Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVE.exe once again...


  • This topic is locked This topic is locked
5 replies to this topic

#1 flaffl

flaffl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 23 March 2010 - 09:28 PM

Yeah, I got it bad this time. Hopefully you guys can help me out, and I'm sure you'll do a fine job at it. (seeing as everyone's getting infected with this annoying bugger.)

Hopefully these screenshots help out a bit on the situation. Logfiles and everything will be after the screenshots. Excuse the immaturity on some of the pictures; it was originally for a friend that I thought could help but he directed me to you guys. Thank you in advance!

PS Also, I obviously have Vista.




DDS (Ver_10-03-17.01) - NTFSX64
Run by Steeb at 20:49:33.42 on 03/23/2010 Tue
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\AVG\AVG8\avgam.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~2\AVG\AVG8\avgrsa.exe
C:\PROGRA~2\AVG\AVG8\avgnsa.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\nPStarterSVC.exe
C:\Windows\SysWOW64\npnj5Agent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\taskmgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Steeb\AppData\Local\ave.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Steeb\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg8\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [EA Core] "c:\program files (x86)\electronic arts\eadm\Core.exe" -silent
uRun: [Pando Media Booster] c:\program files (x86)\pando networks\media booster\PMB.exe
uRun: [Software Informer] "c:\program files (x86)\software informer\softinfo.exe" -autorun
uRun: [fsm]
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: cyworld.com
Trusted Zone: nate.com
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxp://www.siren24.com/initech/plugin/INIS60.cab
DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxp://update2.spaceinter.com/easykeytec/bin/easykeytec.cab
DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} - hxxp://static.plaync.co.kr/aion_v2/skin/AddOn_091224.cab
DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} - hxxp://banking.nonghyup.com/shttp/install/down/INIS70.cab
DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://banking.nonghyup.com/plugin/scsk/ini7/SCSK4_WOW64.cab
DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} - hxxp://nprotect.plaync.co.kr/nProtect/netizen2007/ncsoft/npstarter.cab
DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} - hxxp://pgdownload.dacom.net/common/js/crossdomain/LGDacom_CrossDomain_20091117.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.8.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {80E16BB6-161D-40AE-8578-8C43A5F237F0} - hxxp://www.tple.co.kr/append/application/TpleCtrl-MFC9_2.CAB
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/vista/ews/ewsinstaller.cab
DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} - hxxp://mail2.daum.net/hanmail-ax/hanmail.cab
DPF: {A564E760-604B-4ED5-BB0B-12664EB7387E} - hxxp://www.10proclub.com/WebChat.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.lgdacom.net/dacom/IssacWebProCMS_4_2_9_1_DE.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_5/DaumActiveX.cab?ver=2,0,0,5
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CB3963BF-D983-4A72-B0B0-FD537E46CEF9} - hxxp://www.tple.co.kr/files/application/TpleControl6.CAB
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxps://name.siren24.com/nprotect/down/keycrypt/npkcx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab
DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} - hxxp://free.tvzoa.com/player/forceplayer.cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://file.naver.com/activex/test/NaverAXGuide.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg8\avgpp.dll
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files (x86)\initech\shttp\InitechSHTTPInterface.10120.dll
Name-Space Handler: http\s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - c:\program files (x86)\initech\shttp\InitechSHTTPInterface.10120.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\steeb\appdata\roaming\mozilla\firefox\profiles\xskmdi4e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\components\aosmgr\npaosmgr.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npINISAFEWeb60.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\steeb\appdata\roaming\mozilla\firefox\profiles\xskmdi4e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx64;AvgRkx64;c:\windows\system32\drivers\avgrkx64.sys [2009-5-10 14856]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-5-9 427016]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-5-9 33416]
R1 AvgTdiA;AVG8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-5-9 133640]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\hewlett-packard\media\dvd\000.fcl [2008-9-26 27632]
R2 avg8wd;AVG8 WatchDog;c:\progra~2\avg\avg8\avgwdsvc.exe [2009-5-10 297752]
R2 nPStarterSVC;nProtect Starter;c:\windows\system32\npstartersvc.exe --> c:\windows\system32\nPStarterSVC.exe [?]
S2 Norton Internet Security;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files (x86)\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-5-8 93184]
S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr7364.sys [2009-1-23 615424]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-3-26 44544]
S4 xOcean;xOcean;c:\program files (x86)\xocean\xocean.exe --> c:\program files (x86)\xocean\xOcean.exe [?]
S4 xOceanUpdate;xOceanUpdate;c:\program files (x86)\xocean\xoceanupdate.exe --> c:\program files (x86)\xocean\xOceanUpdate.exe [?]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-03-24 01:45:59 188 ----a-w- c:\users\steeb\defogger_reenable
2010-03-16 23:42:06 0 d-----w- c:\program files (x86)\Final Fantasy VII
2010-03-16 05:11:19 0 d-----w- c:\users\steeb\appdata\roaming\Malwarebytes
2010-03-16 05:11:13 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 05:11:13 0 d-----w- c:\programdata\Malwarebytes
2010-03-16 05:11:13 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-03-16 03:40:28 0 d-----w- c:\program files (x86)\AhnLab
2010-03-16 03:39:11 24 ----a-w- c:\windows\syswow64\scskConfigEH.ini
2010-03-16 03:36:04 0 d-----w- c:\windows\yessign
2010-03-16 03:36:04 0 d-----w- C:\pkicert
2010-03-16 03:35:02 0 d-----w- c:\windows\ISSAC_WEB
2010-03-15 22:11:07 0 d--h--w- C:\$AVG8.VAULT$
2010-03-15 22:03:30 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-15 22:03:23 0 d-----w- c:\programdata\Lavasoft
2010-03-15 22:03:23 0 d-----w- c:\program files (x86)\Lavasoft
2010-03-11 16:15:48 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 16:15:48 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-03-11 16:15:46 610304 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 16:15:46 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 16:15:46 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2010-03-08 06:27:20 0 d-----w- c:\program files (x86)\CCleaner
2010-03-02 04:04:13 94208 ----a-w- c:\windows\syswow64\sgkey.dll
2010-03-02 04:04:13 73728 ----a-w- c:\windows\syswow64\securek08.dll
2010-03-02 04:04:13 721001 ----a-w- c:\windows\syswow64\sg_dlg.dll
2010-03-02 04:04:13 61440 ----a-w- c:\windows\syswow64\sgcard.dll
2010-03-02 04:04:13 49152 ----a-w- c:\windows\syswow64\sgmagerkey.dll
2010-03-02 04:04:13 434176 ----a-w- c:\windows\syswow64\sg_cappatx.ocx
2010-03-02 04:04:13 36864 ----a-w- c:\windows\syswow64\UbikeyInit.dll
2010-03-02 04:04:13 307200 ----a-w- c:\windows\syswow64\ewshandler.dll
2010-03-02 04:04:13 1970281 ----a-w- c:\windows\syswow64\sg_api.dll
2010-03-02 04:04:13 167936 ----a-w- c:\windows\syswow64\securityloader.dll
2010-03-02 04:04:13 1585152 ----a-w- c:\windows\syswow64\gpkiapi.dll
2010-03-02 04:04:13 137120 ----a-w- c:\windows\syswow64\signgate_ioc.dll
2010-03-02 04:03:52 0 d-----w- c:\program files (x86)\SignGATE
2010-02-26 06:12:54 832 ---h--w- c:\windows\syswow64\lcplogv2.sbk
2010-02-26 06:07:54 0 d-----w- c:\programdata\xOcean
2010-02-26 06:04:54 0 d-----w- c:\program files (x86)\Tple
2010-02-25 18:17:01 0 d-sh--w- C:\found.000
2010-02-24 22:13:27 344064 ----a-w- c:\windows\syswow64\msvcr70.dll
2010-02-24 22:13:27 289552 ----a-w- c:\windows\syswow64\temp.001
2010-02-24 22:13:27 28672 ----a-w- c:\windows\syswow64\temp.000
2010-02-24 22:13:27 0 d-----w- c:\windows\MVUNINST
2010-02-24 22:13:27 0 d-----w- c:\program files (x86)\Memorex exPressit Label Design Studio
2010-02-24 22:13:27 0 d-----w- c:\program files (x86)\common files\SureThing Shared
2010-02-24 22:08:40 0 d-----w- c:\users\steeb\appdata\roaming\Software Informer
2010-02-24 22:08:39 0 d-----w- c:\program files (x86)\Software Informer

