corporation
2012-05-24 23:14 . 2012-05-25 18:37 -------- d-----w- c:\programdata\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2012-05-23 23:09 . 2012-05-23 23:09 -------- d-----w- c:\users\Park Family\AppData\Roaming\LolClient2
2012-05-10 22:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 22:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 22:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 22:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 22:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 22:52 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 22:51 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 22:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 22:50 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 22:50 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 22:50 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 22:50 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 22:50 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 23:16 . 2012-05-08 23:16 50026 ----a-w- c:\windows\SysWow64\Uninstall_11stSC.exe
2012-05-07 00:25 . 2012-05-07 00:25 -------- d-----w- c:\users\Park Family\AppData\Local\WBFSManager
2012-05-05 18:27 . 2012-05-06 05:29 -------- d-----w- c:\users\Park Family\AppData\Roaming\ImgBurn
2012-05-05 18:27 . 2012-05-05 18:27 -------- d-----w- c:\program files (x86)\ImgBurn
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-30_13.57.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-04 15:36 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-03 15:24 . 2012-06-03 15:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012060320120604\index.dat
+ 2012-05-29 20:23 . 2012-06-04 14:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-05-29 20:23 . 2012-05-29 20:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-05-28 10:04 . 2012-06-04 15:38 84962 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-04 15:38 51106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-14 01:10 . 2012-06-04 15:38 31706 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1024659097-783914939-1927143727-1000_UserData.bin
+ 2010-06-11 01:43 . 2012-06-03 02:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-11 01:43 . 2012-05-29 20:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-03 02:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 20:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-01 13:06 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-04 14:22 . 2012-06-04 14:22 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Setup_Registry_Defender[1].exe
- 2012-05-30 13:56 . 2012-05-30 13:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 15:36 . 2012-06-04 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-04 15:36 . 2012-06-04 15:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-30 13:56 . 2012-05-30 13:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-03 15:23 . 2012-06-03 15:23 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-06-03 15:23 . 2012-06-03 15:23 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-06-03 15:23 . 2012-06-03 15:23 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-05-29 20:23 . 2012-05-29 20:37 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-29 20:23 . 2012-06-04 14:25 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-08-14 04:54 . 2012-06-02 23:26 527238 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-01 17:20 655264 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-29 04:46 655264 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-29 04:46 122136 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-01 17:20 122136 c:\windows\system32\perfc009.dat
+ 2012-06-03 15:23 . 2012-06-03 15:23 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-06-03 15:23 . 2012-06-03 15:23 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2009-07-14 05:01 . 2012-06-04 15:35 404984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-30 13:55 404984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-06-04 15:36 2277376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-30 13:00 2277376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-04 15:36 1507328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-17 08:41 . 2012-06-04 06:27 9606228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1024659097-783914939-1927143727-1000-4096.dat
- 2011-06-17 08:41 . 2012-05-28 08:04 9606228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1024659097-783914939-1927143727-1000-4096.dat
- 2011-02-20 07:32 . 2012-05-24 23:19 2444512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1024659097-783914939-1927143727-1000-12288.dat
+ 2011-02-20 07:32 . 2012-06-01 02:50 2444512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1024659097-783914939-1927143727-1000-12288.dat
+ 2012-05-30 01:29 . 2012-06-04 06:27 2463440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-03-30 05:54 . 2012-06-04 15:35 12118916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1024659097-783914939-1927143727-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-29 95576]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-23 48648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"ACQTMOUSE"="c:\program files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe" [2008-08-01 501760]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
.
c:\users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\users\Park Family\Desktop\Games\Visual Novel\MM\VMLaunch\BuddyVM.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [x]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [x]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [x]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-05-13 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAU;USB Audio Device Interface;c:\windows\system32\drivers\CM10264.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 566704]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 19:45]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-22 19:45]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000Core.job
- c:\users\Park Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 16:45]
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000UA.job
- c:\users\Park Family\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 16:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"Cm102Sound"="c:\windows\Syswow64\cm102.dll" [2009-01-15 7700480]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daum.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5251&r=27360810p245l0424z1h5t46j2n35o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.k...&tid=1000105205
IE: {{D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97}
IE: {{EC113164-2692-482c-A70D-C60DA5C92546} - {B2DBFB0F-C253-4051-85FB-01A9419D3A59} -
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} - hxxp://patch.kongdisk.com/install/KongdiskCtrl.cab
DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} - hxxp://cafeimg.hanmail.net/bgm11/DaumBgmPlayer.cab
DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} - hxxp://www.usadisk.com/mmsv/USAControl.CAB
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_1/DaumActiveX.cab?ver=2,0,1,1
DPF: {C2AD5B59-154E-4090-91F5-19FC1410E8EE} - hxxp://www.koreatimes.co.kr/www/TTS/App/Downloader.cab
DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} - hxxp://patch.kongdisk.com/install/kongdisk.cab
FF - ProfilePath - c:\users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: NicoFox: nicofox@littlebtc - %profile%\extensions\nicofox@littlebtc
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extentions.y2layers.installId, 935c2a1e-4839-4d22-b685-966f648d8a11
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1024659097-783914939-1927143727-1000\Software\KISS\ォ0ケ0ソ0・・、0ノ0V*]
"InstallPath"="c:\\Users\\Park Family\\Desktop\\Games\\Visual Novel\\240611_vearchive.net_cr5\\カスタムレイドV\\"
"DskSht"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1024659097-783914939-1927143727-1000\Software\「0ラ0・ア0・キ0・・ *ヲ0」0カ0・ノ0g0ubU0・_0・・ォ0・ *「0ラ0・ア0・キ0・・]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-04 09:16:14
ComboFix-quarantined-files.txt 2012-06-04 16:16
.
Pre-Run: 52,155,932,672 bytes free
Post-Run: 52,188,180,480 bytes free
.
- - End Of File - - A842B92DD0AC1DE2BDC3CE055EE65201






OTL Fix Log






All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
Prefs.js: [email protected]:3.2.5.2 removed from extensions.enabledItems
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\searchplugin folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\META-INF folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\defaults folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\chrome folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected] folder moved successfully.
C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\searchplugins\daemon-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
File C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Park Family
->Temp folder emptied: 3861634 bytes
->Temporary Internet Files folder emptied: 414091 bytes
->Java cache emptied: 257693 bytes
->FireFox cache emptied: 48079781 bytes
->Google Chrome cache emptied: 374810178 bytes
->Flash cache emptied: 97149 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8928448 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 13508242 bytes

Total Files Cleaned = 429.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06042012_081807

Files\Folders moved on Reboot...
C:\Users\Park Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...





OTL Quick Scan Log







OTL logfile created on: 6/4/2012 8:22:54 AM - Run 2
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\Park Family\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.01 Gb Available Physical Memory | 77.55% Memory free
15.49 Gb Paging File | 13.96 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.78 Gb Total Space | 48.61 Gb Free Space | 22.22% Space Free | Partition Type: NTFS
Drive E: | 6.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 246.88 Gb Total Space | 177.56 Gb Free Space | 71.92% Space Free | Partition Type: NTFS

Computer Name: PARKFAMILY-PC | User Name: Park Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/01 17:16:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Park Family\Downloads\OTL.exe
PRC - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/10/26 11:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/08/02 00:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/05/22 18:14:32 | 000,048,648 | ---- | M] (Mobile Stream) -- C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
PRC - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/07/29 00:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/23 00:42:44 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/04/23 00:38:32 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2010/03/29 08:28:42 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2010/03/08 16:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 16:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/03 06:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 06:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/25 15:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/04/16 13:23:56 | 000,479,232 | ---- | M] (SAMSUNG ELECTRONICS) -- C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
PRC - [2008/08/01 14:30:28 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/08 17:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2009/05/19 23:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2008/12/30 11:49:24 | 000,400,896 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQDEVCL.dll
MOD - [2008/08/01 14:30:28 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
MOD - [2007/06/24 15:14:52 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMDLL.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 06:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/28 17:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 18:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2007/04/24 19:24:34 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbfcoms.exe -- (lxbf_device)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/21 20:48:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/27 08:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/04/23 00:46:02 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/16 21:06:36 | 003,218,880 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 20:47:34 | 000,419,656 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 16:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 06:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 15:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/13 18:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbfcoms.exe -- (lxbf_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/01 19:39:51 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/09/01 19:27:06 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/07/04 15:36:12 | 000,225,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2011/05/22 15:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/13 19:42:20 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/16 21:06:36 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/04/01 01:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/28 17:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/28 16:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/25 04:09:12 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/03/25 04:09:12 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/03/25 04:09:12 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/03/25 04:08:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/03/25 04:08:52 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010/03/25 04:08:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010/03/20 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010/02/08 06:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 04:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 00:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 02:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/14 18:25:48 | 001,286,656 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10264.sys -- (USBAU)
DRV:64bit: - [2008/07/03 22:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/05/31 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/05/31 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/15 01:00:00 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120603.009\EX64.SYS -- (NAVEX15)
DRV - [2012/05/15 01:00:00 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120603.009\ENG64.SYS -- (NAVENG)
DRV - [2010/05/13 15:10:04 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/08/02 11:35:46 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ACRUSBTM.SYS -- (ACRUSBTM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z1h5t46j2n35o
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...24z1h5t46j2n35o
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS392US392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: nicofox@littlebtc:0.8