==================== Find3M ====================

2010-03-22 20:17:21 130416 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-24 15:16:06 212864 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 13:03:03 534016 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 13:03:03 159232 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 13:03:03 158720 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 13:02:33 535040 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 13:00:33 457216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 12:48:34 472576 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-25 12:48:06 472064 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-25 12:45:56 329216 ----a-w- c:\windows\syswow64\msdrm.dll
2010-01-25 08:37:36 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:37:32 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:37:32 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:37:29 594432 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:35:01 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-25 08:35:00 523776 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-25 08:34:56 511488 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-25 08:34:56 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-23 10:00:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 09:44:02 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-12-28 12:45:26 13824 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:44:32 1570816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:42:34 25600 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:42:32 38400 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:42:32 143360 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:42:28 15872 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:41:43 93184 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:41:22 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:39:08 76800 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:39:08 108544 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:35:50 11776 ----a-w- c:\windows\syswow64\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\syswow64\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\syswow64\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\syswow64\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\syswow64\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\syswow64\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\syswow64\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\syswow64\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\syswow64\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\syswow64\avicap32.dll
2009-11-16 04:11:10 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-16 04:11:10 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-12 02:52:18 86016 ----a-w- c:\windows\inf\infstor.dat
2009-01-23 17:22:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-23 17:24:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:57:09.41 ===============


GMER LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-23 21:26:58
Windows 6.0.6001 Service Pack 1
Running: gmer.exe


---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx
Service system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci
Service system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (X64)/Adaptec, Inc.) [DISABLED] adpu160m
Service system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [DISABLED] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide
Service system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide
Service system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK8
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [DISABLED] Apple Mobile Device
Service system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc
Service system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas
Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [DISABLED] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioSrv
Service AVG
Service C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) [AUTO] avg8wd
Service System32\Drivers\avgldx64.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgLdx64
Service System32\Drivers\avgmfx64.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgMfx64
Service System32\Drivers\avgrkx64.sys (AVG Anti-Rootkit Driver/AVG Technologies CZ, s.r.o.) [BOOT] AvgRkx64
Service System32\Drivers\avgtdia.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgTdiA
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [DISABLED] blbdrive
Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid
Service system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm
Service system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm
Service system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [DISABLED] BTHMODEM
Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass
Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_64
Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide
Service system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [DISABLED] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service system32\DRIVERS\Dot4.sys (IEEE-1284.4-1999 Driver/Microsoft Corporation) [MANUAL] Dot4
Service system32\DRIVERS\Dot4Prt.sys (IEEE-1284.4 Print Class Driver/Microsoft Corporation) [MANUAL] Dot4Print
Service system32\DRIVERS\dot4usb.sys (DOT4USB filter driver/Microsoft Corporation) [MANUAL] dot4usb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\Program Files (x86)\PlayNC\AION_KOR\bin32\GameGuard\dump_wmimmc.sys [MANUAL] dump_wmimmc
Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service system32\DRIVERS\E1G6032E.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
Service system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
Service system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [DISABLED] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [DISABLED] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub
Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [DISABLED] flpydisk
Service system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (GameConsoleService/WildTangent, Inc.) [DISABLED] GameConsoleService
Service system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [DISABLED] HidBth
Service system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv
Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [DISABLED] HP Health Check Service
Service system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [DISABLED] HpCISSs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hpqcxs08
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] hpqddsvc
Service system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp
Service system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON
Service ialm
Service system32\drivers\iastor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
Service system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [DISABLED] iaStorV
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service IDSVia64
Service system32\DRIVERS\igdkmd64.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx
Service system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [DISABLED] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service system32\drivers\RTKVHD64.sys (Realtek® High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [DISABLED] intelide
Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [DISABLED] IPMIDRV
Service system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Program Files (x86)\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service
Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [DISABLED] isapnp
Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteatapi
Service system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteraid
Service system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass
Service system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [SYSTEM] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [DISABLED] LightScribeService
Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC
Service system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS
Service system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI
Service system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x64/LSI Corporation) [DISABLED] megasas
Service system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [DISABLED] MegaSR
Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio
Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86-64/LSI Logic Corporation) [DISABLED] Mraid35x
Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci
Service system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (WindowsR installer/Microsoft Corporation) [MANUAL] msiserver
Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\ENG64.SYS [MANUAL] NAVENG
Service C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\EX64.SYS [MANUAL] NAVEX15
Service system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Net Driver HPZ12
Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm
Service system32\DRIVERS\netr7364.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) [MANUAL] netr7364
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [DISABLED] nfrd960
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
Service C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [AUTO] Norton Internet Security
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\GameMon.des [MANUAL] npggsvc
Service C:\Windows\SysWOW64\npkcft64.sys [MANUAL] npkcft64
Service C:\??\C:\Windows\system32\npptNT2.sys [MANUAL] NPPTNT2
Service C:\Windows\system32\nPStarterSVC.exe [AUTO] nPStarterSVC
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service system32\drivers\nvraid.sys (NVIDIAR nForce™ RAID Driver/NVIDIA Corporation) [DISABLED] nvraid
Service system32\drivers\nvstor.sys (NVIDIAR nForce™ Sata Performance Driver/NVIDIA Corporation) [DISABLED] nvstor
Service system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
Service system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
Service Outlook
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [DISABLED] Parport
Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
Service C:\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [MANUAL] PCD5SRVC{8AAF211B-043E02A9-05040000}
Service system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] pciide
Service system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] pcmcia
Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service C:\Windows\SysWow64\perfhost.exe (x86 Performance Counter Host/Microsoft Corporation) [MANUAL] PerfHost
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Pml Driver HPZ12
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent
Service PortProxy
Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Processor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service system32\DRIVERS\PS2.sys [MANUAL] Ps2
Service system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] PSched
Service system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [DISABLED] ql2300
Service system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [DISABLED] ql40xx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
Service system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
Service system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service system32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [DISABLED] rdpdr
Service system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service system32\DRIVERS\Rtlh64.sys (Realtek 8101E/8168/8169 NDIS6 64-bit Driver /Realtek Corporation ) [MANUAL] RTL8169
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service C:\Windows\syswow64\drivers\scsk5.sys [MANUAL] scsk5
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
Service system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [DISABLED] sffdisk
Service system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Microsoft Corporation) [DISABLED] SiSRaid2
Service system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4
Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify
Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) [DISABLED] sptd
Service C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [SYSTEM] SRTSP
Service C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [SYSTEM] SRTSPX
Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service system32\DRIVERS\sscdbus.sys (SAMSUNG USB Composite Device Driver/MCCI Corporation) [MANUAL] sscdbus
Service system32\DRIVERS\sscdmdfl.sys (SAMSUNG Mobile Modem Filter Driver/MCCI Corporation) [MANUAL] sscdmdfl
Service system32\DRIVERS\sscdmdm.sys (SAMSUNG Mobile Modem WDM/MCCI Corporation) [MANUAL] sscdmdm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
Service [SYSTEM] StarOpen
Service C:\Program [MANUAL] Steam Client Service
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
Service system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx
Service SymEFA
Service system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi
Service system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS
Service System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
Service system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
Service system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci
Service system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata
Service system32\drivers\ulsata2.sys (Promise SATAII150 Series x64 Windows Driver/Promise Technology, Inc.) [DISABLED] ulsata2
Service system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] upnphost
Service usb
Service System32\Drivers\usbaapl64.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL64
Service system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir
Service system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbohci
Service system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide
Service system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
Service system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
Service system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid
Service C:\Windows\system32\vssvc.exe (MicrosoftR Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
Service system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd
Service system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
Service system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [DISABLED] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum
Service system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
Service xmlprov
Service C:\Program [DISABLED] xOcean
Service C:\Program [DISABLED] xOceanUpdate
Service C:\??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [AUTO] {55662437-DA8C-40c0-AADA-2C816A897A49}
Service {A44E672E-0C66-470F-962D-5A571689521E}
Service {CCD88C88-8648-4179-A2A1-9FE0F7A0EA99}