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@gomtv.com/gomtvx-plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll ((주) 그래텍)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Park Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Park Family\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\fbphotozoom\fbphotozoom14.xpi [2012/03/20 19:31:22 | 000,102,505 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/04 09:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/26 15:02:35 | 000,000,000 | ---D | M]

[2010/12/20 00:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Extensions
[2012/06/04 08:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions
[2011/10/01 16:00:22 | 000,000,000 | ---D | M] (NicoFox) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\nicofox@littlebtc
[2012/03/20 19:31:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Park Family\AppData\Roaming\Mozilla\Firefox\Profiles\y6xbck6d.default\extensions\[email protected]
[2011/07/11 21:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/21 12:56:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/11 21:30:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\PARK FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y6XBCK6D.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\USERS\PARK FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y6XBCK6D.DEFAULT\EXTENSIONS\[email protected]
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 11:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Park Family\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: gomtvx NIE Module (Enabled) = C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Entanglement = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: TooManyTabs for Chrome = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\1.9.1_0\
CHR - Extension: Speed Dial = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: Scramble = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\djfhffjeehicakcnbemmngflfhladknd\1.1_0\
CHR - Extension: Edit This Cookie = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\0.14.8_0\
CHR - Extension: Privacy SafeGuard = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: FlashBlock = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Cool Clock = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce\2.3.1.1_0\
CHR - Extension: rikaikun = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp\0.8.5_0\
CHR - Extension: Auto Replay for YouTube = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.13_0\
CHR - Extension: Chrome Sounds = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfibincabhfblmkmhcabnlghmncdcaf\1.1_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: Poppit = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.1_0\
CHR - Extension: MSPA F5-ify! = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbdnhfekiggingacbbnfnklpepkfhgo\1.0_0\
CHR - Extension: Time Tracker = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mokmnbikneoaenmckfmgjgjimphfojkd\1.0.9_0\
CHR - Extension: Google Quick Scroll = C:\Users\Park Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.83_0\

O1 HOSTS File: ([2012/05/30 06:57:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Mitter Toolbar) - {B3C48858-CC9C-452F-B6A4-48C95C59EB45} - C:\Program Files (x86)\Mitter Toolbar\ISLIEBand.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Cm102Sound] C:\Windows\Syswow64\cm102.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACQTMOUSE] C:\Program Files (x86)\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SMSTray] C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EasyTether] C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: シ鏞ホ スコニョクョニョ, 11ケ。 - {71DF21B0-8C69-4923-8C7B-B195F8DDB5CD} - http://www.11st.co.k...&tid=1000105205 File not found
O9 - Extra Button: DesktopStreaALUE ERROR. - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - Reg Error: Value error. File not found
O9 - Extra Button: Tagiri Toolbar - {EC113164-2692-482c-A70D-C60DA5C92546} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {55F0958B-C5EB-49E4-8567-E018D2407F55} http://patch.kongdis...ongdiskCtrl.cab (Kongdisk Web Control)
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} http://cafeimg.hanma...umBgmPlayer.cab (DaumBGMCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B7DF6B14-7F2A-49C2-A8C8-21AAD560B0BC} http://www.usadisk.c.../USAControl.CAB (USADISK File Share Control 5)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net...cab?ver=2,0,1,1 (Daum ActiveX manager Class)
O16 - DPF: {C2AD5B59-154E-4090-91F5-19FC1410E8EE} http://www.koreatime.../Downloader.cab (Downloader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E0F0958B-C5EB-49E3-8567-E018D2407F35} http://patch.kongdis...ll/kongdisk.cab (Kongdisk Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F99ABAE-65FC-489E-8DDC-1CEB2B99B536}: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/11 08:00:00 | 000,000,117 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 08:18:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/04 08:15:17 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/05/31 18:50:22 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\TuneUp Software
[2012/05/31 18:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/05/31 18:49:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/31 18:49:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/30 06:57:19 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/30 06:37:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/30 06:37:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/30 06:37:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/30 06:37:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/30 06:36:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/30 06:36:33 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\CrashDumps
[2012/05/30 06:35:49 | 004,532,342 | R--- | C] (Swearware) -- C:\Users\Park Family\Desktop\ComboFix.exe
[2012/05/29 21:49:24 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/05/29 20:35:18 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\NPE
[2012/05/29 20:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/05/29 13:23:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/29 13:12:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/28 10:36:40 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Media Player Classic
[2012/05/28 10:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\madVR
[2012/05/28 10:23:24 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2012/05/28 10:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2012/05/28 10:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
[2012/05/28 10:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LAV Filters
[2012/05/28 10:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2012/05/28 10:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2012/05/25 21:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/05/25 21:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
[2012/05/24 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\Symantec_Corporation
[2012/05/24 16:27:57 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Symantec
[2012/05/24 16:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
[2012/05/23 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\LolClient2
[2012/05/09 18:36:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/08 16:16:48 | 000,050,026 | ---- | C] (11st) -- C:\Windows\SysWow64\Uninstall_11stSC.exe
[2012/05/08 16:06:15 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Documents\TUPPhoto
[2012/05/08 16:06:13 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Documents\TunesUp
[2012/05/06 17:25:17 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Local\WBFSManager
[2012/05/06 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Documents\WBFS Manager Covers
[2012/05/05 18:14:41 | 000,000,000 | ---D | C] -- C:\Users\Park Family\Desktop\Wii Backup
[2012/05/05 11:27:25 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\ImgBurn
[2012/05/05 11:27:09 | 000,000,000 | ---D | C] -- C:\Users\Park Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/05/05 11:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

========== Files - Modified Within 30 Days ==========

[2012/06/04 08:28:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 08:28:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 08:21:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/04 08:20:37 | 1942,142,975 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/04 07:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/03 23:03:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000UA.job
[2012/06/03 14:03:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1024659097-783914939-1927143727-1000Core.job
[2012/06/02 22:23:58 | 000,042,496 | ---- | M] () -- C:\Users\Park Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/01 10:20:59 | 000,783,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/01 10:20:59 | 000,655,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/01 10:20:59 | 000,122,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/30 06:57:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/30 06:36:05 | 004,532,342 | R--- | M] (Swearware) -- C:\Users\Park Family\Desktop\ComboFix.exe
[2012/05/29 21:49:24 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/05/28 09:14:06 | 000,000,943 | ---- | M] () -- C:\Users\Park Family\AppData\Roaming\coreavc.ini
[2012/05/25 21:24:33 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\Bastion.lnk
[2012/05/25 11:37:26 | 000,004,328 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/05/24 19:49:10 | 000,000,017 | ---- | M] () -- C:\Users\Park Family\AppData\Local\resmon.resmoncfg
[2012/05/24 16:15:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012/05/23 21:05:24 | 000,002,436 | ---- | M] () -- C:\Users\Park Family\Desktop\Google Chrome.lnk
[2012/05/20 19:21:00 | 000,000,525 | ---- | M] () -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/05/20 19:20:38 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Park Family\Desktop\utorrent.exe
[2012/05/11 06:00:13 | 000,426,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/08 16:16:48 | 000,050,026 | ---- | M] (11st) -- C:\Windows\SysWow64\Uninstall_11stSC.exe
[2012/05/05 21:45:45 | 000,011,916 | ---- | M] () -- C:\Users\Park Family\Documents\cc_20120505_214537.reg
[2012/05/05 14:58:55 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