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0xA4 0x01 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB7 0x72 0xF5 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB1 0xDD 0x16 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1E 0xA4 0x01 0xB7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB7 0x72 0xF5 0xA4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB1 0xDD 0x16 0x41 ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN=5AC3C7E2 Love\xff97Evolution\BGIForInstalling.exe 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN=5AC3C7E2 Love\xff97Evolution\Setup.exe 1

---- EOF - GMER 1.0.15 ----

Edited by flaffl, 24 March 2010 - 12:13 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 PM

Posted 27 March 2010 - 04:59 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 flaffl

flaffl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:00 AM

Posted 30 March 2010 - 10:11 PM

So all I've got right now is the OTL log but I'll post up the GMER one soon.

OTL logfile created on: 3/28/2010 2:42:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Steeb\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.18 Gb Total Space | 211.09 Gb Free Space | 36.20% Space Free | Partition Type: NTFS
Drive D: | 12.99 Gb Total Space | 1.77 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEEB-PC
Current User Name: Steeb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/28 08:14:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Steeb\Desktop\OTL.exe
PRC - [2010/03/23 18:37:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/25 19:50:10 | 002,011,205 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files (x86)\Software Informer\softinfo.exe
PRC - [2009/07/31 09:52:36 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
PRC - [2009/07/31 09:52:30 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
PRC - [2009/02/17 20:53:04 | 000,213,279 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWOW64\npnj5Agent.exe
PRC - [2009/02/17 20:27:02 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWOW64\npstartersvc.exe
PRC - [2008/11/03 19:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/03/28 08:14:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Steeb\Desktop\OTL.exe
MOD - [2008/01/20 21:50:45 | 000,545,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\imekr8\imkrtip.dll
MOD - [2008/01/20 21:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 21:49:57 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\SHARED\IMJKAPI.DLL
MOD - [2008/01/20 21:49:46 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\SHARED\IMETIP.DLL
MOD - [2008/01/20 21:49:02 | 000,113,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IME\imekr8\imkrapi.dll
MOD - [2008/01/20 21:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/01/02 22:57:01 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/11/15 19:32:09 | 003,346,076 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/07/31 09:52:30 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/02/17 20:27:02 | 000,250,145 | ---- | M] (INCA Internet Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\npstartersvc.exe -- (nPStarterSVC)
SRV - [2008/11/03 19:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/07/27 13:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006/11/02 08:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 01:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 01:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/07/31 09:52:47 | 000,033,416 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/07/31 09:52:45 | 000,427,016 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2009/05/20 21:15:06 | 000,871,408 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/05/10 14:28:26 | 000,014,856 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2009/05/10 14:28:25 | 000,133,640 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2009/03/26 16:23:46 | 000,044,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/03/19 17:34:18 | 000,029,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/03 19:10:08 | 000,406,040 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/09/09 20:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/09/02 08:21:04 | 008,034,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/06 11:26:08 | 000,174,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/02/26 12:18:00 | 000,615,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr7364.sys -- (netr7364)
DRV:64bit: - [2007/07/03 19:04:44 | 000,142,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 19:04:16 | 000,016,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 19:02:12 | 000,105,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/03/15 22:39:11 | 000,042,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SCSK5.sys -- (scsk5)
DRV - [2009/11/15 23:26:06 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/26 05:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 16:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 16:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2005/01/02 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2675749234-114148314-774276932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKU\S-1-5-21-2675749234-114148314-774276932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2675749234-114148314-774276932-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2675749234-114148314-774276932-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/12/23 09:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 20:54:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/23 18:37:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/23 18:37:54 | 000,000,000 | ---D | M]

[2009/10/20 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Steeb\AppData\Roaming\Mozilla\Extensions
[2009/10/20 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Steeb\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/28 08:22:51 | 000,000,000 | ---D | M] -- C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Profiles\xskmdi4e.default\extensions
[2009/06/29 00:48:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Profiles\xskmdi4e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 21:57:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Profiles\xskmdi4e.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/25 15:47:58 | 000,000,000 | ---D | M] -- C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Profiles\xskmdi4e.default\extensions\firefox@tvunetworks.com
[2009/10/29 21:57:44 | 000,000,000 | ---D | M] -- C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Profiles\xskmdi4e.default\extensions\savesession@noasobi.net
[2010/03/28 08:22:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2007/08/06 23:35:10 | 000,155,776 | ---- | M] (INITECH ©) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npINISAFEWeb60.dll
[2009/12/30 22:21:50 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2675749234-114148314-774276932-1000..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2675749234-114148314-774276932-1000..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-2675749234-114148314-774276932-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-2675749234-114148314-774276932-1000..\Run: [Software Informer] C:\Program Files (x86)\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKU\S-1-5-21-2675749234-114148314-774276932-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..Trusted Domains: cyworld.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..Trusted Domains: nate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2675749234-114148314-774276932-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} http://www.siren24.com/initech/plugin/INIS60.cab (INISAFEWeb6 V6 Class)
O16 - DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} http://update2.spaceinter.com/easykeytec/bin/easykeytec.cab (EZKeytecWeb Class)
O16 - DPF: {33EAE546-128F-41C3-BAD4-7624EB5E3730} http://static.plaync.co.kr/aion_v2/skin/AddOn_091224.cab (KT ICS Download Component)
O16 - DPF: {39461460-2552-4D51-A062-3AB6A7B902E9} http://banking.nonghyup.com/shttp/install/down/INIS70.cab (INISAFE Updater Control)
O16 - DPF: {39FC0CF9-86F3-4502-B773-D16706EDEC83} http://banking.nonghyup.com/plugin/scsk/ini7/SCSK4_WOW64.cab (SCSK Control)
O16 - DPF: {51B1D5ED-67DC-43F0-A3F8-8502F1A5E404} http://nprotect.plaync.co.kr/nProtect/neti...t/npstarter.cab (nPCom2 Control)
O16 - DPF: {5DBE942F-CE91-4EED-853F-A1CD022665AF} http://pgdownload.dacom.net/common/js/cros...in_20091117.cab (DacomCrossDomain Control)
O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} https://wstatic.plaync.co.kr/common/js/UniU.../NCLoader.8.cab (NCLoaderCtl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {80E16BB6-161D-40AE-8578-8C43A5F237F0} http://www.tple.co.kr/append/application/TpleCtrl-MFC9_2.CAB (Tple 컨트롤)
O16 - DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} http://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab (DownStarter2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} http://download.signgate.com/download/vist...wsinstaller.cab (SG_CAppAtx Control)
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} http://mail2.daum.net/hanmail-ax/hanmail.cab (Hanmail Upload Control)
O16 - DPF: {A564E760-604B-4ED5-BB0B-12664EB7387E} http://www.10proclub.com/WebChat.cab (WebChat Control)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} http://pgdownload.lgdacom.net/dacom/IssacW..._4_2_9_1_DE.cab (IssacWebProCMS Class)
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} http://mail.daum.net/hanmail-ax/DaumActive...cab?ver=2,0,0,5 (Daum ActiveX manager Class)
O16 - DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} Reg Error: Key error. (EwsLoader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CB3963BF-D983-4A72-B0B0-FD537E46CEF9} http://www.tple.co.kr/files/application/TpleControl6.CAB (TpleAX Class 6)
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} https://name.siren24.com/nprotect/down/keycrypt/npkcx.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co.kr/kvpfiles_vista/KVPISPCTLD_VISTA.cab (KvpIspCtlD Control)
O16 - DPF: {FCD61199-E187-4ADD-88E5-9AF238486D11} http://free.tvzoa.com/player/forceplayer.cab (CPPMediaCtrl Object)
O16 - DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} http://file.naver.com/activex/test/NaverAXGuide.cab (NaverAXGuide Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 76.85.229.110 76.85.229.111
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files (x86)\INITECH\SHTTP\InitechSHTTPInterface.10120.dll (© INITECH)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Steeb\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c2f45c5-823a-11de-b70f-00225f5b5695}\Shell - "" = AutoRun
O33 - MountPoints2\{0c2f45c5-823a-11de-b70f-00225f5b5695}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5c922cf7-45c9-11de-8a4b-00225f5b5695}\Shell - "" = AutoRun
O33 - MountPoints2\{5c922cf7-45c9-11de-8a4b-00225f5b5695}\Shell\AutoRun\command - "" = K:\Startup.exe -- File not found
O33 - MountPoints2\{810b78e9-7bbf-11de-be6f-00225f5b5695}\Shell - "" = AutoRun
O33 - MountPoints2\{810b78e9-7bbf-11de-be6f-00225f5b5695}\Shell\AutoRun\command - "" = K:\Startup.exe -- File not found
O33 - MountPoints2\{821618af-1463-11df-83b2-00248c076719}\Shell\AutoRun\command - "" = F:\yl0tyb6w.com -- File not found
O33 - MountPoints2\{821618af-1463-11df-83b2-00248c076719}\Shell\open\Command - "" = F:\yl0tyb6w.com -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/28 11:39:11 | 000,000,000 | -H-D | C] -- C:\Users\Steeb\Desktop\just in case~
[2010/03/28 08:14:24 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Steeb\Desktop\OTL.exe
[2010/03/21 13:13:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/16 18:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Fantasy VII
[2010/03/16 00:11:19 | 000,000,000 | ---D | C] -- C:\Users\Steeb\AppData\Roaming\Malwarebytes
[2010/03/16 00:11:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/16 00:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/16 00:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/16 00:10:46 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steeb\Desktop\mbam-setup.exe
[2010/03/15 22:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AhnLab
[2010/03/15 22:39:11 | 000,141,848 | ---- | C] (Kings Information & Network) -- C:\Windows\SysWow64\drivers\kcrtx64.sys
[2010/03/15 22:36:04 | 000,000,000 | ---D | C] -- C:\Windows\yessign
[2010/03/15 22:36:04 | 000,000,000 | ---D | C] -- C:\pkicert
[2010/03/15 22:35:02 | 000,000,000 | ---D | C] -- C:\Windows\ISSAC_WEB
[2010/03/15 17:11:07 | 000,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2010/03/15 17:03:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/03/15 17:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/03/15 17:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/03/15 16:59:59 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Steeb\Desktop\Ad-AwareInstaller.exe
[2010/03/15 01:25:23 | 000,000,000 | -H-D | C] -- C:\Users\Steeb\Desktop\Massage Creep - Melanie Jane [Making Melanie's Day]
[2010/03/13 02:51:06 | 000,000,000 | ---D | C] -- C:\Users\Steeb\Desktop\Final Fantasy 7 Ultimate Pc Edition
[2010/03/11 11:15:48 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/11 11:15:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/09 22:55:30 | 000,000,000 | ---D | C] -- C:\Users\Steeb\Desktop\Final Fantasy 7, 8 & 9 for PSX
[2010/03/08 01:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/03/01 23:04:13 | 001,970,281 | ---- | C] (한국정보인증(주)) -- C:\Windows\SysWow64\sg_api.dll
[2010/03/01 23:04:13 | 001,585,152 | ---- | C] ((주)드림시큐리티) -- C:\Windows\SysWow64\gpkiapi.dll
[2010/03/01 23:04:13 | 000,721,001 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\SysWow64\sg_dlg.dll
[2010/03/01 23:04:13 | 000,434,176 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\SysWow64\sg_cappatx.ocx
[2010/03/01 23:04:13 | 000,307,200 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\SysWow64\ewshandler.dll
[2010/03/01 23:04:13 | 000,167,936 | ---- | C] (Korea Infomation Certificate Authority Inc.) -- C:\Windows\SysWow64\securityloader.dll
[2010/03/01 23:04:13 | 000,137,120 | ---- | C] (Korea Information Certificate Authority Inc.) -- C:\Windows\SysWow64\signgate_ioc.dll
[2010/03/01 23:04:13 | 000,094,208 | ---- | C] (Internet Security Co., Ltd.) -- C:\Windows\SysWow64\sgkey.dll
[2010/03/01 23:04:13 | 000,073,728 | ---- | C] (Internet Security Co., Ltd.) -- C:\Windows\SysWow64\securek08.dll
[2010/03/01 23:04:13 | 000,061,440 | ---- | C] (한국정보인증) -- C:\Windows\SysWow64\sgcard.dll
[2010/03/01 23:04:13 | 000,049,152 | ---- | C] (N-LINE SYSTEM Co., Ltd.) -- C:\Windows\SysWow64\sgmagerkey.dll
[2010/03/01 23:04:13 | 000,036,864 | ---- | C] (INFOVINE) -- C:\Windows\SysWow64\UbikeyInit.dll
[2010/03/01 23:04:13 | 000,021,990 | ---- | C] (Internet Security Co., Ltd.) -- C:\Windows\SysWow64\drivers\securkey.sys
[2010/03/01 23:04:13 | 000,020,780 | ---- | C] (anchor chips) -- C:\Windows\SysWow64\drivers\MagerKey.sys
[2010/03/01 23:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SignGATE
[16 C:\Users\Steeb\AppData\Local\*.tmp files -> C:\Users\Steeb\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/28 14:43:50 | 004,194,304 | -HS- | M] () -- C:\Users\Steeb\NTUSER.DAT
[2010/03/28 14:13:06 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 14:13:06 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/28 11:41:39 | 000,100,864 | ---- | M] () -- C:\Users\Steeb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 08:29:26 | 058,110,411 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/03/28 08:18:21 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/28 08:18:21 | 000,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/28 08:18:21 | 000,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/28 08:14:27 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Steeb\Desktop\OTL.exe
[2010/03/28 08:12:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/28 08:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 14:55:28 | 000,524,288 | -HS- | M] () -- C:\Users\Steeb\NTUSER.DAT{ecf9813b-4fb3-11de-b215-00248c076719}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 14:55:28 | 000,065,536 | -HS- | M] () -- C:\Users\Steeb\NTUSER.DAT{ecf9813b-4fb3-11de-b215-00248c076719}.TM.blf
[2010/03/27 14:55:24 | 002,945,402 | -H-- | M] () -- C:\Users\Steeb\AppData\Local\IconCache.db
[2010/03/25 18:00:58 | 000,011,400 | -HS- | M] () -- C:\Users\Steeb\AppData\Local\20xYJkS83BHk4
[2010/03/25 15:57:54 | 000,000,335 | ---- | M] () -- C:\Users\Steeb\Desktop\FixExe.reg
[2010/03/23 21:00:59 | 000,002,853 | ---- | M] () -- C:\Users\Steeb\Desktop\Attach.zip
[2010/03/23 20:49:07 | 000,130,416 | ---- | M] () -- C:\Users\Steeb\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 20:47:00 | 000,453,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/23 20:46:00 | 000,000,188 | ---- | M] () -- C:\Users\Steeb\defogger_reenable
[2010/03/23 20:45:31 | 000,050,477 | ---- | M] () -- C:\Users\Steeb\Desktop\Defogger.exe
[2010/03/23 20:42:47 | 000,001,424 | -HS- | M] () -- C:\ProgramData\20xYJkS83BHk4
[2010/03/23 20:37:19 | 002,970,830 | ---- | M] () -- C:\Users\Steeb\Desktop\ringtone.mp3
[2010/03/22 15:17:21 | 000,130,416 | ---- | M] () -- C:\Windows\SysNative\GDIPFONTCACHEV1.DAT
[2010/03/21 14:47:11 | 000,002,553 | ---- | M] () -- C:\Users\Steeb\Desktop\HiJackThis.lnk
[2010/03/21 13:58:23 | 000,284,915 | ---- | M] () -- C:\Users\Steeb\Desktop\gmer.zip
[2010/03/21 13:58:03 | 000,525,824 | ---- | M] () -- C:\Users\Steeb\Desktop\dds.scr
[2010/03/21 13:07:54 | 003,896,274 | ---- | M] () -- C:\Users\Steeb\Desktop\ComboFix.exe
[2010/03/18 00:01:37 | 000,000,204 | ---- | M] () -- C:\Windows\SysNative\npconf.md5
[2010/03/16 18:44:38 | 000,000,880 | ---- | M] () -- C:\Users\Steeb\Desktop\Final Fantasy VII.lnk
[2010/03/16 00:15:03 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steeb\Desktop\mbam-setup.exe
[2010/03/15 22:39:11 | 000,141,848 | ---- | M] (Kings Information & Network) -- C:\Windows\SysWow64\drivers\kcrtx64.sys
[2010/03/15 22:39:11 | 000,042,704 | ---- | M] () -- C:\Windows\SysWow64\drivers\SCSK5.sys
[2010/03/15 22:39:11 | 000,000,024 | ---- | M] () -- C:\Windows\SysWow64\scskConfigEH.ini
[2010/03/15 17:03:28 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/15 17:02:11 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Steeb\Desktop\Ad-AwareInstaller.exe
[2010/03/15 16:56:04 | 000,002,840 | -HS- | M] () -- C:\Users\Steeb\AppData\Local\oY0vtai
[2010/03/15 16:54:35 | 000,002,836 | -HS- | M] () -- C:\ProgramData\oY0vtai
[2010/03/12 01:02:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/03/08 01:29:24 | 000,159,524 | ---- | M] () -- C:\Users\Steeb\Downloads\Documents\cc_20100308_002902.reg
[2010/02/27 10:05:16 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[16 C:\Users\Steeb\AppData\Local\*.tmp files -> C:\Users\Steeb\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/25 15:57:54 | 000,000,335 | ---- | C] () -- C:\Users\Steeb\Desktop\FixExe.reg
[2010/03/23 21:00:59 | 000,002,853 | ---- | C] () -- C:\Users\Steeb\Desktop\Attach.zip
[2010/03/23 20:45:59 | 000,000,188 | ---- | C] () -- C:\Users\Steeb\defogger_reenable
[2010/03/23 20:45:30 | 000,050,477 | ---- | C] () -- C:\Users\Steeb\Desktop\Defogger.exe
[2010/03/23 20:42:31 | 000,011,400 | -HS- | C] () -- C:\Users\Steeb\AppData\Local\20xYJkS83BHk4
[2010/03/23 20:42:31 | 000,001,424 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
[2010/03/23 20:37:16 | 002,970,830 | ---- | C] () -- C:\Users\Steeb\Desktop\ringtone.mp3
[2010/03/21 13:59:03 | 000,293,376 | ---- | C] () -- C:\Users\Steeb\Desktop\gmer.exe
[2010/03/21 13:58:22 | 000,284,915 | ---- | C] () -- C:\Users\Steeb\Desktop\gmer.zip
[2010/03/21 13:57:57 | 000,525,824 | ---- | C] () -- C:\Users\Steeb\Desktop\dds.scr
[2010/03/21 13:07:49 | 003,896,274 | ---- | C] () -- C:\Users\Steeb\Desktop\ComboFix.exe
[2010/03/16 18:44:38 | 000,000,880 | ---- | C] () -- C:\Users\Steeb\Desktop\Final Fantasy VII.lnk
[2010/03/16 00:11:13 | 000,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/15 22:39:11 | 000,042,704 | ---- | C] () -- C:\Windows\SysWow64\drivers\SCSK5.sys
[2010/03/15 22:39:11 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\scskConfigEH.ini
[2010/03/15 17:03:28 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/03/15 16:54:07 | 000,002,840 | -HS- | C] () -- C:\Users\Steeb\AppData\Local\oY0vtai
[2010/03/15 16:54:07 | 000,002,836 | -HS- | C] () -- C:\ProgramData\oY0vtai
[2010/03/11 11:15:48 | 000,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2010/03/11 11:15:46 | 000,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2010/03/11 11:15:46 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2010/03/08 01:29:07 | 000,159,524 | ---- | C] () -- C:\Users\Steeb\Downloads\Documents\cc_20100308_002902.reg
[2009/11/16 00:31:11 | 000,000,744 | ---- | C] () -- C:\Users\Steeb\AppData\Roaming\filterclsid.dat
[2009/11/11 21:45:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/11/11 21:14:13 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009/10/23 09:30:54 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\KvpUpCom.dll
[2009/10/20 22:26:19 | 000,188,494 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_dotnetfx35install_lp.txt
[2009/10/20 22:26:19 | 000,000,714 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_dotnetfx35error_lp.txt
[2009/10/20 22:24:54 | 000,473,002 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009/10/20 22:24:51 | 000,425,574 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_dotnetfx35install.txt
[2009/10/20 22:24:51 | 000,001,082 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_dotnetfx35error.txt
[2009/08/27 16:08:05 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/08/21 23:04:08 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/08/11 10:54:56 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/30 00:35:05 | 000,000,674 | ---- | C] () -- C:\Users\Steeb\AppData\Roaming\wklnhst.dat
[2009/05/28 17:55:09 | 000,277,348 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_depcheckdotnetfx30.txt
[2009/05/28 17:55:02 | 000,224,394 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_dotnetfx3install.txt
[2009/05/28 17:55:02 | 000,012,270 | ---- | C] () -- C:\Users\Steeb\AppData\Local\uxeventlog.txt
[2009/05/28 17:55:02 | 000,002,378 | ---- | C] () -- C:\Users\Steeb\AppData\Local\dd_dotnetfx3error.txt
[2009/05/13 09:31:18 | 000,000,744 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/05/08 18:54:36 | 000,000,680 | ---- | C] () -- C:\Users\Steeb\AppData\Local\d3d9caps.dat
[2009/05/08 17:19:30 | 000,100,864 | ---- | C] () -- C:\Users\Steeb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/08 16:04:21 | 000,000,732 | ---- | C] () -- C:\Users\Steeb\AppData\Local\d3d9caps64.dat
[2009/01/23 12:33:15 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009/01/23 12:33:15 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/06/26 20:28:04 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\KTxtLog.dll
[2007/06/26 20:10:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\KNetClient.dll
[2007/06/26 20:08:00 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\KCharUtil.dll
[2007/05/25 15:23:56 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\ver.ini
[2007/05/10 08:15:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\ISP_crgen.dll
[2005/06/29 18:45:44 | 000,708,096 | ---- | C] () -- C:\Windows\SysWow64\INIcrypto20.dll
[2005/02/21 01:28:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\usbdll.dll

========== Files - Unicode (All) ==========
[2009/12/30 23:09:17 | 000,000,000 | ---D | M](C:\Users\Steeb\Downloads\Documents\3O?? CA・ ̄±×) -- C:\Users\Steeb\Downloads\Documents\³Ø½¼ Ç÷¯±×
[2009/12/30 23:09:17 | 000,000,000 | ---D | C](C:\Users\Steeb\Downloads\Documents\3O?? CA・ ̄±×) -- C:\Users\Steeb\Downloads\Documents\³Ø½¼ Ç÷¯±×
[2009/12/15 11:23:52 | 000,000,000 | ---D | M](C:\Users\Steeb\Downloads\Documents\???? ?? ??) -- C:\Users\Steeb\Downloads\Documents\네이트온 받은 파일
[2009/12/15 11:23:52 | 000,000,000 | ---D | C](C:\Users\Steeb\Downloads\Documents\???? ?? ??) -- C:\Users\Steeb\Downloads\Documents\네이트온 받은 파일
[2009/12/15 11:22:21 | 000,001,567 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\네이트온.lnk
[2009/12/15 11:22:21 | 000,001,567 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\네이트온.lnk
[2009/12/15 02:11:17 | 000,032,256 | ---- | M] ()(C:\Users\Steeb\Downloads\Documents\??? ???? ???.doc) -- C:\Users\Steeb\Downloads\Documents\호스트 페밀리에 대해서.doc
[2009/12/15 02:11:17 | 000,032,256 | ---- | C] ()(C:\Users\Steeb\Downloads\Documents\??? ???? ???.doc) -- C:\Users\Steeb\Downloads\Documents\호스트 페밀리에 대해서.doc
[2009/12/15 02:10:37 | 000,013,293 | ---- | M] ()(C:\Users\Steeb\Downloads\Documents\??? ???? ???.docx) -- C:\Users\Steeb\Downloads\Documents\호스트 페밀리에 대해서.docx
[2009/12/15 01:36:30 | 000,013,293 | ---- | C] ()(C:\Users\Steeb\Downloads\Documents\??? ???? ???.docx) -- C:\Users\Steeb\Downloads\Documents\호스트 페밀리에 대해서.docx
[2009/11/28 00:44:44 | 000,103,936 | ---- | M] ()(C:\Users\Steeb\Downloads\Documents\????.doc) -- C:\Users\Steeb\Downloads\Documents\비행편명.doc
[2009/11/28 00:19:56 | 000,103,936 | ---- | C] ()(C:\Users\Steeb\Downloads\Documents\????.doc) -- C:\Users\Steeb\Downloads\Documents\비행편명.doc
[2009/07/16 23:37:35 | 000,015,004 | ---- | M] ()(C:\Users\Steeb\Downloads\Documents\??? ????.docx) -- C:\Users\Steeb\Downloads\Documents\덴마크 다이어트.docx
[2009/07/16 23:37:35 | 000,015,004 | ---- | C] ()(C:\Users\Steeb\Downloads\Documents\??? ????.docx) -- C:\Users\Steeb\Downloads\Documents\덴마크 다이어트.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:D74B6CF5
< End of report >

OTL Extras logfile created on: 3/28/2010 2:42:29 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Steeb\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583.18 Gb Total Space | 211.09 Gb Free Space | 36.20% Space Free | Partition Type: NTFS
Drive D: | 12.99 Gb Total Space | 1.77 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEEB-PC
Current User Name: Steeb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2675749234-114148314-774276932-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093101F5-3EDD-4190-B8FC-58F6E37C9DDA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0C28BDA4-AEED-4566-A452-46E06A599186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{173F6642-0C98-42C8-A7E1-505E58F56E52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2880E37D-0704-4AD8-9A02-398D1CBE2928}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{291C5DD5-BBC0-4985-B185-83122F3DD8A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A6901F4-0DBD-4052-B737-A73453CA8178}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A45E5A9-E6A4-45CD-A4B7-3B800932E904}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CF89AD6-3635-4623-BFFC-4126DC24FF26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{443A2CF0-B7CA-4D72-9AAB-68C3FD2C5510}" = rport=139 | protocol=6 | dir=out | app=system |
"{45DE4C2B-1D32-4C40-9672-9E76F898BEAA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4A05C665-D11C-4CBE-80CD-580479178FC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C6ECD25-50D0-4A38-8C70-C7A2ED5B9FFD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4CCC9398-EA45-4BD6-A341-42127AE1D610}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EA44DC1-FAF7-40E6-9E40-9AF6A5D4249F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4ED1E9C0-4945-4ED7-B959-10C1CC25E1D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{87B4C1B7-87ED-4768-B2E2-7DD01B46BD34}" = lport=137 | protocol=17 | dir=in | app=system |
"{91334462-C856-4C95-A6E8-E98A830A3995}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9657F4AC-6444-403E-AB74-4F47E57C701E}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA1CE3CA-39ED-4942-A9DE-8070B67AA127}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{C0439E66-FBE9-4B1D-9C95-95C622EEB8D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C44E73F4-3B81-4B26-A56E-E8102DD16CD9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C6AC4BBB-ABDD-44FC-9530-D11970B8523E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C8A71ECA-40F7-4E56-A778-7974DE226069}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA0D0C0A-3F59-40B2-9DE5-BB808EB71B65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCC86823-71DF-4837-A249-63BE472731BA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1A45259-384F-4C4B-B426-EAB4AB24F2C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1AFED30-FD17-44E3-BA5A-70EF27822278}" = rport=138 | protocol=17 | dir=out | app=system |
"{DBDA9606-1105-414E-A149-4F9B891A8D81}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E1007EA1-7EC1-4913-B11D-8E80660DCE75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F5DA350D-00C3-4963-869A-B562D3AEF3F4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F6F35EC4-1E7D-4F7B-B59C-7F5A775AB604}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03272764-D194-4F9C-B7EE-D4087F7481B1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{040F3BE2-D320-4A52-AFAD-3F5BA1F94ED8}" = dir=in | app=c:\program files (x86)\avg\avg8\avgam.exe |
"{05A96352-D5B0-4038-A99E-E55F3D82BB45}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{0BBA3DCB-FD7B-4F2F-A757-88A6B6FD0880}" = protocol=17 | dir=in | app=c:\program files (x86)\xocean\xocean.exe |
"{0DBC5E72-7E94-4EAF-8995-B3D90CE0FD40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1CC11CAF-7928-469E-BF2F-6F6C797F377F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1E66F18C-4DFB-425F-B598-0A7E9DC09B19}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{1F106014-A083-41CB-A80E-BD492619A956}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B988C25-960F-4423-A31E-363C3082DA37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{338D3641-CBBE-4857-BB42-05EFC62DCB1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{35C9B3D8-58E3-4326-A60D-4492D6E250CB}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{3E4B8FD2-4C9F-4858-AF10-16E349F771E2}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3E615198-88CD-4894-BF2D-8135192B7F10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3EB07B34-D6A5-4395-B3BC-A1878FCA3BDC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3FDB8DB9-B163-426E-A4D6-AB49443DF355}" = protocol=17 | dir=in | app=c:\program files (x86)\nateon\bin\nateonmain.exe |
"{4435A216-D944-42B3-961A-DA298F9BC59A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{44B12D57-F306-4C37-8715-F5419056EF8F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{451AE96A-A8FF-45B5-A8FE-FEE0F2AF8625}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{48E30BE0-3D1D-4DE5-861E-D2262ACB8246}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4E1FC602-5B2F-4365-AE60-31C71CC7537B}" = protocol=6 | dir=in | app=c:\program files (x86)\tple\tple_download.exe |
"{4FA4271E-5698-4BE7-8BEB-2ED84E874636}" = protocol=6 | dir=out | app=system |
"{5017CA14-937C-468A-BC76-B6A2CD659A81}" = protocol=17 | dir=in | app=c:\program files (x86)\tple\tple_download.exe |
"{5813A2B7-28E8-49D2-8502-C9247456343E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{59331DC1-B4AD-47BC-9F68-75756B1CC9CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B978755-A8A1-49F2-8618-97F2995131E7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5F55F5FD-E643-4135-BF6A-FA415E128600}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{634612AC-3E16-49C7-B14B-AEB36FDDA4E7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{658D05F8-6FBC-4753-AEF4-F1D0EC530556}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A9B9BD4-FA39-43AC-8A94-FE60A408EA49}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B91D283-574A-45C6-8FB2-65C97E6AA326}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7314B4AE-414F-4F33-92D1-B7024F3D37DF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{768B4DA8-788D-41D7-BC26-FF2C785EF497}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{777F3D91-9189-4C91-BF2D-A6CDB222B0B7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7B35EE6F-AC58-4606-8811-FFEE28FAFE42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B58D91C-8A29-4475-BA34-65BFC86AD6C1}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{88CE2DB1-C6D0-4BA5-A9DE-5E079D4C9BDA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{89AA0413-6592-478E-879B-F5BB92316105}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8BDF3C55-6DCC-415E-A7D6-13C6692472EA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8C09BC6D-8BD3-47B1-B096-024BC1905A85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E650F9C-7045-46B8-9480-E40DC25DE1DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{946DEFE0-D0E5-4072-8B05-B3F526AC35D1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{973FFDA8-C140-46E2-AE78-1BC6D68040F4}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{97FE99BF-F3B5-47BF-82AD-C400EB1B2606}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{997DC25C-12ED-4FCE-8443-BD8EAB247F0A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9CA0D02B-0FDB-496E-BA38-F2ECBEA8876F}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AA787561-2AE2-4015-94B9-DB6B607D29A0}" = protocol=6 | dir=in | app=c:\program files (x86)\nateon\bin\nateonmain.exe |
"{AAF6B3BC-AB36-4B1B-9DC8-D80782C782FD}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{ACABF8E4-7ED4-48F1-9969-E5D7000ED613}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B1984EC3-EE16-4BC8-8124-F6A8A5DDA70A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B532F542-02A4-42F9-B0CC-FBBAC2E51D50}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{B5965602-64DF-48E7-AD38-095A8FF1933E}" = protocol=6 | dir=in | app=c:\program files (x86)\xocean\xocean.exe |
"{B5AF5E2A-0E98-4BF3-8000-B2DCB5FDFFF8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BAE6A7BA-5014-487C-982D-063F483CDD4E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{BDB8C757-3C47-44D7-859C-42AAE79E640C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C1F65267-6BE0-45E0-A57F-9376EC7D3B3D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C27DBFAB-A664-4BF3-8BBF-BA978DEE7032}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAD45AEC-D82C-4350-942E-1BB0B6FF85BA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1266FF6-9904-48C4-A6B7-36F0A0392EF0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D159EC26-0BA6-4A57-B1AD-352B6204BCA2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{D2C0C66A-5F81-4110-9BEC-E37D5578951C}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{DD404E76-91F2-4224-917A-29865AAE1F26}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{DE287634-0685-43AE-B3D2-0FAA68B5A775}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{DEA6EAF8-5C78-44D1-BF42-AA20A33F3BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E0A70BE8-1C3F-4B51-A1E6-2640D9A52535}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2BC21B9-C290-42DB-98FE-B23A97ABBF08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E830EFD7-0D8E-4082-80F7-BC406B568BFB}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{E902C8C5-8DBB-4967-9426-2F7EB9354BFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EDA62EBC-76CF-44CD-B21E-E941ADA60225}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF3E5D51-5DE8-4748-B108-54EB6A715A79}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F2EA904F-73FB-47F9-939B-EB2707E51DA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F343AF0F-9E68-4963-8072-B20C9F8ADCDB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{F3FD4A62-E649-4050-9FB3-9F542B30B976}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{F88B9567-A78E-4542-BA9B-357DE09D4F94}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{FB2D0DAF-9048-482A-95CB-73AA86E0E158}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD8705E9-2B14-4224-ADEF-62CA5961A19F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0B34F9C5-3495-49E3-AF9D-2610027470F4}C:\program files (x86)\peercast\peercast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\peercast\peercast.exe |
"TCP Query User{1C0B3B8A-A414-4934-8F10-80F8511E0B69}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{1D639AC6-EA31-4230-9D93-9DCC1F4248E6}C:\program files (x86)\steam\steamapps\razakdigital\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\razakdigital\counter-strike source\hl2.exe |
"TCP Query User{2AD923C6-C83F-4121-AC3F-571715EED87E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{3E1E2778-6161-4B91-9C25-11D65628C185}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{63BEC8AC-1F4B-4C32-843B-8E9ADCDAE960}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{689AE5E6-CF52-4693-A298-5A8AEC24EBBB}C:\program files (x86)\stepmania 4\program\stepmania.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stepmania 4\program\stepmania.exe |
"TCP Query User{81A7E3ED-CB3D-4E35-B305-2C0BC22B91EF}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8EE475A5-8E73-4A44-9DC1-4455718886AC}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{9130375B-BBA2-44F3-8D08-C3117B1A74CE}C:\windows\syswow64\ppshell.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\ppshell.exe |
"TCP Query User{9DDE309C-66E4-4AC6-8A2D-4DE310C3565C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{B8C0A789-18A0-4305-A4A6-03EBBCFFF605}C:\users\administrator\appdata\local\temp\_nowcdn_\nowdn_m.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\_nowcdn_\nowdn_m.exe |
"TCP Query User{BE3E081C-E777-40D7-AB18-04DD5C564172}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{C459BC0F-F9B0-4675-ABDD-D6EAC7D3DD52}C:\program files (x86)\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"TCP Query User{E56C8D8E-2B19-46FB-A1BA-28E06930443C}C:\users\steeb\utorrent.exe" = protocol=6 | dir=in | app=c:\users\steeb\utorrent.exe |
"UDP Query User{041BB963-B9C6-4CCA-8422-0F004095EDC2}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{29C94783-2931-4E0E-8D92-BBE7D6C25A84}C:\users\steeb\utorrent.exe" = protocol=17 | dir=in | app=c:\users\steeb\utorrent.exe |
"UDP Query User{347821FC-CBDF-49E6-B5A5-B1A1CB8AF080}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{375C4C3B-99C0-461B-AB82-3BB892BE8108}C:\windows\syswow64\ppshell.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\ppshell.exe |
"UDP Query User{3B1D8B09-8F50-4DDD-B86C-1A0547B377D5}C:\program files (x86)\steam\steamapps\razakdigital\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\razakdigital\counter-strike source\hl2.exe |
"UDP Query User{3E24D69E-C39E-480D-BB2C-F593C4867798}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{4B56E87F-D09D-4228-AB39-7396BCAA0B8E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{6D9A7A65-A88A-425E-BD90-220BD7A35C1E}C:\program files (x86)\stepmania 4\program\stepmania.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stepmania 4\program\stepmania.exe |
"UDP Query User{76AEAE19-8296-4264-A2EF-E6B73A0434F8}C:\program files (x86)\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvants\tvants.exe |
"UDP Query User{7B61E474-A58E-4E36-886C-C7D906CF0820}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{880AA795-9E1A-49D3-BB17-BD5210BB724E}C:\program files (x86)\peercast\peercast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\peercast\peercast.exe |
"UDP Query User{945B1247-B313-4A00-A09C-4385D9457397}C:\users\administrator\appdata\local\temp\_nowcdn_\nowdn_m.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\_nowcdn_\nowdn_m.exe |
"UDP Query User{963F1AFB-C295-4725-9E04-B2080FC589C4}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{A3FC8FA1-6024-47AC-BE33-65D025D2017D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A49ACDA9-ABFC-45EF-9637-F8A4670FFA60}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{52D530AD-5CCA-48dc-B6F0-6D14652B0291}" = AIO_CDA_ToolboxIni64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION @ふぉーむメイト
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = 네이트온
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{71C27D05-DFB4-4585-919E-631379695D72}" = Samsung PC Studio 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8482AFC6-FEB6-423E-91D9-FE0F2056B8E6}" = 한글과컴퓨터 뷰어 2007
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims?3
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E51E4E3E-62B9-4A99-868D-B05B2DA3F4BF}" = ILLUSION リアル彼女
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30229CA-F1D3-44B6-97C7-340CE42048B6}" = AION
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AhnLab Online Security" = AhnLab Online Security
"Artificial Girl 3" = Artificial Girl 3
"AVG8Uninstall" = AVG 8.5
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow [rev 3055] [2009-08-16]
"Final Fantasy VII_is1" = Final Fantasy VII - Ultima Edition
"Flv Audio Extractor_is1" = Flv Audio Extractor 1.04
"FLV Player" = FLV Player 2.0 (build 25)
"GoldWave v5.51" = GoldWave v5.51
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Haansoft HOffice 2007 Viewer Korean" = 한글과컴퓨터 뷰어 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"InstallShield_{F30229CA-F1D3-44B6-97C7-340CE42048B6}" = AION
"IssacWebProCMS_DE" = IssacWebProCMS_DE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MVApplication1" = Memorex exPressit Label Design Studio
"NaverSetup" = ??? ActiveX ???
"npn5" = nProtect Netizen SVC (remove only)
"RealAlt_is1" = Real Alternative 1.8.0 Lite
"SignGATE EWS" = SignGATE EWS v3.1
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"Software Informer_is1" = Software Informer 1.0 BETA
"Starcraft" = Starcraft
"Steam App 240" = Counter-Strike: Source
"StepMania 4" = StepMania 4 alpha 4 (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tple Download" = Tple Download
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"UnINISafeWeb6" = INISafeWeb 6.0
"UnINISafeWeb7" = INISafeWeb 7.0 (SFilter v1.0)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = My HP Games
"WildTangent wildgames Master Uninstall" = WildGames
"WinLiveSuite_Wave3" = Windows Live Essentials
"xOcean" = xOcean

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2675749234-114148314-774276932-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 PM

Posted 31 March 2010 - 06:02 AM

Hi, no need to try GMER, since you run 64 bit system, it won't run.

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    /md5start
    iastor.sys
    /md5stop
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 PM

Posted 08 April 2010 - 12:56 PM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:00 PM

Posted 17 April 2010 - 02:18 PM

Due to lack of feedback this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users