========== Files Created - No Company Name ==========

[2012/05/30 06:37:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/30 06:37:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/30 06:37:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/30 06:37:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/30 06:37:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/25 21:23:42 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\Bastion.lnk
[2012/05/25 11:37:22 | 000,004,328 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2012/05/24 19:49:10 | 000,000,017 | ---- | C] () -- C:\Users\Park Family\AppData\Local\resmon.resmoncfg
[2012/05/24 16:15:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_GenericMount_01009.Wdf
[2012/05/05 21:45:40 | 000,011,916 | ---- | C] () -- C:\Users\Park Family\Documents\cc_20120505_214537.reg
[2012/04/26 22:40:03 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/08 07:25:12 | 000,000,943 | ---- | C] () -- C:\Users\Park Family\AppData\Roaming\coreavc.ini
[2012/02/18 14:01:04 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/01/31 21:57:22 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
[2012/01/31 21:57:21 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
[2012/01/31 21:57:21 | 000,685,056 | ---- | C] () -- C:\Windows\SysWow64\RGSS103J.dll
[2012/01/31 21:57:20 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
[2011/09/26 21:57:07 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys
[2011/09/26 21:57:07 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin
[2011/08/27 20:06:56 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix102.dll
[2011/08/27 20:06:49 | 000,000,169 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2011/08/27 20:06:32 | 000,002,027 | R--- | C] () -- C:\Windows\Cm102.ini.cfg
[2011/08/27 20:06:32 | 000,000,081 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2011/06/01 22:02:50 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/05/26 18:02:34 | 000,000,581 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/16 20:06:37 | 000,000,295 | ---- | C] () -- C:\Windows\MugE.ini
[2011/01/20 23:40:17 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/26 20:40:15 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\IS_ContextMenu.dll
[2010/12/20 00:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/09/22 00:11:12 | 000,042,496 | ---- | C] () -- C:\Users\Park Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 15:28:33 | 000,000,388 | ---- | C] () -- C:\Windows\lexstat.ini
[2010/08/25 15:27:34 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfinpa.dll
[2010/08/25 15:27:34 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfiesc.dll
[2010/08/25 15:27:34 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBFinst.dll
[2010/08/25 15:27:33 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpmui.dll
[2010/08/25 15:27:33 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbfutil.dll
[2010/08/25 15:27:32 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfusb1.dll
[2010/08/25 15:27:31 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfserv.dll
[2010/08/25 15:27:31 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfhbn3.dll
[2010/08/25 15:27:31 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbflmpm.dll
[2010/08/25 15:27:31 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcoms.exe
[2010/08/25 15:27:31 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfih.exe
[2010/08/25 15:27:31 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfppls.exe
[2010/08/25 15:27:31 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfprox.dll
[2010/08/25 15:27:31 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfpplc.dll
[2010/08/25 15:27:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomc.dll
[2010/08/25 15:27:30 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcomm.dll
[2010/08/25 15:27:30 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbfcfg.exe
[2010/08/20 13:02:48 | 000,765,688 | ---- | C] () -- C:\Windows\SysWow64\KMDownloader.exe
[2010/08/20 11:45:20 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/08/19 19:44:11 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/19 15:11:16 | 000,769,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/18 21:34:12 | 000,311,976 | ---- | C] () -- C:\Windows\SysWow64\kongdiskctrl_update.exe
[2010/08/17 17:45:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\ACRUSBTM.SYS
[2010/08/16 20:39:54 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010/08/16 19:42:08 | 000,000,609 | ---- | C] () -- C:\Windows\tlknw18.ini
[2010/08/16 18:07:23 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/10 18:38:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/03/23 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\.minecraft
[2010/12/29 08:53:12 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Amazon
[2012/01/09 17:44:23 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\AnnkakeSpa
[2011/04/21 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Audacity
[2012/04/28 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\DAEMON Tools Lite
[2012/04/28 21:36:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\DAEMON Tools Pro
[2010/08/13 23:05:06 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\eSobi
[2010/08/23 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Faerie Solitaire
[2010/08/20 10:29:37 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Free Audio Editor
[2011/10/28 21:26:24 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Gensokyo.org
[2012/02/11 09:47:19 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\GetRightToGo
[2011/01/18 23:02:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Hoyle
[2010/11/29 04:37:42 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Hoyle FaceCreator
[2012/05/05 22:29:51 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\ImgBurn
[2012/04/27 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\LolClient
[2012/05/23 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\LolClient2
[2012/01/13 20:56:50 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Nitroplus
[2011/12/11 00:09:06 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\PrettyMay
[2012/01/03 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\RenPy
[2010/08/18 17:05:30 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Samsung
[2010/08/23 12:46:28 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Scrabble Plus
[2012/01/24 00:05:35 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\ScummVM
[2011/08/14 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\ShanghaiAlice
[2011/02/20 23:40:28 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\TeamViewer
[2012/05/03 22:04:39 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\Trillian
[2012/05/31 18:50:22 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\TuneUp Software
[2012/06/03 23:27:26 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\uTorrent
[2010/11/27 21:01:57 | 000,000,000 | ---D | M] -- C:\Users\Park Family\AppData\Roaming\WildTangent
[2012/06/04 08:15:41 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/03/29 20:20:43 | 000,052,346 | ---- | M] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\애국가.pptx
[2012/03/29 20:20:43 | 000,052,346 | ---- | C] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\애국가.pptx
[2011/10/26 17:39:21 | 002,436,325 | ---- | M] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\경기도.pptx
[2011/10/15 10:33:28 | 002,436,325 | ---- | C] ()(C:\Users\Park Family\Documents\???.pptx) -- C:\Users\Park Family\Documents\경기도.pptx
[2010/12/14 03:22:08 | 000,001,093 | ---- | M] ()(C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°o?Aμd?A.lnk) -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk
[2010/12/14 03:22:08 | 000,001,093 | ---- | C] ()(C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°o?Aμd?A.lnk) -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk

< End of report >
  • 0

#10
Crowbar
Posted 05 June 2012 - 10:05 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi damascus404,
Good job so far, how is the computer doing now? Any more messages from Norton?

There are still some issues, so stick with me a little bit longer.
Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
[CREATERESTOREPOINT]
:OTL
[2010/12/14 03:22:08 | 000,001,093 | ---- | M] ()(C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°o?A?d?A.lnk) -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk
[2010/12/14 03:22:08 | 000,001,093 | ---- | C] ()(C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°o?A?d?A.lnk) -- C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk
:commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply I would like to see:
  • OTL log
  • MBAM log
  • Eset log
  • How is the computer now?

  • 0

Advertisements

#11
damascus404
Posted 05 June 2012 - 10:36 PM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, thank you for helping me. My computer is doing great and I'm not getting any more messages from Norton. Thing is, I can't get or don't know where the log file spawns after running the ESET scan. I have the other log files though.



OTL.txt





All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk moved successfully.
File C:\Users\Park Family\Application Data\Microsoft\Internet Explorer\Quick Launch\°õ¿Àµð¿À.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Park Family
->Temp folder emptied: 3216 bytes
->Temporary Internet Files folder emptied: 2717130 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 361701402 bytes
->Flash cache emptied: 12247 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 348.00 mb


OTL by OldTimer - Version 3.2.45.0 log created on 06052012_124837

Files\Folders moved on Reboot...
C:\Users\Park Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...




MalwareBytes.txt






Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Park Family :: PARKFAMILY-PC [administrator]

6/5/2012 1:14:01 PM
mbam-log-2012-06-05 (13-14-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214249
Time elapsed: 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#12
Crowbar
Posted 06 June 2012 - 10:06 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi damascus404,
You are welcome, but you did most of the work :)
Looks like we are almost done, so stick with me just a little bit longer....

Step 1
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrade Java : (64 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

Step 2
Update the Adobe Reader
The Adobe Reader is often updated to fix known security flaws so it is recommended that you update your copy

  • Go to Start > Control Panel > Add/Remove Programs
  • Remove any install of Adobe Reader that you may see
  • Re-boot your computer if required.
  • Once ALL versions of Adobe Reader have been uninstalled, please go to: http://get.adobe.com/reader/ to download and install the latest version of Adobe Reader

Step 3
Lets have a look at your ESET log, you can find it at
C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt
  • 0

#13
damascus404
Posted 06 June 2012 - 03:45 PM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Oh, there it is.


ESET Log


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#14
Crowbar
Posted 07 June 2012 - 02:31 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Was that the entire ESET log?

Are you having any other symptoms?
  • 0

#15
damascus404
Posted 07 June 2012 - 06:38 PM

damascus404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
That looked like the entire thing. There are no more symptoms that I am aware of.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP